Synology Directory Server

DSM Version

Synology Directory Server

Features

  • Centrally secures and manages identities of users, groups, and devices within an organization
  • Automates and integrates identity and access control into IT operations
  • Supports Active Directory group-based access controls

Specifications

  • Domain functional level: Equal to Windows Server 2008 R2
  • Samba version: 4.10
  • Maximum objects support: 100,000
    • Note: The actual figure depends on the capability of your Synology NAS
  • Maximum groups that a user can join: 50
  • Supports setting up one primary domain controller and secondary domain controllers:
    • The primary domain controller must be a read-write domain controller (RWDC)
    • A secondary domain controller can be either a RWDC or a read-only domain controller (RODC)
      • Supports up to one RWDC
      • Supports up to ten RODCs
  • Supports domain migration from Windows Server 2012 R2 or earlier versions
  • Supports domain clients running Microsoft Windows 7 and above, macOS, and Linux
  • Supports roaming user profiles and home folder creation (learn more)
  • Supports account single sign-on and Windows NTLM
  • Supports TLS domain controller certification
  • Supports custom NetBIOS domain names
  • Supports audit logging
  • Supports Hyper Backup and Synology High Availability for protection of configurations
  • Sets group membership and policies via RSAT (learn more)
  • Adopts Kerberos-based authentication
  • Integrated with DNS Server to register DNS settings upon domain creation
  • Increases account security via account lockout policies and password strength policies (e.g., expiration period, password length, and historical record comparison)

Limitations

  • Supports a single domain only
  • Distributed File System Replication (DFSR) is not supported
  • The Active Directory module for Windows PowerShell is not supported
  • Binding of LDAP client accounts is not supported
  • After a domain is created, SMB signing will be enabled automatically, which may reduce read/write performance during SMB file transfer
  • The secondary domain controller only works with domains created by Synology Directory Server
  • Backups of Synology Directory Server 4.10.15-0244 and above versions cannot be restored on DSM 6.2
  • Backups of Active Directory Server 4.4.5-0077 or earlier versions cannot be restored once the package is updated to Synology Directory Server 4.4.5-0086 or above. We recommend creating a new backup task for the updated package in Hyper Backup and running the task immediately
  • The list of user accounts authenticated on a RODC can only be displayed when the RODC is joined to a Windows AD
  • Windows Server that are deployed as RWDCs synchronize data to RODCs every five minutes