cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
nverret
Frequent Visitor

Adding AD Security groups as Gateway Data source Users

Hi,

 

I'm trying to add an active directory security groups for a Gateway data source Users. When typing the groups name they are found, but when i try to add them to the users list i receive this error message: "These email addresses are invalid or duplicate: [GROUP NAME]"

 

Did i miss something?

 

 

Thanks!

1 ACCEPTED SOLUTION

Hi @nverret,

 

I think you need some mapping operations, please refer to below blog to know more about this:

Three Steps to Implement AD Security for an On-Premises Data Gateway

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

View solution in original post

10 REPLIES 10
rafalkasa
New Member

I share with others missing link to Implement AD Security for an On-Premises Data Gateway

 

https://corebts.com/blog/ad-security-on-premises-data-gateway/ 

Anonymous
Not applicable

Hi all

I'm also experiencing some issues with it.

It seems that the group needs to have the property: MailNickname with a valid email address.

The problem is we don't have exchange in the cloud and also I'm not syncing local AD to cloud AD, so when I want to create a security group with a command like this (note that the email address is invented not real)

New-AzADGroup -DisplayName "PBI_Lab_FCM" -MailNickname "PBI_Lab_FCM@myaccount.onmicrosoft.com"

I got the error:

New-AzADGroup : Invalid value specified for property 'mailNickname' of resource 'Group'.
At line:1 char:1
+ New-AzADGroup -DisplayName "PBI_Lab_FCM" -MailNickname "PBI_Lab_FCM@autologic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-AzADGroup], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.NewAzureADGroupCommand

So I cannot create a "classic" security group to be used with PowerBI Gateway 😞

It seems that when you create a group of type: Office 365 an email is automatically created for it (despite if you have or not exchange online). 

At this point, you will said: what is the problem to use security groups of type: Office 365?

The problem is that it creates a bothersome Workspace called same as the group name, where anybody can list it's members, and it is not desirable (and you cannot delete this Workspace).

Any ideas?

We also use AAD groups in Power BI workspaces and gateway entries, but don't start on me with O365 groups Smiley Sad. The only difference is that we create Mail Enabled Security Groups for this.
At this link I saw the following code, hope that helps:

New-DistributionGroup -Name "File Server Managers" -Alias fsadmin -Type security

 

Did I answer your question? Then please mark my post as a solution!
My blog: nickyvv.com



Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


Blog: nickyvv.com | @NickyvV


Anonymous
Not applicable

Thank you @nickyvv 


The problem with this is in order to create either a distribution list or a mail enabled security group it rely on exchange email functionality and we dont have it enabled in the cloud 😞

In both cases I got this error
image.png

I'm thinking that I have no other choice to use O365 groups with those annoying workspaces.

So a workaround is to leave the annoying workspace

image.png

But I cant' leave workspace 😞 it throws an error 

image.png

So if someone knows how to remove the users from this annoying workspace I will be very happy.

 

Many thanks.

just for the docs: situation in 2020 same --> you can add only gateway users via group if group is email-enabled or of type O365

Anonymous
Not applicable

Yep, 

We wonder why MS don't permit to use AD groups (not mail enabled) in Gateway Data Sources?

Hello @Microsoft, are you there? whats the problem with this?

v-shex-msft
Community Support
Community Support

HI @nverret,

 

AD users/group not available on power bi gateway, current it support Azure AD users and group.

 

Regards,
Xiaoxin sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

Hi @v-shex-msft,

 

Thanks for your reply.


Our AD users/Groups are synced to Azure AD with the AD Connect application. Since i am seeing the groups in the search box, i assumed those groups would be available to use.

 

Is this right?

Hi @nverret,

 

I think you need some mapping operations, please refer to below blog to know more about this:

Three Steps to Implement AD Security for an On-Premises Data Gateway

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Anonymous
Not applicable

That link is no more 😞

Helpful resources

Announcements
Carousel_PBI_Wave1

2023 Release Wave 1 Plans

Power BI release plans for 2023 release wave 1 describes all new features releasing from April 2023 through September 2023.

Power BI Summit Carousel 2

Global Power BI Training

Make sure you register today for the Power BI Summit 2023. Don't miss all of the great sessions and speakers!

BizApps LATAM 2023

Business Application LATAM Summit 2023

Join the biggest FREE Business Applications Event in LATAM this February.

Power Platform Bootcamp

Global Power Platform Bootcamp

In this bootcamp we will deep-dive into Microsoft’s Power Platform stack with hands-on sessions and labs, delivered to you by experts and community leaders.

Top Solution Authors
Top Kudoed Authors