Centrally secures and manages identities of users, groups, and devices within an organization
Automates and integrates identity and access control into IT operations
Supports Active Directory group-based access controls
Specifications
Domain functional level: Equal to Windows Server 2008
Maximum objects support:
DSM UI operation: 2,000*
Windows RSAT operation: 20,000*
Note: The actual figure depends on the capability of your Synology NAS (learn more)
Maximum groups that a user can join: 50
Maximum concurrent connections: 2,000*
Supports domain clients running Microsoft Windows 7 and above, macOS, and Linux
Supports roaming user profiles and home folder creation (learn more)
Supports account single sign-on and Windows NTLM
Supports TLS domain controller certification
Supports custom NetBIOS domain names
Supports Hyper Backup and Synology High Availability for protection of configurations
Sets group membership and policies via RSAT (learn more)
Adopts Kerberos-based authentication
Integrated with DNS Server to register DNS settings upon domain creation
Increases account security via account lockout policies and password strength policies (e.g., expiration period, password length, and historical record comparison)
Limitations
Supports a single domain only
Supports a single domain controller only
After a domain is created, SMB signing will be enabled automatically, which may reduce read/write performance during SMB file transfer
Distributed File System Replication (DFSR) is not supported