It would be interesting to have a video talking about the use of Synology in conjunction with Windows Server. For example, using the NAS as a secondary AD on Windows Server, and as a file server for sharing files on the stations.
Thanks for your video. I have a question: I have 5 DS918+ and I want create an Active Directory. It's possible to add 4 NAS member of this domain, with synchronisation for redundency when a domain controller crash ? Thanks.
Where is the GPOs stored? Lets say I log into a windows machine and use GPO to make or change a policy to the domain and I save it. Must that machine with the remote tools still be on for that new GP change to be pushed out?
Great video. Thanks. Setting up a small home office. Trying to get a linux box to authenticate against Synology Directory Service. Any guides that you have or know about?
Okay.. so this WAS working, but now I am not getting ANYTHING showing up under Administrative templates (other than "All settings).. any help or suggestions?
I am trying this now and i have a test pc connected to the domain. I have made users for family members and this works all fine. But now i want that every member has their own share and that that is automatically mounted as a drive when they log in. So kelly would have k:\ on every pc in our home she logs in to. I am doing something wrong because the k drive doesnt shows up.
Nice video, one comment, DO NOT edit your default domain policy, create new ones and link it to your default policy or you will have trouble down the line. Happy New Year :)
thank you. could you teach us the best way to deploy printers with GPO with synology AD server? it seems there are many ways to do. just not sure which is the best with Synology.
Hi Willie. Consider using ProcMon to show your subscribes how the GPOs change the policy nodes in the registry. Also show where the GPOs are stored on sysvol and in local cache etc. Describe policy vs preference. Can AD be secured with a cert as with a native implementation? Can you have more than one DC for replication and fail-over in the event of a loss with Synology? Will you cover Backup and recovery of AD as well as sysvol? Sorry, this is sort of my wheelhouse. Part of a team that manages client GPOs natively and with a third party tool. Including user profiles.
Hi Willie, great video & beard. QQ - In the scenario you show, what is the ongoing dependency of the desktop configured with RSAT tools? Is the desktop now activing as Domain Controller or is the Synology somehow importing all of those policies created via RSAT on the desktop and when the Desktop estate is joined to the Synology it receives those Policies without dependency on the desktop at all?
@@WillieHowe thanks for quick reply man. I get you about Synology only being capable of Password policy. We are using RSAT to configure advanced policy. My query is though the admin desktop is joined to Synology domain. When we use RSAT are we configuring advanced policy on Synology or are we configuring advanced policy on our admin desktop, essentially making the admin desktop either a DC in its own right, or a DC that Synology is deferring to.....Ideally i hope that RSAT is configuring advanced policy on the synology domain so that if i disconnect my admin desktop completely, other machines that are joined to Synology receive that advanced policy on log on.....Hope it makes sense mate.
Alright Willi - gonna have to address my old Windows 2012R2 servers - I really only use the servers for Authentication, DNS and DHCP and am wondering if one of these could replace my TrueNAS mini and W2012 servers - I'm wondering if the software is the same on all the synology servers? Can I buy a small cheap one to play with to see what it can do before investing in one to replace my TrueNAS mini.
I replaced our ancient server 2003 AD about 4 months ago. Have about 30 users. Been having no problems whatsoever!. Great alternative. Once in a while we do get roaming profile errors though.
This is the exact setup/size we need as well. Not sure if there has been any changes in the past 5 months to Synology AD, however, we too have 2003 AD and it is time to move forward. Current quote to upgrade to MS 2016 AD (including licenses, merging the 2003 to 2016, dreaded 32 bit to 64 bit headache, other time from our outside IT group, ie: turn key - $4500). I think it warrants research if Synology is an alternative. Not seeing anywhere there is an IMPORT function to move current AD stuff to Synology?
@@harthenry Yes, I am wondering the same thing. I see in Synology Active directory, there is a way to add what appears to be a *new* domain. I ultimately want to migrate way from Windows 2003 Active Directory (AD) domain, because that server has been running since 2006, but I have a secondary DC still running as well as (4TB) File & Print sever in my Win 2003 domain. Obviously, I don't want to lose the 2003 domain and AD environment that I already have. I need my Synology to be an AD server and a replacement for an old Windows 2003 File and Print server. Any feedback would be appreciated. Btw, I'm looking at Synology and QNAP NASs to try to meet these two goals (AD + FP). Thank you!
