Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW

How to Filter Active Directory users when Synchronizing them with Qlik Sense Users

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
Andre_Sostizzo
Digital Support
Digital Support

How to Filter Active Directory users when Synchronizing them with Qlik Sense Users

Last Update:

Feb 10, 2021 8:29:57 AM

Updated By:

Sonja_Bauernfeind

Created date:

Jan 27, 2017 4:11:10 AM

This article have example steps on how to filter Active Directory users when Synchronizing them with Qlik Sense Users.  

For another example that uses "Active Directory Users and Computers" for testing filter strings, see Qlik Sense: Configuring and testing LDAP filters for User Directory Connector 

Prerequisite:

I. Qlik Sense Service account is a domain user and a member of local Administrators group.
II. Qlik Sense Administrator account is a domain user and a member of local Administrators group.
III. Create these domain groups with appropriate members

1) QSUserAccess
2) QSLoginAccess

NOTE: The administrator account should be the member of both groups
e.g.
QSUserAccess = {QSAdmin, User1, User2}
QSLoginAccess = {QSAdmin, User3}

1. QMC > Start > User directory connectors, Press Create new

User-added image
2. Select Active Directory

User-added image
3. Name=AD and press Apply

User-added image
4. Start > Tasks, Select AD_usersynctask, press Start

User-added image
5. Press 

User-added image [Refresh] icon and make sure the Status become Success

User-added image
6. Start > Users, click User-added image next to your user name (e.g. Administrator)

Make sure that both QSUserAccess group and QSLoginAccess group attributes are synced

User-added image
7. Use the Script attached to this article to get the LDAP filters
How to get LDAP filters for Active Directory groups
Run the script with PowerSchell


User-added image
Output <date>-<hostname>-GroupLDAPfilter.txt will be generated
User-added image
8. Compose the LDAP filter Syntax:

(|(memberOf=<QSUserAccess in step 7>)(memberOf=<QSLoginAccess in step 7>))

e.g.
(|(memberOf=CN=QSUserAccess,CN=Users,DC=domain,DC=local)(memberOf=CN=QSLoginAccess,CN=Users,DC=domain,DC=local))

See this article to create and test the filter by using 3rd party tool
Qlik Sense on Windows: Configuring and testing LDAP filters for User Directory Connecto

If your LDAP filter happens to exclude you, then you won't be able to access QMC. See this article to recover.
Admin Account Disabled After LDAP Filter Added

9. QMC > Start > User directory connectors, select AD, press Edit


User-added image
10. Enter these and press Apply
Name=AD
Sync user data for existing users = <Clear>
Additional LDAP filter = <Composed LDAP filter in step 8>


User-added image
11. Start > Tasks, Select AD_usersynctask, press Start


User-added image
12. Press User-added image [Refresh] icon and make sure the Status become Success


User-added image
13. Start > Users, Notice that User1, User2 and User3 are added


User-added image


Related Content:

Labels (1)
Version history
Last update:
‎2021-02-10 08:29 AM
Updated by: