cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
nverret
Frequent Visitor

Adding AD Security groups as Gateway Data source Users

Hi,

 

I'm trying to add an active directory security groups for a Gateway data source Users. When typing the groups name they are found, but when i try to add them to the users list i receive this error message: "These email addresses are invalid or duplicate: [GROUP NAME]"

 

Did i miss something?

 

 

Thanks!

1 ACCEPTED SOLUTION

Hi @nverret,

 

I think you need some mapping operations, please refer to below blog to know more about this:

Three Steps to Implement AD Security for an On-Premises Data Gateway

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

View solution in original post

9 REPLIES 9
Anonymous
Not applicable

Hi all

I'm also experiencing some issues with it.

It seems that the group needs to have the property: MailNickname with a valid email address.

The problem is we don't have exchange in the cloud and also I'm not syncing local AD to cloud AD, so when I want to create a security group with a command like this (note that the email address is invented not real)

New-AzADGroup -DisplayName "PBI_Lab_FCM" -MailNickname "PBI_Lab_FCM@myaccount.onmicrosoft.com"

I got the error:

New-AzADGroup : Invalid value specified for property 'mailNickname' of resource 'Group'.
At line:1 char:1
+ New-AzADGroup -DisplayName "PBI_Lab_FCM" -MailNickname "PBI_Lab_FCM@autologic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-AzADGroup], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.NewAzureADGroupCommand

So I cannot create a "classic" security group to be used with PowerBI Gateway 😞

It seems that when you create a group of type: Office 365 an email is automatically created for it (despite if you have or not exchange online). 

At this point, you will said: what is the problem to use security groups of type: Office 365?

The problem is that it creates a bothersome Workspace called same as the group name, where anybody can list it's members, and it is not desirable (and you cannot delete this Workspace).

Any ideas?

We also use AAD groups in Power BI workspaces and gateway entries, but don't start on me with O365 groups Smiley Sad. The only difference is that we create Mail Enabled Security Groups for this.
At this link I saw the following code, hope that helps:

New-DistributionGroup -Name "File Server Managers" -Alias fsadmin -Type security

 

Did I answer your question? Then please mark my post as a solution!
My blog: nickyvv.com



Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


Blog: nickyvv.com | @NickyvV


Anonymous
Not applicable

Thank you @nickyvv 


The problem with this is in order to create either a distribution list or a mail enabled security group it rely on exchange email functionality and we dont have it enabled in the cloud 😞

In both cases I got this error
image.png

I'm thinking that I have no other choice to use O365 groups with those annoying workspaces.

So a workaround is to leave the annoying workspace

image.png

But I cant' leave workspace 😞 it throws an error 

image.png

So if someone knows how to remove the users from this annoying workspace I will be very happy.

 

Many thanks.

just for the docs: situation in 2020 same --> you can add only gateway users via group if group is email-enabled or of type O365

Anonymous
Not applicable

Yep, 

We wonder why MS don't permit to use AD groups (not mail enabled) in Gateway Data Sources?

Hello @Microsoft, are you there? whats the problem with this?

v-shex-msft
Community Support
Community Support

HI @nverret,

 

AD users/group not available on power bi gateway, current it support Azure AD users and group.

 

Regards,
Xiaoxin sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

Hi @v-shex-msft,

 

Thanks for your reply.


Our AD users/Groups are synced to Azure AD with the AD Connect application. Since i am seeing the groups in the search box, i assumed those groups would be available to use.

 

Is this right?

Hi @nverret,

 

I think you need some mapping operations, please refer to below blog to know more about this:

Three Steps to Implement AD Security for an On-Premises Data Gateway

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

View solution in original post

That link is no more 😞

Helpful resources

Announcements
Power BI December 2021 Update_carousel 768x460.jpg

Check it Out!

Click here to read more about the December 2021 Updates!

Jan 2022 Dev Camp 768x460 copy.png

Power BI Dev Camp- January 27th, 2022

Mark your calendars and join us for our next Power BI Dev Camp!

UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!