- Centrally secures and manages identities of users, groups, and devices within an organization
- Automates and integrates identity and access control into IT operations
- Supports Active Directory group-based access controls
Synology Directory Server
Features
Specifications
- Domain functional level: Equal to Windows Server 2008 R2
- Samba version: 4.10
- Maximum objects support: 100,000
- Note: The actual figure depends on the capability of your Synology NAS
- Maximum groups that a user can join: 50
- Supports setting up one primary domain controller and secondary domain controllers:
- The primary domain controller must be a read-write domain controller (RWDC)
- A secondary domain controller can be either a RWDC or a read-only domain controller (RODC)
- Supports up to one RWDC
- Supports up to ten RODCs
- Supports domain migration from Windows Server 2012 R2 or earlier versions
- Supports domain clients running Microsoft Windows 7 and above, macOS, and Linux
- Supports roaming user profiles and home folder creation (learn more)
- Supports account single sign-on and Windows NTLM
- Supports TLS domain controller certification
- Supports custom NetBIOS domain names
- Supports audit logging
- Supports Hyper Backup and Synology High Availability for protection of configurations
- Sets group membership and policies via RSAT (learn more)
- Adopts Kerberos-based authentication
- Integrated with DNS Server to register DNS settings upon domain creation
- Increases account security via account lockout policies and password strength policies (e.g., expiration period, password length, and historical record comparison)
Limitations
- Supports a single domain only
- Distributed File System Replication (DFSR) is not supported
- The Active Directory module for Windows PowerShell is not supported
- Binding of LDAP client accounts is not supported
- After a domain is created, SMB signing will be enabled automatically, which may reduce read/write performance during SMB file transfer
- The secondary domain controller only works with domains created by Synology Directory Server
- Backups of Synology Directory Server 4.10.15-0244 and above versions cannot be restored on DSM 6.2
- Backups of Active Directory Server 4.4.5-0077 or earlier versions cannot be restored once the package is updated to Synology Directory Server 4.4.5-0086 or above. We recommend creating a new backup task for the updated package in Hyper Backup and running the task immediately
- The list of user accounts authenticated on a RODC can only be displayed when the RODC is joined to a Windows AD
- Windows Server that are deployed as RWDCs synchronize data to RODCs every five minutes