Hi Willie...im a usual customer of synology products...there are awesome in sharing duties, external backups, etc....but my biggest concern about using it like an Active Directory are their resources... they have limitation when we talk about specs...processors, memory, etc. In my opinion i will not use this schema in more than 15 users small office... what do you think about it.??
Hi Willie... as always.. great video! I have a suggestion for next videos...one would be to connect Synology NAS users with Windows server 2013/6 AD and second .. how to make Synbology NAS LUN server and connect it with Windows server 2013/6 and apply some vitrual disks for certain users/departments. Tx
Generally VLAN's should not affect your AD setup, other than in your DNS you may want to create reverse lookup zones for each subnet so you can resolve IP's to names. Other than that, a workstation on VLAN 1 should communicate with a AD server on VLAN 2 barring any Access Control List issues at the router in between.
Hi i like to see how to import an admx file for exaplme the admx file for chrome brwoser or FrontMotion Firefox Community Edition. Thanks alot for your videos!!!
FYI if you have any old Windows 7 Professional licenses lying around or On by Machine that you're not using anymore you can upgrade with that Windows 7 Pro product key for free
Samba does not have 100% support for everything that windows AD has . So maybe 2-3 years later when the company have grown and they have need of functions that samba doesn't support, well when they have to buy a full windows AD server anyway but now they they are stuck until the new windows server is in place. So what does not work? : GPO:s are not supported at 100% , some things work others does not. Just try to change the password policies, IT WILL NOT WORK. You can change them but they will not function. You will have to ssh to the samba server and set the changes with samba-tool in the console to make them work, that the only way. Now have the Synology team made some form of integration so that you can change password setting i that AD app so good on them . But that just show that samba is not a solution/project you can rely on for your company, Trust Support Does Samba AD Supports Trust Relationship? The trust feature is experimental and has several limitations, such as: SID filtering rules are not applied You cannot add users and groups of a trusted domain into domain groups. Why Is the Network Neighbourhood empty or Does Not Show All Machines in the Domain? The Samba AD DC smbd daemon does not support browsing. It is planned to add this feature. However, there are no development resources and thus no date when this feature will be included. No support for sysvol replication ,, that is something you have to setup yourself with rsync. And the list goes on and on ,, I would never recommend samba as a solution for a company. Samba work as a lab project to play around in and maybe as a backup ad server to an existing windows ad server, that's it.
Mysticsam86 those limitations you listed actually do sound pretty minor. Based on what you listed, I’m currently considering whether I was stupid when buying the windows server license.
@@MustermannAnybody So you dont mind if when you have to change something with gpo it will not work?! I would never want to have to rely on an application for my company were some things just doesn't work and if you read the projects web-page never seam to get fixed either. The problems i have listed have been nonfunctional sense the 4.0 release of samba ,, how many years ago was that again? I would want that samba was a replacement for windows but is just isn't. It is so sad.
Mysticsam86 I already have an application where some things work and some things don’t and updates randomly change which one does what: it’s called windows and Microsoft Office. So using a Samba AD won’t change much 😊 It is sad though to hear that there is little progress on the missing / non-working features.
It would be interesting to have a video talking about the use of Synology in conjunction with Windows Server. For example, using the NAS as a secondary AD on Windows Server, and as a file server for sharing files on the stations.
Thanks for your video.
I have a question: I have 5 DS918+ and I want create an Active Directory. It's possible to add 4 NAS member of this domain, with synchronisation for redundency when a domain controller crash ?
Thanks.
Where is the GPOs stored? Lets say I log into a windows machine and use GPO to make or change a policy to the domain and I save it. Must that machine with the remote tools still be on for that new GP change to be pushed out?
Looking for a guide on deploying admx templates via rsat tools for Synology Directory server
Nice job, this video still applies 2022.
Anyone know where to find the install file for Windows 7? Looks like the horrid Micro$oft has taken down all download links for the Windows 7 version
hi,
at profile>home directory. How to sett if a PC want to auto connect to mapping drive more than 1 mapping drive
Great video. Thanks. Setting up a small home office. Trying to get a linux box to authenticate against Synology Directory Service. Any guides that you have or know about?
Okay.. so this WAS working, but now I am not getting ANYTHING showing up under Administrative templates (other than "All settings).. any help or suggestions?
I am trying this now and i have a test pc connected to the domain. I have made users for family members and this works all fine. But now i want that every member has their own share and that that is automatically mounted as a drive when they log in. So kelly would have k:\ on every pc in our home she logs in to. I am doing something wrong because the k drive doesnt shows up.
