This guide is for step-by-step instruction on how to create an UDC that fetches users from AD in the most common way: default Active Directory UDC.
For connecting AD using Generic LDAP connector, follow article How to connect to Active Directory using the Generic LDAP Connector
- Confirm current server is Central Node and Repository Service is running correctly.
- In order to confirm AD connectivity, download a 3rd party tool called "LDAP Admin" and run it on current server.
- In LDAP Admin, create a connection.
- For the detailed information, consult your Domain Administrator.
- Make sure the connection passes test.
- Once connected, go to Search > Custom > set "Path" to the top level > Input appropriate LDAP filter. Make sure there are some users fetched successfully.
- For any issues happening before this point, please contact Domain Administrator. For any issues happening after this point, please contact Qlik Support.
- [VERY IMPORTANT] Before moving forward, confirm if there is any RootAdmin assigned to a domain user in Qlik Sense.
- If there is, make sure that user appears in the search result of above filter otherwise it will be marked as inactive and could potentially lock users out from QMC.
- Also follow How to avoid the RootAdmin(s) from becoming inactive. But this step should not be relied on so please still make sure the filter fetches current RootAdmin.
- Go to QMC > User directory connector > Create new > Active Directory:
- Use following settings:
- Name: Give this UDC a user-friendly name
- Sync user data for existing users: Only uncheck this setting if you know the amount of users is reasonably low -- for instance, less than a thousand. If not sure, always keep it checked.
- Path: LDAP://["host" used in step 3]
- Username / password: Credentials used in step 3
- Additional LDAP filter: Filter used in step 5
- Hit Apply, go back and do a Sync. Confirm the Sync is successful.
- Go to QMC > Users > Filter by "User directory". Confirm the users are fetched.
- Note: if "Sync user data for existing users" is checked in step 8, this list might be shorter than expected. That is because UDC would not fetch the users who are not already in the list.
Again, for any issues happening before step 6, please contact Domain Administrator. For any issues happening after step 6, please contact Qlik Support.