Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!
Hi,
I'm trying to add an active directory security groups for a Gateway data source Users. When typing the groups name they are found, but when i try to add them to the users list i receive this error message: "These email addresses are invalid or duplicate: [GROUP NAME]"
Did i miss something?
Thanks!
Solved! Go to Solution.
Hi @nverret,
I think you need some mapping operations, please refer to below blog to know more about this:
Three Steps to Implement AD Security for an On-Premises Data Gateway
Regards,
Xiaoxin Sheng
I share with others missing link to Implement AD Security for an On-Premises Data Gateway
https://corebts.com/blog/ad-security-on-premises-data-gateway/
Hi all
I'm also experiencing some issues with it.
It seems that the group needs to have the property: MailNickname with a valid email address.
The problem is we don't have exchange in the cloud and also I'm not syncing local AD to cloud AD, so when I want to create a security group with a command like this (note that the email address is invented not real)
New-AzADGroup -DisplayName "PBI_Lab_FCM" -MailNickname "PBI_Lab_FCM@myaccount.onmicrosoft.com"
I got the error:
New-AzADGroup : Invalid value specified for property 'mailNickname' of resource 'Group'. At line:1 char:1 + New-AzADGroup -DisplayName "PBI_Lab_FCM" -MailNickname "PBI_Lab_FCM@autologic ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [New-AzADGroup], Exception + FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.NewAzureADGroupCommand
So I cannot create a "classic" security group to be used with PowerBI Gateway 😞
It seems that when you create a group of type: Office 365 an email is automatically created for it (despite if you have or not exchange online).
At this point, you will said: what is the problem to use security groups of type: Office 365?
The problem is that it creates a bothersome Workspace called same as the group name, where anybody can list it's members, and it is not desirable (and you cannot delete this Workspace).
Any ideas?
We also use AAD groups in Power BI workspaces and gateway entries, but don't start on me with O365 groups . The only difference is that we create Mail Enabled Security Groups for this.
At this link I saw the following code, hope that helps:
New-DistributionGroup -Name "File Server Managers" -Alias fsadmin -Type security
Did I answer your question? Then please mark my post as a solution!
My blog: nickyvv.com
Thank you @nickyvv
The problem with this is in order to create either a distribution list or a mail enabled security group it rely on exchange email functionality and we dont have it enabled in the cloud 😞
In both cases I got this error
I'm thinking that I have no other choice to use O365 groups with those annoying workspaces.
So a workaround is to leave the annoying workspace
But I cant' leave workspace 😞 it throws an error
So if someone knows how to remove the users from this annoying workspace I will be very happy.
Many thanks.
just for the docs: situation in 2020 same --> you can add only gateway users via group if group is email-enabled or of type O365
Yep,
We wonder why MS don't permit to use AD groups (not mail enabled) in Gateway Data Sources?
Hello @Microsoft, are you there? whats the problem with this?
HI @nverret,
AD users/group not available on power bi gateway, current it support Azure AD users and group.
Regards,
Xiaoxin sheng
Hi @v-shex-msft,
Thanks for your reply.
Our AD users/Groups are synced to Azure AD with the AD Connect application. Since i am seeing the groups in the search box, i assumed those groups would be available to use.
Is this right?
Hi @nverret,
I think you need some mapping operations, please refer to below blog to know more about this:
Three Steps to Implement AD Security for an On-Premises Data Gateway
Regards,
Xiaoxin Sheng
Xiaoxin Sheng,
Is there another source for instructions for this solution? As mentioned, the link you provided is not to a Microsoft origin and is no longer a valid link. Thank you if you can offer alternative instructions.
That link is no more 😞
Three Steps to Implement AD Security for an On-Premises Data Gateway
https://corebts.com/blog/ad-security-on-premises-data-gateway/