Nice video, one comment, DO NOT edit your default domain policy, create new ones and link it to your default policy or you will have trouble down the line. Happy New Year :)
Do client gpo policies updated automatically?
Just installed this on my ds416play today and your tutorial helped me solve a couple of puzzles. Thanks!
Great Stuff! Been wanting to set up a domain like this for our little office for ages now but didn't dare doing it without any tutorials. Thx so much
Willie have you try remove computer after added it to Synology Active Directory.
thank you. could you teach us the best way to deploy printers with GPO with synology AD server? it seems there are many ways to do. just not sure which is the best with Synology.
Hi Willie. Consider using ProcMon to show your subscribes how the GPOs change the policy nodes in the registry. Also show where the GPOs are stored on sysvol and in local cache etc. Describe policy vs preference. Can AD be secured with a cert as with a native implementation? Can you have more than one DC for replication and fail-over in the event of a loss with Synology? Will you cover Backup and recovery of AD as well as sysvol? Sorry, this is sort of my wheelhouse. Part of a team that manages client GPOs natively and with a third party tool. Including user profiles.
Hi Willie, great video & beard. QQ - In the scenario you show, what is the ongoing dependency of the desktop configured with RSAT tools? Is the desktop now activing as Domain Controller or is the Synology somehow importing all of those policies created via RSAT on the desktop and when the Desktop estate is joined to the Synology it receives those Policies without dependency on the desktop at all?
Anything other the password policy has to use the RSAT tools.
@@WillieHowe thanks for quick reply man. I get you about Synology only being capable of Password policy. We are using RSAT to configure advanced policy. My query is though the admin desktop is joined to Synology domain. When we use RSAT are we configuring advanced policy on Synology or are we configuring advanced policy on our admin desktop, essentially making the admin desktop either a DC in its own right, or a DC that Synology is deferring to.....Ideally i hope that RSAT is configuring advanced policy on the synology domain so that if i disconnect my admin desktop completely, other machines that are joined to Synology receive that advanced policy on log on.....Hope it makes sense mate.
Please do not change the default group policy. It cannot be disabled later if a change goes awry. Best to create and link additional policies.
how do you add a network printer? last time I tried that, it did not work as it asked for the printer to be installed on the server
Question Willie, If there's multiple PC's on the network how to auto assign the Synology DNS rather than statically to all 50 machines.
@@WillieHowe so, setup DHCP via Synology DSM and disable on router side correct?
Can you restrict local login via Synology Directory server on Windows 10? And if so - where do we go to do that?
I still haven't seen whether or not you can migrate an existing domain and demote the server to keep continuity with your domain workstations.
Alright Willi - gonna have to address my old Windows 2012R2 servers - I really only use the servers for Authentication, DNS and DHCP and am wondering if one of these could replace my TrueNAS mini and W2012 servers - I'm wondering if the software is the same on all the synology servers? Can I buy a small cheap one to play with to see what it can do before investing in one to replace my TrueNAS mini.
Yes it can replace Windows servers depending on the environment.
Hey Willie,
is it possible to activate AD (setting up, testing) while still running a small business (accessing synology network drives)?
There is no possibility to set "Send expiration notification emails" for Synology AD users... Synology Directory Server don't have such option
How do I get an Ubiquity hat?
I replaced our ancient server 2003 AD about 4 months ago. Have about 30 users. Been having no problems whatsoever!. Great alternative. Once in a while we do get roaming profile errors though.
This is the exact setup/size we need as well. Not sure if there has been any changes in the past 5 months to Synology AD, however, we too have 2003 AD and it is time to move forward. Current quote to upgrade to MS 2016 AD (including licenses, merging the 2003 to 2016, dreaded 32 bit to 64 bit headache, other time from our outside IT group, ie: turn key - $4500). I think it warrants research if Synology is an alternative. Not seeing anywhere there is an IMPORT function to move current AD stuff to Synology?
@@harthenry Yes, I am wondering the same thing. I see in Synology Active directory, there is a way to add what appears to be a *new* domain. I ultimately want to migrate way from Windows 2003 Active Directory (AD) domain, because that server has been running since 2006, but I have a secondary DC still running as well as (4TB) File & Print sever in my Win 2003 domain. Obviously, I don't want to lose the 2003 domain and AD environment that I already have.
