AD Users in Multiple Groups

All questions pertaining to Windows Active Directory Service can go here
Forum rules
We've moved! Head over to Synology Community ( to meet up with our team and other Synology enthusiasts!
I'm New!
I'm New!
Posts: 1
Joined: Tue Mar 13, 2018 8:36 pm

AD Users in Multiple Groups

Unread post by packetboxer » Tue Mar 13, 2018 8:41 pm

Currently attempting to set group permissions for a RS3617RPxs with DSM 6.1.5-15254 before it goes in to production and replaces an aging DiskStation unit.

As we've recently deployed AD and we'd like to use AD for user/group management. The RS has been bound to our AD server and pulls user and group information successfully.

However, we running in to problems where users located in multiple groups are not able to access all folders for which they would be entitled to. For example, a user belongs in both IT and HR groups on AD (Domain\IT & Domain\HR) - however only one shared folder shows up. If the user is explicitly added to each folder (ie without using the groups for which they are members) the shares work correctly.

The mounting point (called shares for example) provides all Domain Users with read only access, groups specific folders have inherited permissions excluded and the appropriate group is given read/write (for example HR group and Administrators to the HR folder - 'Domain Users' was removed as it appeared as a default initially.)

Synology support has suggested it is not possible for users to be in multiple groups because of how RackStation handles permissions with AD. However this was not the impression we had during our discussions with Synology reps during pre-sale discussions.

Are we missing something here? Or is it not possible for users to be in multiple groups using AD and RackStation?

Posts: 43
Joined: Tue Apr 14, 2009 2:58 pm

Re: AD Users in Multiple Groups

Unread post by kdun » Mon Apr 16, 2018 2:56 pm

I am running into similar problems. Our Disk Station is connected to an LDAP server and certain users belong to 2 or more groups. Each group have their own shared folder (say A and B), but because one of the groups has been denied access to folder B, the user who belongs in both groups can not access fodler B, even though the other group he belongs to has read/write acces to that folder. I would like to solve this problem without any hacking if possible. But have no idea how to do that.


Return to “Windows AD Domain”