Skip to main content

Configuring a Masking Connector to Work with an AD Account (KBA1820)





Troubleshooting Masking Connector with an AD account 

When defining the user using the default AD account the connector fails.

The following fails: "<DomainName>\<UserName>".

An example of the error message is:

Login failed for user 'ACME\Joey_Blogs'

The masking engine does not accept domain-user format. The Domain and User details need to be specified as properties for the masking connector. 

Solution: How to configure an AD Account 

To use an AD account follow these steps:

  1. On SQLServer
    • Be aware there are two types of Login: DB server level (under Login) vs. Instance DB instance level (under Security -> Users).
    • Ensure a regular local SQLserver user, eg. "delphixmasking", shows as SQLserver authentication under SSMS and successfully tests as the Delphix connector.
  2. On Windows SSMS: Check the AD account permissions:
    • Add access to the specific DB desired.
    • The default MSSQL Microsoft JDBC connector string needs additional information and parameters.
      • These can now be added as JDBC driver properties with the Basic connector.
      • Prior to version, the engine required adding additional parameters in the JDBC URL (using the Advanced connector).
  3. On Masking Engine: Configure a Masking Connector using the Advanced option.
    • Use the Basic connector.
    • Start by creating a text file that is either ascii or UTF-8 encoded containing the following lines:
    • Edit the domain line to specify your own AD domain.
    • Save as a file named Ensure you append the .properties extension to the file. It is required.
    • Upload the file for each the MSSQL connector on the masking engine.
    • After saving the properties file, using the View button confirm the properties are properly set.

Related Articles

Internal Links: 

External Links: