ReadyNAS 2120 v6.5.1 - Active Directory import error & setting AD file/folder permissions

I have a ReadyNAS 2120 v v6.5.1 firmware

I have recently tried to change to Active Directory authentication after long term use with local accounts only.

Now my users (Server 2012R2 Domain) want to have a share that they can access with the following rights.

Domain users have read only & Domain admins have read/write to a single share and have those rights flow down thru' the folder structure.... Sounds fairly simple.

I followed all the documents I could find and have run into a few issues.  I followed Netgear Article ID: 23152 to configure Activate Directory Authentication mode.

The ReadyNAS seems to join the domain OK, and I can browse it on the network BUT if I click on "Refresh ADS accounts" I get the dreaded "Import error".  Not sure if that is causing me an issue or not because all my users get the network share mapped correctly via group policy.

My issue comes when I try to set the file/folder permissions so that the domain users only have read only access.  I followed Netgear Article ID: 7066 as best I could but my Domain users keep inheriting FULL ACCESS.

Is there an updated article on setting AD share/folder rights.  There is no mention of whether or not you should disable "inheritance".  When I view the "Advanced" Security" Tab is see multiple occurances for Domain Users - Some with Full access, some with read only. If I disable inheritance and remove the Domain Users with Full Access and leave just the domain users with Read only, strange behaviour occurs when I go to test these rights.

Domain users can't create new files but can delete??? I can not work out how this is susposed to work. 

The following extract from the bottom of Article 7066 doesn't help either as it just confuses me..

Notes: The deny option does not work with ReadyNAS OS 6 the way you would expect it to work on a Windows Server. Once you have set up everything, always use a Windows client to modify permissions. Do not use the Advanced Permissions tab of the Shares to manage file access.

This should be quite simple??

What Am I doing wrong?