Create Groups via Active Directory

You can import Active Directory (AD) groups to create matching groups on Tableau Server, as well as a user for each member of an AD group that is not already on the server.

Note: In the context of user and group synchronization, Tableau Server configured with LDAP identity store is equivalent to Active Directory. Active Directory synchronization features in Tableau Server function seamlessly with properly configured LDAP directory solutions.

Each user is assigned a site role as part of the import process. If any of the users to be imported exist in Tableau Server, the site role assigned during the import process is applied only if it gives the user more access to the server. Importing users does not demote site roles.

Before you begin

Before importing groups, review User Management in Deployments with External Identity Stores to understand how multiple domains, domain naming, NetBIOS, and Active Directory user name format influence Tableau user management.

Import from AD to add a group

As part of adding a user group to Tableau Server, you import a group from Active Directory (AD). When importing a group, you first enter the group name to search for the group.

Entering a group name, by default, causes Tableau Server to perform a wildcard query (for example, *marketing*) against AD (or LDAP) to maximize the search results. If you're working against a large AD (or LDAP) identity store, you might experience a timeout before you can successfully select the group to import.

To help save time and avoid potential timeout issues during the import process, consider searching a group name using one of the following methods:

  • Exact match: The most efficient method for searching a group name, enter the exact group name by including quotation marks (") preceding and following the string you enter. For example, "marketing".

  • Partial match: Enter a part of the group name and include an asterisk (*) preceding and following the string you enter. For example, *ket*.

  • Begins with: Enter the beginning portion of the group name followed by an asterisk (*). For example, market*.

  • Ends with: Enter an asterisk (*) followed by the ending portion of the group name. For example, *ing.

Note: These methods also apply to how Tableau Server searches for users.

  1. In a site, click Groups, and then click Add Groups.

  2. Type the name of the Active Directory group you want to import, and then select the group name in the resulting list. Use one of the filtering methods above to improve performance.

    If you’re importing a group from the same AD domain that the server is running on, you can type the AD group name without the domain. The server’s domain will be assumed.

  3. Select the minimum site role for the users.

  4. (Optional) Select Grant role on sign in to provision new site roles and licenses when group users sign in. For more information, see Grant License on Sign In.

  5. Click the Import button.

Note: You cannot change the name of groups imported from Active Directory. The group name can only be changed in Active Directory.

Thanks for your feedback!Your feedback has been successfully submitted. Thank you!