Users & Computers

On the Users & Computers page, you can view the whole tree structure of the domain while object information is shown on the right panel:

Type: Objects can be organizational units, groups, users, or computers.
Name: The name of an object (expect for OUs) will be represented in the following format:

Domain NetBIOS name\object name
Description: The note that describes the domain object.
DN: The DN (distinguished name) is the path of an object in the domain database. For example, if a user's DN is "CN=bach,OU=sales,DC=syno,DC=local", you can analyze its elements as below:
- CN=bach: The name of this user is "bach".
- OU=sales: This user belongs to the organizational unit "sales".
- DC=syno,DC=local: This user is in the domain "syno.local".
Status: If a domain object is activated, its status will be Normal. Otherwise, the status will be Disabled.

In the following sections, we will guide you through how to configure domain objects in Synology Directory Server.

1. Manage Organizational Units

An organizational unit (OU) is a container object within a domain to which you can add all types of domain objects, including users, groups, computers, and other OUs. OUs organize domain objects into a hierarchy, which is helpful when there are a large number of users, computers, and groups. With a well-designed OU structure, IT administrators can easily link group policies and delegate administrative tasks to specific domain objects.

To add an OU:

Go to the Users & Computers page.
Select the domain or an OU from the tree list, and click Add > Organizational unit.
Specify a name for the new organizational unit in the field, and click OK.
Right-click the parent container of the newly added organizational unit, and click Reload. The newly added organizational unit will then show on the tree list.

To add objects to an OU:

On the Users & Computers page, select an OU from the tree list.
Select one of the methods below to launch the creation wizard:
- Method 1: Click the Add button above the tree list and select a type of domain object from the drop-down menu.
- Method 2: Right-click the specified OU on the tree list. Go to Add and select an object type.
- Method 3: Right-click the blank space of the specified OU and select an object type to add.
Follow the instructions in the creation wizard to add the object.

Note:

You can drag and drop one or more objects to an organizational unit listed on the tree list.
The default view mode of directory only shows the objects not belonging to any organizational units. To view all users, groups, computers, and organizational units, select the root folder (named after your domain) from the tree list and click the magnifying glass icon in the upper-right corner. In the search bar, tick All descendants to display all objects.

To delete an OU:

Right-click the OU you wish to delete from the tree list and click Delete.
Click Delete again in the pop-up message to confirm the deletion. Please note that the deletion of OUs is irreversible.

2. Manage Groups

Domain groups allow IT administrators to grant permissions to access devices, applications, or other services deployed in a domain. You can place domain users into a group and then apply an access control list (ACL) to the group for a specific service.

To add a group:

Click Add > Group on the Users & Computers page.
Configure the new group on the Enter group information page.
Confirm the group information and click Apply.

To edit group properties:

Select the group you wish to edit, and click Action > Edit.
Edit the group properties at the corresponding tabs.
Click OK to save.

Note:

You can also edit a group by right-clicking a group on the Users & Computers page and then clicking on Edit.

To delete a group:

Select a group you wish to delete on the Users & Computers page, and click Action > Delete.
Click Delete in the pop-up message to confirm the deletion.

Note:

You can also delete a group by right-clicking a group on the Users & Computers page and then clicking Delete.
You can select multiple groups by pressing and holding the Ctrl or Shift key.
The deletion of groups is irreversible.

3. Manage Users

Users in a domain are user accounts that can access resources in the domain. Members of your organization can use their user accounts to access domain-integrated resources according to their permissions and privileges.

To add a user:

On the Users & Computers page, click a container from the tree list you wish to add users to. The container can be the container named after your domain (e.g., "SYNO.LOCAL"), the Users container, or an organizational unit.
Select User from the Add drop-down menu. The user creation wizard will be launched automatically.
Configure the new user on the Enter user information page. To enhance security, Force this account to change password at next login is automatically ticked by default. Kindly note that password strength requirements depend on the password policy configured on the Domain Policy page.
Select the groups to which the user belongs on the Join groups page.
Confirm the settings and click Apply.

Note:

To meet the password strength requirements, your password must comply with at least three of the following rules:

Uppercase letters of the Latin (including A - Z with diacritic marks), Greek, and Cyrillic alphabets.
Lowercase letters of the Latin alphabets (including a - z with diacritic marks), Greek, and Cyrillic alphabets.
Numeric characters (0 - 9).
Special characters, including #, $, !, etc.
Unicode alphabets, including those in Asian languages.

