Problems encountered with AD users and MyCloud users working on the same PR4100, need advise

I’m struggling with the setting up the PR4100 properly. The PR4100 disconnect the users a number of times causing us a lot of headaches. I hope someone with good experience in both the Active Directory and MyCloud could advise me the best practice on how to set up a data storage for a small business with 40 staff.

Here are the some of issues I faced:

  1. Setting a new user via the Active Directory in the windows is straightforward. However when I set the home folder for the user linking to the PR4100, it won’t auto create the folder for the user. I have to access to the WD Mycloud dashboard to manually create the folder to each user. Even then, the newly folder created must be set in Public mode. If I set to private, the windows would not able to link it and will direct the user’s new directory to the new folder within the server harddrive. For this reason, it is a must to be set in Public.

  2. Once setting the user to the intended folder in the PR4100 as prescribed in #1, I could not set the user folder to private in any future. If I do that, the user will receive a notice of user authentication failed and requested to enter the user id and password. When entering them, it always denied. When checked the security of the folder, it states that the owner has changed. Even the administrator of the active directory couldn’t access it. Only the admin of the PR4100 could access it via MyCloud.

  3. When AD users’ folders are set to public, creating new users (not part of the AD) via the MyCloud dashboard for the specific sharing such as photo or video, these users are able to view the AD users’ folders and access them via the MyCloud (Since the AD users’ folders were set to Public, the “User Access” cannot be edited as it is grey off due to the public sharing).

  4. Now if I change the AD users’ folders to private and only assign to the correct AD user to use, this private mode could prevent the MyCloud users from viewing the AD users’ folders, however, the problem as mentioned in #2 appeared to the AD users.

My real concern is the security. Setting up “public” for AD users may enable them to access their personal folders and can be controlled by the Administrator of the AD. But the weakness of the "public’ mode would allow the MyCloud users to view them and bypass the security set by the AD Administrator. This is a security issue as data from the AD users are mostly company’s files, which are not intended to leak out.

My question here is, are there ways to block access between the AD users and the MyCloud users without security breach or affecting the AD user authentication?

I hope you could understand my dilemma. I hope someone could advise me how to properly set up folders for the AD users and MyCloud users or anything I need to know

I really need help as describe above.

I have searched and found this support from the WD website My Cloud: Private Shares are Inaccessible (Access Denied) After Joining an Active Directory Domain

I have tried basically everything from read/write and read only combination as described in the link for private share. None of these works. It won’t allow the user to access to their folders. Basically not recognizing the user of the folder despite it is the same user.

Any suggestion?

I don’t have experience with Windows Server administration (or related features, such as AD), however I believe the PR4100 is expecting you to create a user from inside of its web UI (I have several users on my device, and by default when you create a new user, it creates a new, private home directory for them). It’s not automatic or very admin friendly, but if you don’t have a lot of users to add I believe this will solve your problem.

Of course, from there I don’t know if AD will be able to control shares or if the PR4100 will only recognize changes made from within its web UI again regarding access types. Some pre-created folders (“Public” for sure), will not allow for user-specific changes and can be removed if this poses a security risk (or is just a nuisance). I have RSAT/AD DC ready to be used on a networked system; a mock userbase could be created if there are remaining issues.

Did you join the PR4100 to Active Directory?

All Active Directory users and groups imported into the My Cloud will have the Deny permission by default

You will then be able to select the AD users from security settings of a folder in explorer and select an AD user rather than a local user. There will not be an AD vs. MyCloud user issues and rights would be managed on the folder level and the account selected will be an AD account. You should then make a Public Share where all user folders reside and then secure the rights via NTFS permissions.

If any of the MyCloud features are used, you are likely out of luck using AD users for that. Users would still have to have local accounts.

Good luck.

I am continuing to have problems with the PR4100. Basically, from my previous comments, I have to redo all the settings of the PR4100 and all the users permissions starting all new again by making new AD user profiles. Only then users can connect to the PR4100.

Here is the new case:
This morning, the PR4100 reboot by itself (we don’t know what the cause of the rebooting of itself). We waited for almost 3 hours to get it started. Once the rebooting completed… all our AD users were logging in to the server and they discovered that they were unable to access to their profiles. It came back to the square problems as mentioned in my previous comments - user authentication failed or user’s profile inaccessible.

We did not make any changes to the dashboard in regards to the public or private. The PR4100 booting itself when we came to work only to discover the booting.

I believe it is not the Windows Server problem. The Windows Server is continously looking for the profiles of the users. However, it seems the system of the PR4100 automatically makes changes within. When changes happened such as booting, public to private, private to public, it would alters the permissions, which causing the Windows Server unable to recognize.

I hope WD has a better solution to my problem. Time is money. Our operational shut down because of the PR4100 is unbearable.

Because I went through grief with out little pr2100, I’ll chime in. If I renamed the device, it freaked out, would reboot, and rename itself, if I recall correctly. It would also only work consistently with public shares. If joined to a domain it will pull the domain users and allow you to give them access, but no access is granted. I assume the credential failure is because the box doesn’t support sub-domains. What?? We use sub.xyz.com so this was a waste of money.

I gave up on it years ago, pulled the drives, and put them in an ubuntu box where I setup rsync to do what I needed. I’ve let this thing collect dust since.