Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
asok
Regular Visitor

Azure AD Connect, internal domains and effective user names

‎10-20-2015 06:13 AM

Hi,

I have a client with a tabular model that are now moving to Power BI for visualisation.

 

However, their active directory setup causes us problems. They have an internal domain "xyz.emea.int" and usernames like 12345. So logging in to their domain would be 12345@xyz.emea.int. Email addresses are more "user firendly", like bill.gates@companyX.se

 

We have installed the ssas power bi connector, as a test we created an ad user bill.gates@companyX.se and got it working. But that's not an option for the rest of the 300 existing users...

 

So, what we've so far is that we are syncronzing the email attribute  using Azure AD Connect (advise from local microsoft). However, effective user name is still sent as bill.gates@companyX.se to SSAS.

 

We can't change the internal logins from 12345@xyz.emea.int to bill.gates@companyX.se due to other systems relying on the structure, and also Power Bi is not important enough to restructure the entire AD.

 

How to we get Azure AD and Power Bi to translate bill.gates@companyX.se to 12345@xyz.emea.int?

 

Labels:
Message 1 of 9
1,830 Views
0
8 REPLIES 8
Greg_Deckler
Super User
Super User

‎10-20-2015 06:30 AM

Well, according to this:

https://support.powerbi.com/knowledgebase/articles/505324-troubleshooting-power-bi-analysis-service-...

 

 

Your username and domain name have to match between what is returned to Power BI and what is in your on-premises AD. So, you need the username to be 12345 and the domain to be xyz.emea.int.


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...
Message 2 of 9
1,826 Views
0
asok
Regular Visitor
In response to Greg_Deckler

‎10-20-2015 06:32 AM

But it also says that:

"If you used an .onmicrosoft.com email address with Power BI, you may need to set up DirSync between your on-premises Active Directory and Azure Active Directory. "

 

Which is what I am trying to do...

Message 3 of 9
1,824 Views
0
Greg_Deckler
Super User
Super User
In response to asok

‎10-20-2015 06:42 AM

Here is an article that goes further in-depth about that:

https://support.powerbi.com/knowledgebase/articles/546004-power-bi-analysis-services-connector-in-de...

 

 


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...
Message 4 of 9
1,820 Views
0
asok
Regular Visitor
In response to Greg_Deckler

‎10-20-2015 06:49 AM

Yes, I've read that. Doesn't help me though, unless I am missing out on something. Power BI still sends the external domain name (like onmicrosoft.com) to SSAS even though I am syncronizing with Azure AD.

Message 5 of 9
1,817 Views
0
Greg_Deckler
Super User
Super User
In response to asok

‎10-20-2015 07:33 AM

Well, it seems like what you ultimately want is for people to be able to login to Azure AD/Power BI with 12345@xyz.emea.int, which would then be able to resolve correctly with internal AD. In theory, and I am not a UPN expert, but you could create a local UPN for "CompnayX.se" so that people could logon locally as something like "12345@CompanyX.se". I don't see how "first.last@anything" is ever going to work, because that's not their username.

 

Ultimately, the problem seems to be a dirsync one in how you are mapping fields. You probably want to post something on TechNet to get this resolved. The easiest thing to do would be to sync "12345@xyz.emea.int" into the email address field of Azure AD so that users logon with that and then this should all work without the need of UPN's, etc., but I am not a dirsync expert either. A place to start would be:

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/

 

 

I think that the main issue is that Microsoft sort of assumes that if your on-prem domain is "domain.com" then your users logon with "username@domain.com" and that is also their email address. However, in the real world, this simply is not always the case.


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...
Message 6 of 9
1,806 Views
0
asok
Regular Visitor
In response to Greg_Deckler

‎10-20-2015 07:51 AM

Thanks, well yes it could definitely be a dirsync / azure ad connect issue. I'll try posting something there, hope they won't say it's a Power BI issue...  

 

In my experience, basically all big companies have their ad set up this way, based on best practices from ms 10-15 years ago 😃   

Message 7 of 9
1,801 Views
0
cwalch
New Member
In response to asok

‎01-15-2016 08:44 AM

Did you solve the problem, because it's the same that we have.

Message 8 of 9
1,693 Views
0
fbrossard
Advocate V
Advocate V
In response to cwalch

‎01-16-2016 03:11 AM

Do you know if your client is using ADFS?

In this case, check your ADFS / Azure AD settings http://goo.gl/NKdlJL

You can also take a look at the authentication policy settings http://goo.gl/yQgJ4r

Good luck.

Message 9 of 9
1,683 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All