Hi Kyaw,
I did it the following way for a customer:
1) You will need to precreate the five groups within your AD. There is no
need of having a own OU (Container, Organizational Unit) for them. Follow the
naming convention of your company or use the default namings from Microsoft
for the five groups. There is no need for your AD Admin to assign those
groups any permissions to a ressource. Also, there is no need to grant the
ServiceAccount controle over this groups.
2) Ask your AD Admin to add the domain account (SVC ServiceAccount) which
you will use to run the installation to the following groups (see Example).
Ask your AD Admin to add the AD computer object from the Application Server
(CRM Role) to the following groups (see Example).
Expl:
Type: 'Domain local Security'
UserGroup (SVC, USR)
ReportingGroup (SVC, USR)
PrivReportingGroup (SVC)
Priv UserGroup (CRM Role)
SQLAccessGroup (CRM Role)
3) create a 'Server XML Configuration File' for the installation and run the
setup
Expl.
<CRMSetup>
<Server>
<Groups AutoGroupManagementOff="true">
<PrivUserGroup>CN=PrivUserGroup,OU=MSCRMPilot,DC=y ourDomain,DC=com</PrivUserGroup>
<SQLAccessGroup>CN=SQLAccessGroup,OU=MSCRMPilot,DC =yourDomain,DC=com</SQLAccessGroup>
<UserGroup>CN=UserGroup,OU=MSCRMPilot,DC=yourDomai n,DC=com</UserGroup>
<ReportingGroup>CN=ReportingGroup,OU=MSCRMPilot,DC =yourDomain,DC=com</ReportingGroup>
<PrivReportingGroup>CN=PrivReportingGroup,OU=MSCRM Pilot,DC=yourDomain,DC=com</PrivReportingGroup>
</Groups>
</Server>
</CRMSetup>
Expl.
ServerSetup.exe /config yourConfig.xml
4) Now, whenever you want to add new user to the MSCRM, those users (USR)
have to be added first to the UserGroup and Reporting Group. You could also
nest another group instead of adding each user manual. When this is done,
you can create this users within MSCRM.
Your AD Admin has the full controle over these groups. Which is want he
wants to keep :-)
More Details here ->
http://www.microsoft.com/downloads/d...DisplayLang=en
Thanks
Regards
..ingo.
"Kyaw Zay Ya" wrote:
