https://community.qlik.com/t5/Management-Governance/Trusted-Domain-Users-and-UDC/m-p/1423689#M11170 <HTML><HEAD></HEAD><BODY><P>I have users in two domains that need access to Qlik Sense. I am syncing one root AD group in domain A with my UDC. All users are members of this group through group nesting. Everything works fine within domain A.</P><P>I can even add domain B users to a nested group in domain A and they will be created in Sense.</P><P></P><P>However, none of the domain B users' group membership is brought in with it.</P><P>We are using custom properties mapped to an AD group to assign permissions in Sense so the users from domain B have no permissions.&nbsp; </P><P></P><P>Domain B users are direct members of group1 in Domain A that is a member (nested) of group2 that is synced with a Sense UDC. </P><P>We have a two-way transitive trust between the domains. </P><P></P><P>My question is, how do I get the UDC (AD/LDAP) to resolve the group membership of users in an external domain?</P></BODY></HTML> Mon, 18 Dec 2017 21:33:59 GMT lucienorrin 2017-12-18T21:33:59Z https://community.qlik.com/t5/Management-Governance/Trusted-Domain-Users-and-UDC/m-p/1423689#M11170 <HTML><HEAD></HEAD><BODY><P>I have users in two domains that need access to Qlik Sense. I am syncing one root AD group in domain A with my UDC. All users are members of this group through group nesting. Everything works fine within domain A.</P><P>I can even add domain B users to a nested group in domain A and they will be created in Sense.</P><P></P><P>However, none of the domain B users' group membership is brought in with it.</P><P>We are using custom properties mapped to an AD group to assign permissions in Sense so the users from domain B have no permissions.&nbsp; </P><P></P><P>Domain B users are direct members of group1 in Domain A that is a member (nested) of group2 that is synced with a Sense UDC. </P><P>We have a two-way transitive trust between the domains. </P><P></P><P>My question is, how do I get the UDC (AD/LDAP) to resolve the group membership of users in an external domain?</P></BODY></HTML> Mon, 18 Dec 2017 21:33:59 GMT https://community.qlik.com/t5/Management-Governance/Trusted-Domain-Users-and-UDC/m-p/1423689#M11170 lucienorrin 2017-12-18T21:33:59Z https://community.qlik.com/t5/Management-Governance/Trusted-Domain-Users-and-UDC/m-p/1423690#M11171 <HTML><HEAD></HEAD><BODY><P>Ok, so it turns out the users from domain B are not synced. It just so happens the users tried to access the hub and were created automatically in Sense.</P><P>The user account is still not associated (in Sense) with the groups in domain A they are members of.</P><P></P><P>Is this a limitation of LDAP?</P><P>It looks like external users are represented as ForeignSecurityPrincipals (SIDs) when using LDAP. </P><P></P><P>I would like to add this is ridiculously easy using powershell...</P><P></P><P><EM>Get-ADGroupMember -Identity &lt;Group&gt; -Recursive | select name</EM></P></BODY></HTML> Wed, 20 Dec 2017 15:00:47 GMT https://community.qlik.com/t5/Management-Governance/Trusted-Domain-Users-and-UDC/m-p/1423690#M11171 lucienorrin 2017-12-20T15:00:47Z https://community.qlik.com/t5/Management-Governance/Trusted-Domain-Users-and-UDC/m-p/1750253#M16762 <P>Hello Lucienorrin,</P><P>I have the same problem and I don't found the solution. Did you resolve it ?</P><P>Thanks</P> Wed, 07 Oct 2020 09:03:56 GMT https://community.qlik.com/t5/Management-Governance/Trusted-Domain-Users-and-UDC/m-p/1750253#M16762 paulcalvet 2020-10-07T09:03:56Z