BookmarkSubscribeRSS Feed
thesasuser
Lapis Lazuli | Level 10

Hello All
I was trying to add users in bulk to the SAS metdata server.
I have followed this 
https://documentation.sas.com/?docsetId=bisecag&docsetTarget=n1066twnn593yhn1c24upayu4bvv.htm&docset...

In the case that users, groups and AD's are new it works flawlessly.
But when groups exist I get the errors.

 

Wanted to know if there is a way where we can add users to existing groups and Authentication domains.

 

I have gone through SAS documentation at https://documentation.sas.com/?docsetId=bisecag&docsetTarget=n0l2hp5m00a1z2n1b598q4pknfih.htm&docset...
and this https://documentation.sas.com/?docsetId=bisecag&docsetTarget=p0z36im6qsfk3ln1advg12dn5lls.htm&docset..... 

 

Looking for something simpler(Just a thought -  a change to mduimplb macro)

 

2 REPLIES 2
MichelleHomes
Meteorite | Level 14

Hi @thesasuser,

 

If you are looking for a simpler way to sync SAS identities with AD, Metacoda has a third party commercial plug-in to the SAS Management Console, named the Metacoda Identity Sync Plug-in that you may want to consider. This tool uses the SAS macros underneath. Have a look at the third link below to see architecture diagrams of how it works.

 

Some information can be found at:

 

Kind Regards,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com
PaulHomes
Rhodochrosite | Level 12

There are a couple of strategies that people use when they encounter identity sync errors relating to trying to add AD users/groups to SAS when they already exist (often manually added ones). The first is to delete the users/groups in SAS to make way for the identity sync process to recreate them. This is easy but is quite brutal and will destroy any metadata relationships those users/groups already have, including any access control that directly reference them. A better way is to link up the SAS user/group with the AD user/group by editing the external identity metadata for the user/group and adding in the id you have chosen for the sync process (i.e. distinguishedName, sAMAccountName, objectGUID etc). You can see an example screenshot of the SAS Management Console User Manager Edit External Identity Properties dialog in this blog post: https://platformadmin.com/blogs/paul/2016/03/identity-sync-finding-your-keys/

 

External Identity metadata seen in the SAS Management Console User Management Plug-in

 

If you have only a handful of these to add then the User Manager plug-in is the way to go. If you have lots then Metacoda also has a (commercial) External Identity Manager plug-in that can streamline this, including import/export from CSV files. We have helped some SAS customers automate this process for hundreds of users when setting up identity sync for the first time.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • 1483 views
  • 3 likes
  • 3 in conversation