1 Reply Latest reply on Jul 10, 2018 12:55 PM by Jeff Strauss

    Incorrectly Assigned Users in Trusted Domains

    Kevin Jennings

      Tableau Server 10.3.2 & 2018.1


      I am looking for feedback and a solution on a domain issue we found in our environment


      There is a domain that we are working to set up a two-way trust to be able to use it in the Tableau realm.  When we add users via AD from this second domain, they are being assigned to a different yet existing domain already recognized by Tableau.  I believe that this is due to both domains having the same first level qualifier in their name, which becomes the nickname when added.



      Existing: corp.comp1.com

      New: corp.comp2.com


      What I have seen is that when a new uid@domain user is added via AD, the Tableau app identifies the domain and adds it to the list of domains found in TABCMD LISTDOMAINS if it does not already exist.  At that time the first level qualifier is used to create the nickname for the new domain within the list.


      In this manner, the first user entry that got added from the comp1 domain created the nickname corp in our list.


      The attempt to add a new user from the second domain did not create an entry in the domain list.  The users were added via AD like before, but were assigned to the first existing domain (corp.comp1.com), and are given that identifier in the server's list of users.


      What I would like to do is...

           1)  Rename the existing nickname of the COMP1 domain to a holder value, like “CORP-X”. tabcmd editdomain --id 2 --nickname "new-nickname"

           2)  Add the COMP2 user that will trigger the second domain to be added.

           3)  When the second domain is added, and confirmed with “tabcmd listdomains”,  remove the COMP2 user.

           4)  Rename the nickname of the COMP2 domain to CORP-Y.  tabcmd editdomain --id 2 --nickname "new-nickname"

           5)  Rename the original nickname CORP-X to CORP.

           6)  Add the COMP2 users, confirming that they are assigned to CORP-Y.


      I found this article that closely addresses what we need, but I recognize the author’s concern for briefly breaking the domain link for the existing COMP1 users. 

      Tableau Server Changing Domains.


      Any thoughts on this?



      Kevin Jennings