- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Hello All
I was trying to add users in bulk to the SAS metdata server.
I have followed this
https://documentation.sas.com/?docsetId=bisecag&docsetTarget=n1066twnn593yhn1c24upayu4bvv.htm&docset...
In the case that users, groups and AD's are new it works flawlessly.
But when groups exist I get the errors.
Wanted to know if there is a way where we can add users to existing groups and Authentication domains.
I have gone through SAS documentation at https://documentation.sas.com/?docsetId=bisecag&docsetTarget=n0l2hp5m00a1z2n1b598q4pknfih.htm&docset...
and this https://documentation.sas.com/?docsetId=bisecag&docsetTarget=p0z36im6qsfk3ln1advg12dn5lls.htm&docset.....
Looking for something simpler(Just a thought - a change to mduimplb macro)
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Hi @thesasuser,
If you are looking for a simpler way to sync SAS identities with AD, Metacoda has a third party commercial plug-in to the SAS Management Console, named the Metacoda Identity Sync Plug-in that you may want to consider. This tool uses the SAS macros underneath. Have a look at the third link below to see architecture diagrams of how it works.
Some information can be found at:
- https://www.metacoda.com/en/2015/05/metacoda-identity-synchronization/
- https://platformadmin.com/blogs/paul/2015/07/synchronizing-sas-platform-identities/
- https://metacoda.github.io/idsync-utils/
Kind Regards,
Michelle
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
There are a couple of strategies that people use when they encounter identity sync errors relating to trying to add AD users/groups to SAS when they already exist (often manually added ones). The first is to delete the users/groups in SAS to make way for the identity sync process to recreate them. This is easy but is quite brutal and will destroy any metadata relationships those users/groups already have, including any access control that directly reference them. A better way is to link up the SAS user/group with the AD user/group by editing the external identity metadata for the user/group and adding in the id you have chosen for the sync process (i.e. distinguishedName, sAMAccountName, objectGUID etc). You can see an example screenshot of the SAS Management Console User Manager Edit External Identity Properties dialog in this blog post: https://platformadmin.com/blogs/paul/2016/03/identity-sync-finding-your-keys/
If you have only a handful of these to add then the User Manager plug-in is the way to go. If you have lots then Metacoda also has a (commercial) External Identity Manager plug-in that can streamline this, including import/export from CSV files. We have helped some SAS customers automate this process for hundreds of users when setting up identity sync for the first time.