Reputation: 1
How to define what Active Directory is used when accessing PowerBI model
Our organization has merged two companies in the past. Company A merged into company B. Both companies had their own active directories and both active directories still exist. In the time since merging, the users from Company A have been migrated to Active Directory B so that all users exist on Active Directory B. However, legacy Company A users exist on both Active Directory A and Active Directory B with the same UserPrincipalName on both.
When a legacy Company A user attempts to connect to a PowerBI report, their username is returned as A\samAccountName (my guess is because A is alphabetically first. Company B users are able to access the report just fine). This is causing issues as the A\roles are not present on the report and cannot be added for various reasons.
How can we ensure that when a legacy Company A user accesses the PowerBI report/model, their userName is returned as B\samAccountName?
There is a new Azure server that solved this issue for some reports as it only interacts with the Company B active directory. That is not possible for all of our reports as some of the data in these reports exists only On Prem so we are relying on a fix that defines which Active Directory to check.
Upvotes: 0
Views: 27
Answers (1)
Reputation: 388
I think your PowerBI authentication infrastructure depends on SQL Server authentication model. If SQL Server is currently a member of Domain A, when users enter only username, it is normal that the returned account is in DomainA\User1 form.
For your requirement,
- There should be a Active Directory trust between domains and users from Domain B be given necessary right on the SQL Server, and users should connect as DomainB\user1
OR
- Your SQL Server should be moved to Domain B
When the trust is formed as you have mentioned, duplicate UPNs may give rise to problems, as a workaround you can add additional UPN suffix from Active Directory Domains and Trusts and update user principal names accordingly and have the users logon with their UPNs, but this option probably will require significant effort and unexpected application authentication issued may occur due to user's UPN updates.
Note: SIDHistory is another key factor.
If all users at DomainB uses PowerBI - SQL Server resources at DomainB then it is more logical to move the resources to DomainB.
Upvotes: 0
Related Questions
- SSRS to PowerBI - Can I deploy dashboards from on-prem db that users can access with PowerBI Free
- How to use %username% variable in Active Directory user paths using C#?
- How to acess Azure Server via organizational account or active directory
- Why is full name used for DN in Active Directory?
- What are the differences between LDAP and Active Directory?
- Active Directory authentication WCF service for multiple domains - how?