QNAP NAS Community Forum

The question is relatively straight forward but allow me to explain a little more.

I work for a research group at the university. As we need some additional storage we're setting up a QNAP NAS locally for our research group.
The IT department controls the Windows domain (and user management) centrally for the entire university and I'm just an employee with a regular domain user login.

Provided I have administrative access to a Windows PC on the domain (for several PCs I have this for maintenance), I can configure access control to that machine finding AD users/groups on the domain and specifying access (login, folders etc.).

I'm trying to determine if I can do something similar with a QNAP, meaning:

• Joining the QNAP NAS to the domain
• Not as a domain controller, but as a 'domain client'
• So without domain administrative rights
• To use existing domain users and groups for access right management on the NAS
• For convenience, so we don't need to create local NAS login for all the employees that need access to the NAS file shares

Is this possible or do you always need administrative domain rights to allow the NAS to use AD users/groups? The question also relates to QNAP LDAP authentication as I understand this is also possible in the university's domain.

My understanding of AD/LDAP/Windows domains is very limited, so I any feedback that could shed some light on the matter would be very welcome.

Thank you

Nope
What is the problem with using admin rights?

storageman wrote:Nope
What is the problem with using admin rights?

I don't have any
This NAS will not be managed by the IT department and for obvious reasons they don't share the administrative rights of their AD.

Could you elaborate why it doesn't work this way? What is the difference a domain Windows PCs?
Is it a Windows vs. Linux issue, or rather a limitation of QTS?

My apologies if these are stupid questions but I haven't found an good explanation about this topic.

Cheers

colicab wrote:

storageman wrote:Nope
What is the problem with using admin rights?

I don't have any
This NAS will not be managed by the IT department and for obvious reasons they don't share the administrative rights of their AD.

Could you elaborate why it doesn't work this way? What is the difference a domain Windows PCs?
Is it a Windows vs. Linux issue, or rather a limitation of QTS?

My apologies if these are stupid questions but I haven't found an good explanation about this topic.

Cheers

Once it's joined to the domain they don't need to manage it day to day. Neither is the domain admin password visible.
Just get them to join it to the domain.
https://www.qnap.com/en/how-to/tutorial ... rectory-ad

I could ask this but I think it would depend on what access the NAS will receive as a result.
For instance, I'm doubtful they will grant us this access if that means we can alter something.

So the question: could the NAS create users/groups (and even delete existing) once it's joined to the domain?
Or would this joining result in read-only access to the domain (this is what we want in the end)

Thank you again!

Cheers

You cannot create or delete domain users/groups without access to the domain admin password so effectively it is read only apart from share permissions.