Knowledge Center

Status

Set up Synology Directory service

When you launch Synology Directory Server for the first time, you will be prompted to set up your Synology NAS as a domain controller. Please follow the steps below:

Note:

  • Before installing Synology Directory Server, you can set up a Synology High Availability cluster to secure an uninterrupted directory service. For more information, please refer to the articles under Synology High Availability.
  1. Launch Synology Directory Server.
  2. Click Next to continue with the setup.
  3. Enter the following information and click Next:
    • Domain name: Enter an FQDN (Fully Qualified Domain Name) for the domain, e.g., "syno.local".
    • Workgroup: The workgroup name (or the NetBIOS domain name) will be automatically filled in this field. For instance, if your domain name is "syno.local", the default workgroup name will be "syno".
    • Password: Enter a password for the administrator account of your domain.
    • Confirm password: Enter the password again.
  4. Confirm the settings and click Apply. The system will now create the domain and promote your Synology NAS to be a domain controller.

Domain naming limitations

  • The domain name can only contain alphabetical characters, numeric characters, minus signs, and dots (only used as the delimiter of domain name's components).
  • The domain name must contain at least two components. e.g., "syno.local".
  • The domain name cannot start with a hyphen (-).
  • The domain name cannot end with a hyphen (-) or a period (.).
  • The maximum length is 255 characters.

Password limitations

To meet the password strength requirements, your password must comply with at least three of the following rules:

  • Uppercase letters of the Latin (including A - Z with diacritic marks), Greek, and Cyrillic alphabets.
  • Lowercase letters of the Latin alphabets (including a - z with diacritic marks), Greek, and Cyrillic alphabets.
  • Numeric characters (0 - 9).
  • Special characters, including #, $, !, etc.
  • Unicase Unicode alphabets, including those in Asian languages.

About SMB Signing

SMB Signing allows SMB communications to be digitally signed at the packet level. After a domain is created, this feature will be enabled automatically, which may reduce read/write performance during SMB file transfers. To enhance performance, please select Auto or Disable from the Enable server signing drop-down menu at Control Panel > Domain/LDAP > Domain > Domain Options.

To delete the domain:

On the Status page, please click Delete Domain to remove the domain managed by Synology Directory Server.
Note: The deletion of domain is irreversible.

To edit the IP address of domain controller:

Synology Directory Server is normally set up with a static IP address. For certain reasons, you may need to change the IP address of the Synology NAS that is running Synology Directory Server. Please follow the steps below:

  1. Back up Synology Directory Server with Hyper Backup.
    Note: For detailed steps to create a backup task, please refer to this article.
  2. Change the IP address of the Synology NAS.
  3. Confirm and update the resource records in DNS Server. For more information, please check the section Synology Directory Server and DNS Resource Records.
  4. Restart Synology Directory Server to update network settings. Please do the following:
    1. Go to Package Center > Installed > Synology Directory Server.
    2. Click the inverted triangle and select Stop.
    3. After Synology Directory Server is stopped, click Run to restart the package.

Synology Directory Server and DNS resource records

In order for Synology Directory Server to deliver services normally, all A/AAAA resource records in DNS Server must correctly point to the IP address of the Synology NAS. By default, all A/AAAA resource records will point to the IP address of the Synology NAS where a domain is created.

However, A/AAAA resource records may not properly point to the Synology NAS due to the following circumstances:

  • The Synology NAS undergoes a change in its IP address after the domain has been created with Synology Directory Server.
  • Synology Directory Server is restored through a backup task of the Hyper Backup package.

When encountering the cases mentioned above, please follow the steps below:

To check and update resource records in DNS Server:

  1. Go to DNS Server > Zones.
  2. Select the DNS zone being discussed such as domain name@Active Directory or _msdcs.domain name@Active Directory, and click Edit > Resource record.
  3. Check the IP addresses configured in the A/AAAA resource records. Make sure all the records point to your Synology NAS.
    Note: To batch edit, you can press and hold Ctrl or Shift to select multiple resource records of the same type but with different names.
Set up Synology Directory service
Synology Directory Server and DNS resource records