AD Users in Multiple Groups

All questions pertaining to Windows Active Directory Service can go here
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
I'm New!
I'm New!
Posts: 1
Joined: Tue Mar 13, 2018 8:36 pm

AD Users in Multiple Groups

Postby packetboxer » Tue Mar 13, 2018 8:41 pm

Currently attempting to set group permissions for a RS3617RPxs with DSM 6.1.5-15254 before it goes in to production and replaces an aging DiskStation unit.

As we've recently deployed AD and we'd like to use AD for user/group management. The RS has been bound to our AD server and pulls user and group information successfully.

However, we running in to problems where users located in multiple groups are not able to access all folders for which they would be entitled to. For example, a user belongs in both IT and HR groups on AD (Domain\IT & Domain\HR) - however only one shared folder shows up. If the user is explicitly added to each folder (ie without using the groups for which they are members) the shares work correctly.

The mounting point (called shares for example) provides all Domain Users with read only access, groups specific folders have inherited permissions excluded and the appropriate group is given read/write (for example HR group and Administrators to the HR folder - 'Domain Users' was removed as it appeared as a default initially.)

Synology support has suggested it is not possible for users to be in multiple groups because of how RackStation handles permissions with AD. However this was not the impression we had during our discussions with Synology reps during pre-sale discussions.

Are we missing something here? Or is it not possible for users to be in multiple groups using AD and RackStation?

Return to “Windows AD Domain”

Who is online

Users browsing this forum: No registered users and 1 guest