locked
Active Directory groups doesn't seems to work in PDS RRS feed

  • Question

  • Hi all,

    I've configured the dashboard and PAS to use windows authentication, it works fine for the users we add individually in dashboard studio,

    but it seems when I add an active directory group to the dashboard, it does not recognize the users under that group.

    for now we have to add each users individually.

    anyone had the same issue?

    cheers

    P.
    Friday, February 20, 2009 3:51 PM

All replies

  • dark_polar, I've seen this a few times.  Can you try installing the latest hotfix for the dashboard and see if that makes a difference?

    http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=1a9ae544-20cb-495f-b67e-a7e9036dc3ad

    If the problem persists after installing the hotfix then there's a problem with the LDAP queries to the DC.  A previous case was solved by re-imaging the server.  We can also get a support case open and dig into the problem.

    hth,
    Sean

    Microsoft ProClarity | This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, February 23, 2009 4:16 PM
  • Hi Sean,

    thanks for the reply.

    our dashboard already had this version 6.3.2214, but the group doesn't seem to work neither.
    I think there is a new release of dashboard hotfixes with the SP2 that will be released later. I'll give that a try as well.

    I was thinking, does the security provider has to be an admin of the domain?

    also, what do you mean about re-imaging the server? I'm not really a server admin,
    but I can ask our infrastructure team to do that if I have a rough idea what it is.

    cheers

    Paul



    Wednesday, February 25, 2009 10:53 AM
  • Paul, that is good that your dashboard is at the 2214 build.  The security provider that links the dashboard to a DC does not have to be an admin of the domain.. it can be a generic user account. 

    Re-imaging a server basically means reformatting/reinstalling windows.  This of course would be your last resort.  You could try editing your provider string to point to different domain controller, like this:

    LDAP://<DomainControllerName>:<port number>/DC=<DomainComponent>

    in your environment this might be LDAP://%DCFQDN%:389/DC=sales,DC=yourcomandy,DC=com

    I myself have only seen this a few times and both were resolved by re-installing windows on the server.  I didn't get to troubleshoot the LDAP queries so do you have the option of opening a support case where we can look at what's happening on the wire.

    Sean

     


    Microsoft ProClarity | This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, February 27, 2009 3:20 PM