NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Switching from Local to AD accounts
Hi Everyone,
This might be a straightforward question, but I want ot make sure before I proceed.
We have a standard Windows Server 2008 R2 environment, a DC running AD, DNS and DHCP. The AD structure is already in place, OUs for computers, servers, users. User accounts, Groups, etc. Everything working perfectly fine.
Our RN516 is still using local account (this is becasue it was being used before the switch to AD) and I want to join it to the domain to be able to manage user account and permissions form a central location.
The NAS local accounts match the AD accounts names (name.lastname) and passwords. This allows authenticated users to browse the NAS and access files ans folders without having to enter credentials, since Windows will always try to use the domain account first, and since they match, it works.
However, the NAS local groups do not match the AD groups because it doesn't allow spaces in the name. A local group in the NAS would be named "Name-of-Department" and the same group in AD would be "Name of Department".
Several users also store personal files in their home folders (/data/home/name.lastname/)
Now, what would happen if I join the NAS to the domain in order to use the same user accounts and groups? I always set share permissions by group, so I keep everything as tidy as possible. I already read through this article: http://kb.netgear.com/23152/How-do-I-configure-Active-Directory-mode-on-my-ReadyNAS-OS-6-storage-system?cid=wmt_netgear_organic and this other one http://kb.netgear.com/7066/ReadyNAS-OS-6-Setting-Active-Directory-folder-permissions?cid=wmt_netgear_organic but they don't cover what happens when switching from local to AD accounts.
My questions are:
1. Are individual share permissions reset when enabling AD accounts, in order to set permissions through Windows Explorer?
2. Do the local accounts dissapear? If they do, what happens to user's home folders?
3. Will I be able to set permissions through Frontview or only through Windows Explorer? Not really critical though.
4. Will the local default admin account work? Or will it be replaced by the AD's administrator account?
My goal is to have permissions set by group for each share, so that every user has access to the shares available to their group. There might be the odd ocassion that and individual user might need access to a share outside of its group, but I can either put the user int he group or add the permissions for that particualr share.
I believe this is everything for now. Any help will be appreciated.
Thanks.
3 Replies
Replies have been turned off for this discussion
So, after giving it much thought, I think the best course of action would be:
- Set the permissions for all the shares to Everyone read/write
- Reset File Access for every share
- Backup all user home folders with data on them
- Delete all users and groups. This will effectively leave just the admin account and every share with full access
- Reboot
- Join the NAS to AD and sync user accounts
- Check that everything works
- Restore the files to each home folder (I assume home folders will be re-created for every account on AD)
- Set Sharing permissions from within Windows Explorer
- Cross fingers
I can schedule some dowtime and do all of this during a weekend. If you have any other ideas please share.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
