QNAP Turbo NAS Software User Manual

Joining NAS to Active Directory (Windows Server 2003/2008/2012)

Joining NAS to Active Directory (Windows Server 2003/2008/2012)

Previous topic Next topic No directory for this topic  

Joining NAS to Active Directory (Windows Server 2003/2008/2012)

Previous topic Next topic Topic directory requires JavaScript JavaScript is required for the print function Mail us feedback on this topic!  

Active Directory is a Microsoft directory used in Windows environments to centrally store, share, and manage the information and resources on the network. It is a hierarchical data centre which centrally holds the information of the users, user groups, and the computers for secure access management. The NAS supports Active Directory (AD). By joining the NAS to the Active Directory, all the user accounts of the AD server will be imported to the NAS automatically. The AD users can use the same set of username and password to login the NAS. If you are using Active Directory with Windows Server 2008 R2, you must update the NAS firmware to V3.2.0 or above to join the NAS to the AD.


Joining the NAS to Active Directory Manually


Follow the steps below to join the QNAP NAS to the Windows Active Directory.

1.Login the NAS as an administrator. Go to "System Settings" > "General Settings" > "Time". Set the date and time of the NAS, which must be consistent with the time of the AD server. The maximum time difference allowed is 5 minutes.
2.Go to "System Settings" > "Network" > "TCP/IP". Set the IP of the primary DNS server as the IP of the Active Directory server that contains the DNS service. It must be the IP of the DNS server that is used for your Active Directory. If you use an external DNS server, you will not be able to join the domain.
3.Go to "Privilege Settings" > "Domain Security". Enable "Active Directory authentication (domain member)", and enter the AD domain information.



Enter a fully qualified AD domain name, for example, qnap-test.com
The AD user entered here must have the administrator access right to the AD domain.
WINS Support: If you are using a WINS server on the network and the workstation is configured to use that WINS server for name resolution, you must set up the WINS server IP on the NAS (use the specified WINS server.)


Joining the NAS to Active Directory (AD) by Quick Configuration Wizard


To join the NAS to an AD domain by the Quick Configuration Wizard, follow the steps below.

1.Go to "Privilege Settings" > "Domain Security". Select "Active Directory authentication (domain member)" and click "Quick Configuration Wizard".
2.Read the introduction of the wizard. Click "Next".
3.Enter the domain name of the domain name service (DNS). The NetBIOS name will be generated automatically when you type the domain name. Specify the DNS server IP for domain resolution. The IP must be the same as the DNS server of your Active Directory. Click "Next".
4.Select a domain controller from the drop-down menu. The domain controller is responsible for time synchronization between the NAS and the domain server and user authentication. Enter the domain administrator name and password. Click "Join".
5.Upon successful login to the domain server, the NAS has joined to the domain. Click "Finish" to exit the wizard.
6.Go to "Privilege Settings" > "Users" or "User Groups" to load the domain users or user groups to the NAS.


Windows 2003

The AD server name and AD domain name can be checked in "System Properties" in Windows. As an example, for Windows 2003 servers, if you see "node1.qnap-test.com" as the "Full computer name" on the system properties dialog window, the AD server name is "node1" and NOT "node1.qnap-test.com" and the domain name remains the same as qnap-test.com.


Windows Server 2008

Check the AD server name and domain name in "Control Panel" > "System" in Windows. In the system dialog window, the AD server name will appear as the computer name and the domain name can be found in the domain field.



After joining the NAS to the Active Directory, the local NAS users who have access right to the AD server should use "NASname\username" to login; the AD users should use their own usernames to login the AD server.
For TS-109/209/409/509 series NAS, if the AD domain is based on Windows 2008 Server, the NAS firmware must be updated to version 2.1.2 or above.


Windows 7

If you are using a Windows 7 PC which is not a member of an Active Directory, while your NAS is an AD domain member and its firmware version is earlier than v3.2.0, change your PC settings as shown below to allow your PC to connect to the NAS:

1.Go to "Control Panel" > "Administrative Tools".
2.Click "Local Security Policy".
3.Go to "Local Policies" > "Security Options". Select "Network security: LAN Manager authentication level".
4.Select the "Local Security Setting" tab, and select "Send LM & NTLMv2 – use NTLMv2 session security if negotiated" from the list. Then click "OK".


Verifying the settings

To verify that the NAS has been joined to the Active Directory successfully, go to "Privilege Settings" > "Users" and "User Groups". A list of users and user groups will be shown on the "Domain Users" and "Domain Groups" lists respectively. If you have created new users or user groups in the domain, you can click the reload button. This will reload the user and user group lists from the Active Directory to the NAS. The user permission settings will be synchronized in real time with the domain controller.


© 2015 QNAP Systems, Inc. All Rights Reserved.