To import multiple users:

Besides adding one user at a time, you may also import multiple user accounts by following the steps below:

On the Users & Computers page, click a container from the tree list you wish to add users to. The container can be the container named after your domain (e.g., "SYNO.LOCAL"), the Users container, or an organizational unit.
Click Import users from the Add drop-down menu.
Tick the following options according to your needs:
- Overwrite duplicate accounts: Tick this option if you wish to replace the duplicate accounts with the ones existing in the user list.
- Send a notification mail to the newly created user: Tick this option to have the system send a message to the user notifying them of the new account. This option requires enabling system email notifications at Control Panel > Notification > Email.
- Display user password in notification mail: This option is available when Send a notification mail to the newly created user is ticked. Tick this option if you wish to display the password in the notification message.
- Force password change for imported users upon initial login: Tick this option if you wish to force imported users to change their password upon the initial login. This option adds extra protection to imported accounts.
Click Browse to select a .txt file to upload.
Confirm the preview is correct and click OK to import.

Note:

When you prepare a file to import, place each user account on an individual row. Each piece of information should be separated by a Tab key in the following order:

Username
Password
Description
Email
First name
Last name
Full name
Profile path
Login script
Home directory

The format of an import file should meet the following requirements:

The import file must be in UTF-8 format.
The order of columns must be correct (from left to right).
The imported passwords must comply with the password policy.
Each line of information must contain nine delimiters. If you wish to skip a piece of information (e.g., Description), you still need to enter a Tab key to separate the empty value from the next value (e.g., Email).

To edit user properties:

Select the user you wish to edit on the Users & Computers page, and click Action > Edit. You can select multiple users by pressing and holding the Ctrl or Shift key.
Edit the user properties at the corresponding tabs. For more information on the property settings of user accounts, please refer to the Note below.
Click OK to save the settings.

Note:

You can also edit a user account by right-clicking a user on the Users & Computers page and then clicking Edit. The Disable option (for disabling a user account) is also available when you right-click the user.
At the Account tab, you can configure the following settings:
- User login name: You can rename a user in this field.
- Login Hours: Click this button to customize a user's login hours. In the configuration window, click Deny or Allow and select grid cells. To select the entire day or hour in each day, click the day or hour. After arranging the schedule, click OK to save the settings.
- Usable Devices: Click this button to select which devices a user can access.
- Lock out this account: This option is enabled when an account is locked out because of account lockout policies. You can unlock a locked account by disabling this option.
- Force this account to change password at next login: This account will be asked to change the password upon next login to Windows or Synology NAS.
- Disallow the user to change password: This user will not be able to change the password on their own.
- Password never expires: The user's password will never expire. We suggest enabling this option only for administrators.
- Store passwords using reversible encryption: Enabling this option will compromise domain security. This option is not recommended unless demands of domain client services take higher priority over password security.
- Disable this account
- Require smart card for interactive login
- Disallow delegation of this sensitive account: Services on client devices of the domain will not be able to access resources on behalf of this account.
- Use DES encryption for this account: The credentials of this account will be encrypted through DES (Data Encryption Standard) during Kerberos authentication.
- Exempt this account from Kerberos preauthentication
At the Profile tab, you can configure the following settings:
- User Profile: The feature allows users to have a consistent desktop experience whenever they access a device deployed in the domain.
  - Profile path: The folder path which contains a user's profile, such as the Desktop, Document, and Picture folders. For detailed instructions on how to assign roaming profiles to domain users, please refer to this article.
  - Login script: A script is automatically executed when a user signs in to the Windows operating system. You can upload a Windows .bat file of 2 MB or less by clicking Upload File.
- Home Directory: This feature allows you to store users' data in a centralized location, making data protection more efficient.
  - Local path: Set a specific local folder as a home directory.
  - Connect...to: Set a specific remote shared folder on the Synology NAS as a home directory. The remote shared folder will be automatically mounted with a specific volume label by Windows if this option is selected. For detailed instructions on how to mount a network drive for domain users, please refer to this article.

To delete a user:

Select a user you wish to delete on the Users & Computers page, and click Action > Delete.
Click Delete in the pop-up message to confirm the deletion.

Note:

You can also delete a user account by right-clicking a user on the Users & Computers page and then clicking Delete.
You can select multiple users by pressing and holding the Ctrl or Shift key.
The deletion of users is irreversible.

4. Manage Computers

Computers in the domain created by Synology Directory Server can be workstations, servers, or NAS. This type of object can be deployed in the domain for users to access.

To edit computer properties:

Select the computer you wish to edit, and click Action > Edit.
Edit the Description for the computer.
Click OK to save the settings.

Note:

You can also edit a computer by right-clicking a computer on the Users & Computers page and then clicking Edit.

To delete a computer:

Select a computer you wish to delete on the Users & Computers page, and click Action > Delete.
Click Delete in the pop-up message to confirm the deletion.

Note:

You can also delete a computer by right-clicking the computer on the Users & Computers page and then clicking Delete.
You can select multiple computers by pressing and holding the Ctrl or Shift key.
The deletion of computers is irreversible.

Was this article helpful?

Yes ／ No