Solution for a NAS acting as "lightweight" active directory going wrong

[brandonkick]

A "previous client" (long and slightly confusing story) needs to get away from their Synology NAS and into a similar appliance of another brand.

Files hosted on the NAS would just "revert" to a prior state, randomly. Random files, random occurrences, random amount the files rollback (sometimes the files revert a few days, sometimes months). It all seems to happen to one particular departments files, and USUALLY mostly to one person but it will happen to other people as well. Sometimes file locks are randomly not cleared. Sometimes folks are given strange error messages about invalid credentials that just clear up after rebooting their machine (it may take several reboots). We even have a situation where one user will change their wallpaper, and it "replicates" to another users computer. Same two people, same direction each time... and it's not instant. It'll happen... some period of days to user B after user A changers their wallpaper.

I've got to the point where I felt I can no longer fairly serve them. I still do other non tech related work for this company though. I told them back in December I was going to be discontinuing the tech part of my services with them. I explained why. I also encouraged them to seek other solutions for this "NAS" situation. They have gotten quotes, but the reality of it is they do not plan to do that. I have expressed to them I cannot support this, but they need away from this synology setup. They are aware of the fact that regardless of what system they are using, if it goes belly up and they call me... odds are I can't get to them in any kind of reasonable time. Apparently, they are ok with that.

So, if you had to go away from Synology in this scenario which other competing product / appliance would you use and why. Their specific needs are to have a reliable, highly available data store with granular control regarding access. This department can see these folders, this person can see those folders, these folks are admin and can see anything... ect. The new NAS could potentially push it's backups to the existing Synology. And it would be great if there was an ability to have this new NAS back up to external hard drive. Major bonus points if it could push backups up to something like Amazon S3 / Glacier. Their budget is going to be around $1000 for an 8TB NAS solution that fits these requirements.

 

[HCHTech]

I have 30-or-so Synology units in the field at client sites, and haven't run into this problem. Wouldn't fixing the problem be preferable to just abandoning the platform and hoping for a better experience with something else? It's like selling your car because the spark plugs need changed. My 2 cents anyway. You don't say what troubleshooting steps were taken or their results, so it's really hard to suggest anything.

 

[Markverhyden]

I've never tried using Synology's Directory Server function and never will. In the past I've tried a couple of other *nix based AD "solutions" and they were always problematic. Given all the secret sauce stuff an OEM does, in this case MS, I'd only consider creating that environment with the real thing. But the good news is Azure AD does exist so maybe take a look at that.

 

[Sky-Knight]

I just read through that post... and none of it makes any sense.

Replicating wall papers? WTF does Synology have to do with that? Even if Synology is acting as a DC, that crap doesn't happen without external help. Roaming profiles do not set themselves up at random!

I think you've got users that have merged their Microsoft accounts and THAT is causing the issues. The solution is not a new NAS, the solution is a technical provider that's going to properly serve the customer. To start with, removing dependence on that local unit entirely and start use of Teams / Sharepoint.

Then the Synology can fall back to one of its best features, backing up the M365 tenant. It can also do the Google thing too if that's the stack they're based on. How I proceed here depends on where their email lives.

 

[nlinecomputers]

I just read through that post... and none of it makes any sense.

Replicating wall papers? WTF does Synology have to do with that? Even if Synology is acting as a DC, that crap doesn't happen without external help. Roaming profiles do not set themselves up at random!

I think you've got users that have merged their Microsoft accounts and THAT is causing the issues. The solution is not a new NAS, the solution is a technical provider that's going to properly serve the customer. To start with, removing dependence on that local unit entirely and start use of Teams / Sharepoint.

Then the Synology can fall back to one of its best features, backing up the M365 tenant. It can also do the Google thing too if that's the stack they're based on. How I proceed here depends on where their email lives.

This x100

 

[nlinecomputers]

I've never tried using Synology's Directory Server function and never will. In the past I've tried a couple of other *nix based AD "solutions" and they were always problematic. Given all the secret sauce stuff an OEM does, in this case MS, I'd only consider creating that environment with the real thing. But the good news is Azure AD does exist so maybe take a look at that.

Also this. Having a directory service in an office that only needs a NAS is gross overkill. If you really need some form of a roaming profile Office 365 Azure AD is the solution.

 

[Markverhyden]

Also this. Having a directory service in an office that only needs a NAS is gross overkill. If you really need some form of a roaming profile Office 365 Azure AD is the solution.

Yes. No where did @brandonkick indicate that AD, and its' associated functions, was needed. I just made the comment because the symptoms described mimic'd other comments I've seen in the past when people try using a *nix AD replacement. In the past they'd been fiddling with ACL's to try to make them behave like AD. But I think most recent efforts have implemented Kerberos and LDAP which is much closer to the real thing.

 

[nlinecomputers]

Yes. No where did @brandonkick indicate that AD, and its' associated functions, was needed. I just made the comment because the symptoms described mimic'd other comments I've seen in the past when people try using a *nix AD replacement. In the past they'd been fiddling with ACL's to try to make them behave like AD. But I think most recent efforts have implemented Kerberos and LDAP which is much closer to the real thing.

I based my comments on the symptoms described and yes spelling assume does apply. But it does sound like some hand stitched attempt to make a roaming profile. Wallpaper moving from machine to machine? Files changed back to previous versions? Sounds like some kind of file sync gone bad to me.

 

[Markverhyden]

I based my comments on the symptoms described and yes spelling assume does apply. But it does sound like some hand stitched attempt to make a roaming profile. Wallpaper moving from machine to machine? Files changed back to previous versions? Sounds like some kind of file sync gone bad to me.

From the Synology Directory Server page. As mentioned I've never messed with it.


Yes, I too know what assume spells. LOL!!!

 

[nlinecomputers]

 

[Sky-Knight]

And Roaming profiles have been a problem for a LONG time. They were replaced by redirected folders for a reason, and those subsequently replaced by Onedrive Sync for yet more reasons.

 

[brandonkick]

I have 30-or-so Synology units in the field at client sites, and haven't run into this problem. Wouldn't fixing the problem be preferable to just abandoning the platform and hoping for a better experience with something else? It's like selling your car because the spark plugs need changed. My 2 cents anyway. You don't say what troubleshooting steps were taken or their results, so it's really hard to suggest anything.

So I edited the post a few times before I submitted it, and in that I see I did manage to redact some useful information.


I've used synology's "help" several times including at least several forum posts, and a few calls in to tech support over the years. This has been ongoing a long time. Easily 4+ years though for a good span of that it was fairly quiet, maybe a half dozen times over the year a file might have got rolled back but with file versioning turned on an tuned on the synology, usually I was able to get everything back to a point where it was good and no work was lost.

The client has replaced computers. I've gone full nuke and pave on at least two or three of the users machines who had the largest / most frequent issues more than once.

There seems to be no common denominator. Computers have been replaced. Computers have been wiped and reloaded. The synology unit itself died (the 416+) and in turn replaced (with a 916+). All users use local user accounts on their machines. The only commonality between them all, is the synology and that some of the users share an 0365 subscription.

I guess I can see in some universe how the wallpaper "traveling" to another unrelated computer could potentially be because of the O365 subscription. Though I don't see how it would have anything to do with files rolling back when it's only used for access to the office suite of software (Word, Excel, ect...) period. It's not used for anything other that. They use rackspaces hosted email and one or two of rackspaces hosted exchange mailboxes.

 

[YeOldeStonecat]

Reading through the post, hard to determine "why" the glitch was happening, would have to roll up ones sleeves and peek into the microscope for a few days (expensive days).

But...also I'd not spend time investigating old tech. Sounds like a perfect scenario to migrate to something more modern, and better (x1000)..and easier, more secure, and less costly, and...and..(the reasons keep going),.

....migrate to 365 Biz Premium....enjoy OneDrive and Teams/Sharepoint, and better email.

 

[brandonkick]

I based my comments on the symptoms described and yes spelling assume does apply. But it does sound like some hand stitched attempt to make a roaming profile. Wallpaper moving from machine to machine? Files changed back to previous versions? Sounds like some kind of file sync gone bad to me.

So I edited the post a few times before I submitted it, and in that I see I did manage to redact some useful information.
I've used synology's "help" several times including at least several forum posts, and a few calls in to tech support over the years. This has been ongoing a long time. Easily 4+ years though for a good span of that it was fairly quiet, maybe a half dozen times over the year a file might have got rolled back but with file versioning turned on an tuned on the synology, usually I was able to get everything back to a point where it was good and no work was lost.
The client has replaced computers. I've gone full nuke and pave on at least two or three of the users machines who had the largest / most frequent issues more than once.
There seems to be no common denominator. Computers have been replaced. Computers have been wiped and reloaded. The synology unit itself died (the 416+) and in turn replaced (with a 916+). All users use local user accounts on their machines. The only commonality between them all, is the synology and that some of the users share an 0365 subscription.
I guess I can see in some universe how the wallpaper "traveling" to another unrelated computer could potentially be because of the O365 subscription. Though I don't see how it would have anything to do with files rolling back when it's only used for access to the office suite of software (Word, Excel, ect...) period. It's not used for anything other that. They use rackspaces hosted email and one or two of rackspaces hosted exchange mailboxes.


But there is no "hand stitched" attempt at a roaming profile. It's as simple as all of the company data lives on the synology and users are granted access to the parts they are entitled to / need to see and work with. Every user gets a unique credential. Groups and rights are properly set up on the synology. I simply create shortcuts to the network shares that each person needs access too to the synology, by using their unique credential. The other thing that gets done is that each users documents and desktop folder gets backed up to the synology nightly. This is because the owner is paranoid about data loss (despite the fact they don't want to fork over for someone who server work and support every day) and someone saving something outside the pre defined locations in the synology.

On two of the machines, for users which basically never have problems, I set up folder redirection for the documents and desktop folders to point them at the synology. This was an effort to do away with the software that they were using to push the backups to the synology each night from each workstation (Syncback). It worked just fine. No special software needed. Right click on desktop folder, configure the location. Same for downloads. They weren't interested in spending the money for my time to do it for all the other users though.

 

[nlinecomputers]

The only commonality between them all, is the synology and that some of the users share an 0365 subscription.

That right there is 100% a bad idea. Subscriptions need to be per user only ALWAYS.

 

[brandonkick]

Reading through the post, hard to determine "why" the glitch was happening, would have to roll up ones sleeves and peek into the microscope for a few days (expensive days).

But...also I'd not spend time investigating old tech. Sounds like a perfect scenario to migrate to something more modern, and better (x1000)..and easier, more secure, and less costly, and...and..(the reasons keep going),.

....migrate to 365 Biz Premium....enjoy OneDrive and Teams/Sharepoint, and better email.

I'll try selling that again.

The owner is has been adamantly against "the cloud" (cue scene from Rocky Balboa where Rock looks up and goes "what cloud?"). Though, it sure would seem to be as good a time as any to table it again.

 

[brandonkick]

That right there is 100% a bad idea. Subscriptions need to be per user only ALWAYS.

Really? Why?

To be clear, I'm not talking about like... buying one seat and having everyone "share" it.

I mean that we have seats for the users who need it, and the two users who see this weird wallpaper problem (A's wallpaper showing up as B's wallpaper a few days later) are both on this O365 subscription. Though none of the other people using O365 ever see A's wallpaper showing up on their machines.

 

[brandonkick]

Reading through the post, hard to determine "why" the glitch was happening, would have to roll up ones sleeves and peek into the microscope for a few days (expensive days).

But...also I'd not spend time investigating old tech. Sounds like a perfect scenario to migrate to something more modern, and better (x1000)..and easier, more secure, and less costly, and...and..(the reasons keep going),.

....migrate to 365 Biz Premium....enjoy OneDrive and Teams/Sharepoint, and better email.

The more I read this, the better and better is sounds. I looked up pricing on Microsoft's site and I think they may be willing to go for the $12.50 per user version. Gets em 1TB of onedrive data, teams, exchange, and the office suite. I agree they should go for premium, but at the cost differential I doubt they'll agree to it.

I wouldn't be reselling this to them or anything. I don't have any sort of reseller account or access to anything like that. I'd just be signing them up directly through the Microsoft site.


What would be involved for migrating their email from RackSpace (both Rackspace mailboxes and Rackspaces exchange mailboxes) over to Microsoft 365 for Biz?

 

[YeOldeStonecat]

The advantages of Business Premium are nearly endless.......I don't propose anything below it, I really don't want to have clients that do start with at least biz prem. Will involve too many headaches down the road, and overall management involves more because you don't have the controls...so things are more manually involved (aka time consuming) as you get asked to do things.
*Much more robust management of their computers....joining AzureAD, managing things through Endpoint Manager
*Managed antivirus is included....to need to purchase that elsewhere
*Much better spam/malware/anti phishing/anti impersonation filtering for email
*Malware protection of files in the cloud

As for how to migrate, there are good tools such as BitTitan.

 

[nlinecomputers]

The advantages of Business Premium are nearly endless.......I don't propose anything below it, I really don't want to have clients that do start with at least biz prem. Will involve too many headaches down the road, and overall management involves more because you don't have the controls...so things are more manually involved (aka time consuming) as you get asked to do things.
*Much more robust management of their computers....joining AzureAD, managing things through Endpoint Manager
*Managed antivirus is included....to need to purchase that elsewhere
*Much better spam/malware/anti phishing/anti impersonation filtering for email
*Malware protection of files in the cloud

As for how to migrate, there are good tools such as BitTitan.

THIS