🚀 NAS – P3 Join Domain and Change DSM Synology Port Step by Step

🔎 Introduction

In this guide, we will walk through how to join Synology DSM to an Active Directory domain and change the default DSM management ports step by step. This is a critical configuration when deploying Synology NAS in a business environment where centralized authentication and enhanced security policies are required.

Joining DSM to a Windows Domain allows domain users to authenticate directly using their AD credentials. Changing the default DSM ports (5000/5001) improves security posture and helps avoid conflicts in complex network environments.

This tutorial is ideal for:

• IT administrators deploying NAS in corporate networks

• System engineers building centralized authentication environments

• Homelab users simulating enterprise infrastructure

• IT students practicing domain integration

⚠️ This guide assumes you already have:

• A working Synology DSM system

• A functional Active Directory Domain Controller

• Proper DNS configuration

🏢 Part 1: Join Synology DSM to Active Directory Domain

📌 Why Join a Domain?

Integrating DSM with Active Directory provides:

✔ Centralized authentication
✔ Simplified user management
✔ Group-based permission control
✔ Seamless SMB file access for domain users

🔹 Step 1: Verify Network and DNS Configuration

Before joining the domain, ensure:

• DSM uses the Domain Controller DNS server

• NAS and DC are in the same network or properly routed

• Time synchronization is correct (important for Kerberos authentication)

Go to:

Control Panel → Network → General

Confirm DNS is pointing to your Domain Controller.

🔹 Step 2: Open Domain/LDAP Settings

Navigate to:

Control Panel → Domain/LDAP → Domain

Click Join.

🔹 Step 3: Enter Domain Information

Fill in the following:

• Domain Name: yourdomain.local

• DNS Server: Domain Controller IP

• Account: Domain Administrator account

• Password: Admin password

Click OK.

DSM will attempt to contact the Domain Controller and join the domain.

If successful, you will see the status changed to:

“Domain: yourdomain.local (Joined)”

🔹 Step 4: Verify Domain Users and Groups

Go to:

Control Panel → User & Group

You should now see:

• Domain Users

• Domain Groups

You can assign shared folder permissions based on domain groups.

🔐 Best Practice After Joining Domain

✔ Create dedicated AD groups for NAS access
✔ Assign permissions to groups instead of individual users
✔ Avoid using Domain Admin for daily operations
✔ Test SMB access from a domain-joined Windows client

🌐 Part 2: Change Default DSM Management Port

By default, Synology DSM uses:

• HTTP → 5000

• HTTPS → 5001

Changing these ports enhances security and reduces automated scanning exposure.

🔹 Step 1: Open Login Portal Settings

Navigate to:

Control Panel → Login Portal → DSM

🔹 Step 2: Modify HTTP/HTTPS Ports

Change:

• HTTP Port (default 5000)

• HTTPS Port (default 5001)

Example:

• HTTP → 8080

• HTTPS → 8443

Click Save.

DSM will automatically restart the web service.

🔹 Step 3: Test New Port Access

Access DSM using:

Ensure:

✔ The page loads correctly
✔ SSL certificate is valid
✔ Firewall rules allow the new port

🔐 Firewall and Router Considerations

If your NAS is behind:

• pfSense

• MikroTik

• UniFi

• FortiGate

Make sure to update:

✔ NAT rules
✔ Port forwarding rules
✔ Firewall policies

If using reverse proxy, update the backend service port accordingly.

🛡 Security Recommendations

After changing DSM ports:

✔ Disable HTTP (force HTTPS only)
✔ Enable Auto Block
✔ Enable 2FA for domain users
✔ Use a valid SSL certificate
✔ Limit admin access to specific IP ranges

Changing ports alone is not full security — it is part of a layered defense strategy.

🏁 Conclusion

Joining Synology DSM to an Active Directory domain and modifying the default DSM ports are essential configurations in enterprise NAS deployment.

By integrating DSM with AD, you gain:

• Centralized authentication

• Simplified permission management

• Seamless domain-based file access

By changing default management ports, you enhance:

• Security posture

• Network flexibility

• Reduced exposure to automated attacks

This configuration is highly recommended for:

• Business environments

• Enterprise labs

• IT training systems

• Professional NAS deployments

In the next part of this NAS series, you can continue optimizing file services, permissions, and security hardening for production-ready deployment.