Domain & Privileges

Active Directory Server, Windows ACL, and various powerful tools allow you to easily manage user accounts and file access privileges, without needing an IT professional to figure it out.

Built-in user account management

The native accounts management tools on DSM allow you to assign specific storage quotas, speed limits, and access privileges to individual users, or manage the accounts as groups. What's more, each account can also share files with other DSM users and have their own private "Home" folder without worrying about prying eyes.

Active Directory Server

Transform your Synology NAS to serve as a domain controller and streamline IT maintenance by creating policies to automatically install certain software or system updates on all of your employees' computers without the need to visit each one individually.

Windows AD and LDAP directory

Joining the established Windows AD or LDAP, DSM can be seamlessly integrated to your exisiting directory services.

Windows Active Directory


For companies that have established domain user accounts through Windows Active Directory (AD), DSM can join your Windows domain to integrate with your existing account system seamlessly, allowing users to access files and use DSM applications without the need to remember another set of usernames and password.

Likewise, Synology NAS can join an existing directory service as an LDAP client or act as an LDAP server itself with the Directory Server add-on package installed. Based on LDAP version 3 (RFC2251), your Synology NAS can become an account administration center of all connecting clients and provides authentication service for them.

Advanced privileges

You can set more specific permissions to files, assign quota limit to specific users or shared folders, and even allow application access from specific networks.

With Windows ACL, IT administrators can achieve file-based granular access control and allocate read, write, or administration permissions to different departments. This increases flexibility while maintaining high level of security.

DSM provides the flexibility to set data quota on individual user, volume, or shared folder. This is helpful to manage available storage space effortlessly when multiple teams or departments store files on the same Synology NAS server.

Access to applications and packages can be controlled by assigning different privileges to accounts, user groups, or IP addresses. You can also reserve the access to certain applications for local network. This raises efficiency in management substantially.

  • Windows ACL
  • Quota
  • Application privileges