- Domain Trusts and the SFO Client
- Posted by Dave Ireland on July 12th, 2005
Hi;
Does anyone have a definitive answer on the types of trust required when
installing the SFO Client into a domain other than the CRM domain? Does it
require a trust at all, and if so can it be a one-way (the CRM domain
trusting the non-CRM domain) or must it be a two-way?
I've read a lot of conflicting posts and have my own opinion, but just
wondering if there is an 'official' stance on this?
Thanks very much,
Dave Ireland
Salentica Systems Inc.
- Posted by Shawn Nulph on July 13th, 2005
Hi Dave~
You should be able to set up a one-way trust where the CRM domain trusts
the SFO users in the other domain. However in an organization that has
multiple Active Directory domains, Microsoft CRM Server is typically
installed on only one of the domains. Users assigned to the domains other
than the one where Microsoft CRM Server is installed may want to use
Microsoft CRM Server. To allow these users access to the computer running
Microsoft CRM Server, they must be added to the Microsoft SQL Server
security for the Microsoft CRM Server databases. To add users from other
Active Directory domains to the Microsoft CRM databases, add a prefix to
the domain user's name of those domain users being added to the Microsoft
CRM database security.
***Add users from other Active Directory domains***
1. Open Microsoft SQL Server Enterprise Manager.
2. Expand to Security/Logins for the SQL Server that contains the Microsoft
CRM databases.
3. Add <domainname>\<prefix>domain users as a login.
4. On the Database Access tab, select both the MSCRM and Metabase databases
and set the access level to the default
value.
5. Repeat for each domain.
Regards,
Shawn Nulph | Microsoft CRM | Microsoft Business Solutions
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===
Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada.
This and other support options are available here:
BCPS:
https://partner.microsoft.com/US/tec...rview/40010469
Others: https://partner.microsoft.com/US/tec...pportoverview/
If you are outside the United States, please visit our International
Support page:
http://support.microsoft.com/default...rnational.aspx.
================================================== ===
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2005 Microsoft Corporation. All rights
reserved.
- Posted by Peter Lynch on July 13th, 2005
Shawn
I think the question was to do with the domain the SFO computers are joined
to, not the user accounts.
that is- what trusts are necessary between CRM_Domain and the
SFO_Machines_Domain?
Peter
"Shawn Nulph" <snulph@online.microsoft.com> wrote in message
news:cjF9M77hFHA.3400@TK2MSFTNGXA01.phx.gbl...
- Posted by Dave Ireland on July 13th, 2005
Right, thanks Peter, and thanks Shawn.
as an example... Suppose I have an office in Canada with an AD domain and
the CRM installed into it. Most users access the CRM from inside the
Canadian domain, so life is simple. But if we open a new office in the UK,
with it's own domain (not part of the Canadian forest at all) and we would
like to let the UK users access our CRM using SFO, what level of Domain
trust would be required between Canada and the UK? It would be a one-way at
a minimum (the UK domain would have to trust the Canadian domain), but just
wondering if a 2-way is required (hoping not).
Thanks again gents.
Dave
"Peter Lynch" <peter.lynch@optevia.com.SPAMFREE> wrote in message
news:OKlrZT8hFHA.3256@TK2MSFTNGP12.phx.gbl...
- Posted by Mike Christl on July 15th, 2005
Hi All,
Thanks for the posts. My name is Mike and I am reponding on Shawn's behalf.
If your Organization has multiple Active Directory forests and your CRM
users will be spead throughout each forest you will need to pay special
attention to trusts between forests. The Active Directory domain that
hosts CRM must have an explicit trust to the domains in each forest that
will contain CRM users. (page 34 of the Implementation Guide).
I hope that this answers your question. If not please post back and we can
try again.
Kind regards,
Mike Christl
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and
confers no rights.
You assume all risk for your use. © 2005 Microsoft
Corporation. All rights
reserved.
- Posted by Shawn Nulph on July 19th, 2005
Hi Dave~
Sorry for the confusion with the user/machine domain accounts. If you are
only concerned about the trusts between the SFO client computer and the
domain the CRM server is installed into you will not need to have any
trusts setup. However, keep in mind, you will need to establish trusts for
any domains that the CRM users are part of if they are not included in the
CRM domain. Since users would not be able to log into their domain from the
client computer if no trusts were setup you would have to use Windows
Keyring in the Control Panel to add the user's login credentials for the
CRM server. Once that has been setup SFO should work.
Let me know if I answered your question correctly.
Regards,
Shawn Nulph | Microsoft CRM | Microsoft Business Solutions
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===
Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada.
This and other support options are available here:
BCPS:
https://partner.microsoft.com/US/tec...rview/40010469
Others: https://partner.microsoft.com/US/tec...pportoverview/
If you are outside the United States, please visit our International
Support page:
http://support.microsoft.com/default...rnational.aspx.
================================================== ===
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2005 Microsoft Corporation. All rights
reserved.
- Posted by Fredrik on August 25th, 2005
I've created a user and need to amend the domain name login - once the user
is saved I cannot amend this field. I cannot delete the user and if I
disable the account I cannot create another with the same name.
Can anyone suggest a work around for this or advise how to delete the users
account.
--
"Wrote by Fredrik"
"Shawn Nulph" wrote:
- Posted by Prasad on September 21st, 2005
Hi Shawn
I am facing problem installing SFO client from a machine in a
different domain then the CRM. My CRM is on ABC domain and the client PC is
on XYZ domain. There is no trust relationship between these doamins / domain
users. I am able to ping the CRM server. Now can you pls tell me
1. what kind of user trust relationship is needed between these domain /
domain users?
2. For adding the domain users to the CRM SQL server what prefix should be
added ? can I add any prefix? for e.g. is I have a USR1 on domain XYZ then
how should the user be added to the SQL SERVER
"Shawn Nulph" wrote:
