Active Directory is a directory used in Windows environments to centrally store, share, and manage a network's information and resources. It is a hierarchical data centre which
centrally holds information for users, user groups, and the computers for secure access management. The NAS supports Active Directory (AD.) By joining the NAS to the Active Directory, all the user accounts of the AD server will be automatically imported to the NAS. AD users can use their same login details to access the NAS. If you are using Active
Directory with Windows Server 2008 R2, you must update the NAS firmware to at least 3.2.0 to join the NAS to the AD.
Joining the NAS to Active Directory Manually
Follow the steps below to join the QNAP NAS to the Windows Active Directory.
1. Login to the NAS as an administrator. Go to "System Settings" > "General Settings" > "Time". Set the date and time of the NAS, which must be consistent with the time of the AD server. The maximum time disparity tolerated is 5 minutes.
2. Go to "System Settings" > "Network" > "TCP/IP". Set the IP of the primary DNS server as the IP of the Active Directory server that contains the DNS service. It must be the IP of the DNS server that is used for your Active Directory. If you use an external DNS server, you will not be able to join the domain.
3. Go to "Privilege Settings" > "Domain Security". Enable "Active Directory authentication (domain member)", and enter the AD domain information.
Note:
Enter a fully qualified AD domain name, for example, qnap-test.com
The AD user entered here must have administrator access rights to the AD domain. WINS Support: If you are using a WINS server on the network and the workstation is
configured to use that WINS server for name resolution, you must set up the WINS server IP on the NAS (use the specified WINS server.)
Joining the NAS to Active Directory (AD) by Quick Configuration Wizard
To join the NAS to an AD domain by the Quick Configuration Wizard, follow these steps: 1. Go to "Privilege Settings" > "Domain Security". Select "Active Directory authentication
(domain member)" and click "Quick Configuration Wizard". 2. Read the wizard introduction. Click "Next".
168
3. Enter the domain name of the domain name service (DNS.) The NetBIOS name will be automatically generated when you enter the domain name. Specify the DNS server IP for domain resolution. The IP must be the same as the DNS server of your Active Directory. Click "Next".
4. Select a domain controller from the drop-down menu. The domain controller is
responsible for time synchronization between the NAS and the domain server and user authentication. Enter the domain administrator name and password. Click "Join". 5. Upon successful login to the domain server, the NAS has joined to the domain. Click
"Finish" to exit the wizard.
6. Go to "Privilege Settings" > "Users" or "User Groups" to load the domain users or user groups to the NAS.
Windows 2003
The AD server name and AD domain name can be checked in "System Properties" in Windows. As an example, for Windows 2003 servers, if you see "node1.qnap-test.com" as the "Full computer name" on the system properties dialog window, the AD server name is "node1" and NOT "node1.qnap-test.com" and the domain name remains the same as qnap-test.com.
Windows Server 2008
Check the AD server name and domain name in "Control Panel" > "System" in Windows. In the system dialog window, the AD server name will appear as the computer name and the domain name can be found in the domain field.
Note:
After joining the NAS to the Active Directory, the local NAS users who have access rights to the AD server should use "NASname\username" to login. AD users should use their own usernames to login to the AD server.
For TS-x09 series NAS, if the AD domain is based on Windows 2008 Server, the NAS firmware must be at least version 2.1.2.
Windows 7
If you are using a Windows 7 PC that is not a member of an Active Directory, while your NAS is an AD domain member and its firmware version is earlier than v3.2.0, change your PC settings as shown below to allow your PC to connect to the NAS:
1. Go to "Control Panel" > "Administrative Tools". 2. Click "Local Security Policy".
3. Go to "Local Policies" > "Security Options". Select "Network security: LAN Manager authentication level".
169
4. In "Local Security Setting" select "Send LM & NTLMv2 – use NTLMv2 session security if negotiated" from the list. Then click "OK".
Verifying the settings
To verify that the NAS has successfully joined the Active Directory, go to "Privilege Settings" > "Users" and "User Groups". A list of users and user groups will be shown on the "Domain Users" and "Domain Groups" lists respectively. If you have created new users or user groups in the domain, you can click the reload button to add users and user group lists from the Active Directory to the NAS. The user permission settings will be synchronized in real time with the domain controller.
170