Can I add a QNAP to a Windows domain as a regular domain user?

Questions about using Windows AD service.
Post Reply
colicab
Know my way around
Posts: 105
Joined: Thu Jul 29, 2010 4:17 pm

Can I add a QNAP to a Windows domain as a regular domain user?

Post by colicab » Fri Nov 10, 2017 3:47 pm

The question is relatively straight forward but allow me to explain a little more.

I work for a research group at the university. As we need some additional storage we're setting up a QNAP NAS locally for our research group.
The IT department controls the Windows domain (and user management) centrally for the entire university and I'm just an employee with a regular domain user login.

Provided I have administrative access to a Windows PC on the domain (for several PCs I have this for maintenance), I can configure access control to that machine finding AD users/groups on the domain and specifying access (login, folders etc.).

I'm trying to determine if I can do something similar with a QNAP, meaning:
  • Joining the QNAP NAS to the domain
  • Not as a domain controller, but as a 'domain client'
  • So without domain administrative rights
  • To use existing domain users and groups for access right management on the NAS
  • For convenience, so we don't need to create local NAS login for all the employees that need access to the NAS file shares

Is this possible or do you always need administrative domain rights to allow the NAS to use AD users/groups? The question also relates to QNAP LDAP authentication as I understand this is also possible in the university's domain.

My understanding of AD/LDAP/Windows domains is very limited, so I any feedback that could shed some light on the matter would be very welcome.

Thank you
TS-659 Pro+ (mod 2GB RAM) | QTS 4.2.6 build 20180531 | 6 * 6TB WDC WD60EFRX RAID6

User avatar
storageman
Experience counts
Posts: 4537
Joined: Thu Sep 22, 2011 10:57 pm

Re: Can I add a QNAP to a Windows domain as a regular domain user?

Post by storageman » Fri Nov 10, 2017 5:08 pm

Nope
What is the problem with using admin rights?

colicab
Know my way around
Posts: 105
Joined: Thu Jul 29, 2010 4:17 pm

Re: Can I add a QNAP to a Windows domain as a regular domain user?

Post by colicab » Sat Nov 11, 2017 3:39 am

storageman wrote:Nope
What is the problem with using admin rights?


I don't have any :-)
This NAS will not be managed by the IT department and for obvious reasons they don't share the administrative rights of their AD.

Could you elaborate why it doesn't work this way? What is the difference a domain Windows PCs?
Is it a Windows vs. Linux issue, or rather a limitation of QTS?

My apologies if these are stupid questions but I haven't found an good explanation about this topic.

Cheers
TS-659 Pro+ (mod 2GB RAM) | QTS 4.2.6 build 20180531 | 6 * 6TB WDC WD60EFRX RAID6

User avatar
storageman
Experience counts
Posts: 4537
Joined: Thu Sep 22, 2011 10:57 pm

Re: Can I add a QNAP to a Windows domain as a regular domain user?

Post by storageman » Mon Nov 13, 2017 4:52 pm

colicab wrote:
storageman wrote:Nope
What is the problem with using admin rights?


I don't have any :-)
This NAS will not be managed by the IT department and for obvious reasons they don't share the administrative rights of their AD.

Could you elaborate why it doesn't work this way? What is the difference a domain Windows PCs?
Is it a Windows vs. Linux issue, or rather a limitation of QTS?

My apologies if these are stupid questions but I haven't found an good explanation about this topic.

Cheers


Once it's joined to the domain they don't need to manage it day to day. Neither is the domain admin password visible.
Just get them to join it to the domain.
https://www.qnap.com/en/how-to/tutorial ... rectory-ad

colicab
Know my way around
Posts: 105
Joined: Thu Jul 29, 2010 4:17 pm

Re: Can I add a QNAP to a Windows domain as a regular domain user?

Post by colicab » Mon Nov 13, 2017 6:14 pm

I could ask this but I think it would depend on what access the NAS will receive as a result.
For instance, I'm doubtful they will grant us this access if that means we can alter something.

So the question: could the NAS create users/groups (and even delete existing) once it's joined to the domain?
Or would this joining result in read-only access to the domain (this is what we want in the end)

Thank you again!

Cheers
TS-659 Pro+ (mod 2GB RAM) | QTS 4.2.6 build 20180531 | 6 * 6TB WDC WD60EFRX RAID6

User avatar
storageman
Experience counts
Posts: 4537
Joined: Thu Sep 22, 2011 10:57 pm

Re: Can I add a QNAP to a Windows domain as a regular domain user?

Post by storageman » Tue Nov 14, 2017 7:32 pm

You cannot create or delete domain users/groups without access to the domain admin password so effectively it is read only apart from share permissions.

Post Reply

Return to “Windows Domain & Active Directory”