Best practice: Domain Controller or LDAP server?

Questions about using Windows AD service.
Post Reply
okrist
Getting the hang of things
Posts: 64
Joined: Mon Oct 31, 2011 6:02 pm

Best practice: Domain Controller or LDAP server?

Post by okrist »

Hello,

I have
- two NAS for a small user groups (around 10 users). The first NAS (TS-453 Pro) is the main file server.
- The 2nd NAS (TS-253 Pro) runs as a backup machine (real time sync and additionally backup with smart versioning). Both backup jobs are running with "copy ACL attributes" so that in case of a failure of NAS1 I can easily switch to NAS2.
- Additionally I have two HP OfficeJets saving scans directly to a network share and
- a password safe app that syncs it's file via WebDAV.
- NAS2 runs the Virtualization station with Windows 10 in it.
- NAS1 runs some Multimedia services.

Now my question is: What is the best option to have both NAS "under one umbrella"?

My painful trials:
1. My initial attempt was to run a domain controller on NAS1 (with a backup domain controller on NAS2). QNAP had a bug in their firmware so that ACL attributes were not copied properly and I had lengthily discussions their support who even told me to use an external directory server to sync users and groups.
2. After many months I switched to an external LDAP service (jumpcloud). I still had the issues with QNAP not being able to copy ACL attributes, but this is solved in the meantime - again after lengthily discussions with the support. Anyway this configuration seems to be very slow and some apps run into time outs, giving me authorization errors, block a scanner to log on (via SMB) etc.

So back to my question above these thoughts go through my mind:
A. Is the QNAP domain controller implementation now good enough to go back to this option?
B. Or is it better to use NAS1 as an LDAP server and NAS2 to sync with it?

What are your experiences and best practices? Thx a lot in advance.
TS-453 Pro, TS-253 Pro
QTS 4.4.3
deejinoz
Starting out
Posts: 24
Joined: Tue Nov 10, 2015 12:00 pm

Re: Best practice: Domain Controller or LDAP server?

Post by deejinoz »

Hi Okrist,

Well, the lack of responses to your request for help is, sadly, rather telling. It seems QNAP are a prosumer product company trying to gain credibility in the business market. Their three streams of OS: QTS (consumer), QuTS (prosumer) and QES (business) seem to handle these attempts, according to their intended market. I have no direct experience of QES but a fair bit of QTS and now some of QuTS and it appears QNAP are still struggling with their credibility in the business market, where the consumer and prosumer versions of heir OS are concerned. I was hoping their prosumer version would prove to be a tad better, in terms of reliability but I am getting the impression this is not the case and the more business oriented features, such as directory and name services are looking to be exactly the same as the consumer OS variants, which have always been buggy and bordering on not fit for purpose. AD, DNS and SMB sharing, especially where managing ACL privileges is concerned seems to be too unreliable and prone to being randomly killed by updates, to be counted on. My current recommendation for QNAPs is, until they are able to make these business level services operate in a more fitting/adequate manner for businesses to be able to reliably use them, QNAPs are best used as glorified network storage that is best used in its minimal functionality. For me, this means only as an iSCSI target, whenever possible and not involving anything more complex for the QNAP OS to try to handle, badly.

Would love to hear if you have had any wins or successes with your AD or LDAP, since posting, though. As all people that work in IT, we have to maintain a superhuman level of optimism, or lose our sanity, that these vendors will eventually do the right thing, so we can get on with delivering for our clients and not wasting our time fixing stuff that is not fit for purpose!
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Best practice: Domain Controller or LDAP server?

Post by dolbyman »

QuTS is not prosumer, it's just using ZFS vs ext as a filesystem..other OS features are basically the same.

Lack of response means that none of the users here knows the answer and QNAP does not come here ..so tickets should be opened when specific things cannot be answered by other endusers
Post Reply

Return to “Windows Domain & Active Directory”