I need my Synology to be an AD server and a replacement for an old Windows 2003 File and Print server. Any feedback would be appreciated. Btw, I'm looking at Synology and QNAP NASs to try to meet these two goals (AD + FP). Thank you!
Hi Willie...im a usual customer of synology products...there are awesome in sharing duties, external backups, etc....but my biggest concern about using it like an Active Directory are their resources... they have limitation when we talk about specs...processors, memory, etc. In my opinion i will not use this schema in more than 15 users small office... what do you think about it.??
very cool. thanks !!!
Hi Willie... as always.. great video! I have a suggestion for next videos...one would be to connect Synology NAS users with Windows server 2013/6 AD and second .. how to make Synbology NAS LUN server and connect it with Windows server 2013/6 and apply some vitrual disks for certain users/departments. Tx
Excellent video Willie, starting 2019 with good content, i'm exciting about buy a sinology product
Hi Willie: HNY! Why is using the Administrator account bad practice, if it is still enabled? could you clarify please?
Seriously?
Dude, this has been great. Thank you very veeeery much!
Great Experience with your video , i was never expected , can you please let me know in case windows Cal required ?
a CAL is required for a WINDOWS server. This is not that. So my guess would be you would not need them.
Q: AD on vlans... I have multiple vlans directing to one active directory. Do I need forward lookup zones to each vlan? Sry for my English :D
Generally VLAN's should not affect your AD setup, other than in your DNS you may want to create reverse lookup zones for each subnet so you can resolve IP's to names. Other than that, a workstation on VLAN 1 should communicate with a AD server on VLAN 2 barring any Access Control List issues at the router in between.
Has anyone worked? On windows 10 it does not update computers with changes in GPO.
Hi i like to see how to import an admx file for exaplme the admx file for chrome brwoser or FrontMotion Firefox Community Edition. Thanks alot for your videos!!!
where is #2, 3 and so on?
Happy new year from Lisbon -Portugal
You can only join a domain whit a pro version of Windows
FYI if you have any old Windows 7 Professional licenses lying around or On by Machine that you're not using anymore you can upgrade with that Windows 7 Pro product key for free
very helpful, thank you.
When are you going to do your segment on UCRM? This was promised monthssssss ago....
Great Video....Tks
I'm commenting and liking this video for the beard. The AD in Synology is cool too.
Samba does not have 100% support for everything that windows AD has . So maybe 2-3 years later when the company have grown and they have need of functions that samba doesn't support, well when they have to buy a full windows AD server anyway but now they they are stuck until the new windows server is in place.
So what does not work? :
GPO:s are not supported at 100% , some things work others does not. Just try to change the password policies, IT WILL NOT WORK. You can change them but they will not function. You will have to ssh to the samba server and set the changes with samba-tool in the console to make them work, that the only way. Now have the Synology team made some form of integration so that you can change password setting i that AD app so good on them . But that just show that samba is not a solution/project you can rely on for your company,
Trust Support
Does Samba AD Supports Trust Relationship?
The trust feature is experimental and has several limitations, such as:
SID filtering rules are not applied
You cannot add users and groups of a trusted domain into domain groups.
Why Is the Network Neighbourhood empty or Does Not Show All Machines in the Domain?
The Samba AD DC smbd daemon does not support browsing.
It is planned to add this feature. However, there are no development resources and thus no date when this feature will be included.
No support for sysvol replication ,, that is something you have to setup yourself with rsync.
And the list goes on and on ,,
I would never recommend samba as a solution for a company.
Samba work as a lab project to play around in and maybe as a backup ad server to an existing windows ad server, that's it.
Mysticsam86 those limitations you listed actually do sound pretty minor. Based on what you listed, I’m currently considering whether I was stupid when buying the windows server license.
@@MustermannAnybody So you dont mind if when you have to change something with gpo it will not work?! I would never want to have to rely on an application for my company were some things just doesn't work and if you read the projects web-page never seam to get fixed either. The problems i have listed have been nonfunctional sense the 4.0 release of samba ,, how many years ago was that again?
I would want that samba was a replacement for windows but is just isn't. It is so sad.
Mysticsam86 I already have an application where some things work and some things don’t and updates randomly change which one does what: it’s called windows and Microsoft Office. So using a Samba AD won’t change much 😊
It is sad though to hear that there is little progress on the missing / non-working features.
Beard is great. For the record.
0:43
What kind of person would argue about having a beard?
Especially, if talking about tech channel!
Arrrrrrgh...