TM1 Security through Active Directory

[appleglaze28]

Has anyone done connecting Active Directory to TM1 rather than using the basic security creation in TM1? I've successfully done it by connecting with Cognos BI security. However, if the security setting in the BI Server is down, TM1 won't work as well.

I tried it once but from what I understood in the installation guide, TM1 adopts the user of Active Directory but not the password setting, it creates a new random password.

[David Usherwood]

If you use AD for security, TM1 will not ask you for a user and password, but will log you in using your AD user credentials. The access within the server is still controlled by TM1 security. AD then takes care of password expiry and standards.

Iboglix provide a utility ETLDAP to refresh TM1 users from AD (or other LDAP source). I have heard of people making it work, but generally it doesn't. Where we've implemented integrated login we use a set of scripts and TIs to refresh users from AD.
With integrated logon turned on, the passwords in TM1 aren't used.

The Cognos integration arrived with 9.4. Integrated login has been around since 8.2.

[appleglaze28]

Can you give me any reference online on how to properly set AD Security in TM1 with regards with what you mentioned using TI to refresh the users?

I'd also like to do a follow up question regarding TM1 Security. With AD taking care of the password, does this disable the change password feature in TM1? or you can directly change your AD password through TM1?

[David Usherwood]

Google for DSQUERY and DSGET.
As the docs make pretty clear, AD handles authentication, so you change your pwd via AD. The TM1 pwd _isn't used_.