Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
nverret
Frequent Visitor

Adding AD Security groups as Gateway Data source Users

Hi,

 

I'm trying to add an active directory security groups for a Gateway data source Users. When typing the groups name they are found, but when i try to add them to the users list i receive this error message: "These email addresses are invalid or duplicate: [GROUP NAME]"

 

Did i miss something?

 

 

Thanks!

1 ACCEPTED SOLUTION

Hi @nverret,

 

I think you need some mapping operations, please refer to below blog to know more about this:

Three Steps to Implement AD Security for an On-Premises Data Gateway

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

View solution in original post

12 REPLIES 12
rafalkasa
New Member

I share with others missing link to Implement AD Security for an On-Premises Data Gateway

 

https://corebts.com/blog/ad-security-on-premises-data-gateway/ 

Anonymous
Not applicable

Hi all

I'm also experiencing some issues with it.

It seems that the group needs to have the property: MailNickname with a valid email address.

The problem is we don't have exchange in the cloud and also I'm not syncing local AD to cloud AD, so when I want to create a security group with a command like this (note that the email address is invented not real)

New-AzADGroup -DisplayName "PBI_Lab_FCM" -MailNickname "PBI_Lab_FCM@myaccount.onmicrosoft.com"

I got the error:

New-AzADGroup : Invalid value specified for property 'mailNickname' of resource 'Group'.
At line:1 char:1
+ New-AzADGroup -DisplayName "PBI_Lab_FCM" -MailNickname "PBI_Lab_FCM@autologic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-AzADGroup], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.NewAzureADGroupCommand

So I cannot create a "classic" security group to be used with PowerBI Gateway 😞

It seems that when you create a group of type: Office 365 an email is automatically created for it (despite if you have or not exchange online). 

At this point, you will said: what is the problem to use security groups of type: Office 365?

The problem is that it creates a bothersome Workspace called same as the group name, where anybody can list it's members, and it is not desirable (and you cannot delete this Workspace).

Any ideas?

We also use AAD groups in Power BI workspaces and gateway entries, but don't start on me with O365 groups Smiley Sad. The only difference is that we create Mail Enabled Security Groups for this.
At this link I saw the following code, hope that helps:

New-DistributionGroup -Name "File Server Managers" -Alias fsadmin -Type security

 

Did I answer your question? Then please mark my post as a solution!
My blog: nickyvv.com



Did I answer your question? Mark my post as a solution!

Blog: nickyvv.com | @NickyvV


Anonymous
Not applicable

Thank you @nickyvv 


The problem with this is in order to create either a distribution list or a mail enabled security group it rely on exchange email functionality and we dont have it enabled in the cloud 😞

In both cases I got this error
image.png

I'm thinking that I have no other choice to use O365 groups with those annoying workspaces.

So a workaround is to leave the annoying workspace

image.png

But I cant' leave workspace 😞 it throws an error 

image.png

So if someone knows how to remove the users from this annoying workspace I will be very happy.

 

Many thanks.

just for the docs: situation in 2020 same --> you can add only gateway users via group if group is email-enabled or of type O365

Anonymous
Not applicable

Yep, 

We wonder why MS don't permit to use AD groups (not mail enabled) in Gateway Data Sources?

Hello @Microsoft, are you there? whats the problem with this?

v-shex-msft
Community Support
Community Support

HI @nverret,

 

AD users/group not available on power bi gateway, current it support Azure AD users and group.

 

Regards,
Xiaoxin sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

Hi @v-shex-msft,

 

Thanks for your reply.


Our AD users/Groups are synced to Azure AD with the AD Connect application. Since i am seeing the groups in the search box, i assumed those groups would be available to use.

 

Is this right?

Hi @nverret,

 

I think you need some mapping operations, please refer to below blog to know more about this:

Three Steps to Implement AD Security for an On-Premises Data Gateway

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

Xiaoxin Sheng,

Is there another source for instructions for this solution?  As mentioned, the link you provided is not to a Microsoft origin and is no longer a valid link. Thank you if you can offer alternative instructions.

Anonymous
Not applicable

That link is no more 😞

Three Steps to Implement AD Security for an On-Premises Data Gateway

https://corebts.com/blog/ad-security-on-premises-data-gateway/

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors
Top Kudoed Authors