Hi, We recently had a server failure on our Domain Controller which was
unrecoverable and our backups for active directory failed to restore.

The CRM database and application are on a seperate server so is fully
intact. But we have lost the AD, which means no access.

My question is what is the best method if any to recover the CRM system?

I was hoping in version 3.0 this is possible as i know 1.2 was a nightmare
due to the security descriptors.

Am i able to reinstall and attach to existing database and apply CRM
customization?

Thanks,
Pete

Pete,

You're in luck, this shouldn't be that bad.... I just had to restore a
CRM system for one of my clients yesterday... (Side note: OK, so, full
disclosure, I was the one who deleted the entire Org Unit from AD...
Doh! When you are on a test server, it is still possible, using
Active Directory Users and Computers, to delete the PRODUCTION OU....
Within the AD tool, there is a folder that identifies the server you
are connected to (and you can easily change it). If that is set to the
production instance, and you delete it... nobody can log into the
production system... not a good thing)

Fortunately, the fix (for me at least) was pretty painless. This is
all I did:

1) Backup the MSCRM and METABASE databases (as the Redeployment Wizard
changes stuff), and also the ReportServer DB.
2) Uninstall CRM
3) Run the 3.0 Redeployment Wizard (on the CD, in the Redeployment
folder) I used the "Keep Current Users" option (the first one of four
on that page).
4) Reinstall CRM, attaching to existing databases. (I also had to
delete the ReportServer DB, and create a new one during install, as
evidently the uninstall gets rid of the ReportServer as well?)
5) Modify the installing user, as it gets reset to the Restricted User
Mode
6) Modify web.config to turn isv customizations on again.

That's it!

I was amazed, all of the isv.config.xml stuff was retained; all of the
customizations were in place; third party software all worked fine
without any reinstall... I even had one user who hadn't logged out of
CRM during this whole fiasco, and they just clicked on a new tab, and
were back in business!

By the way, we did this because the System State restore, which is the
only way to get AD back, also restores all kinds of other stuff, and we
were giving our Network Admin a headache, so we decided to try this...
Because we had just successfully used the 3.0 Redeployment Wizard to
copy the production instance to our test server... so we knew we had
all the data somewhere (and could just point users to that server if
nothing worked)... And I knew that using the 3.0 Redeployment Wizard
basically re-created the AD security stuff...

Now, I do have one concern that I'd love somebody to verify this is OK:
unlike in the 1.2 install days, the business units do not appear, nor
do all of the roles in each BU, in the AD structure. We even added a
new user, it all seems OK... Now, I know in 3.0 the security is now
driven by the database contents of the BU, Role, Team info, instead of
via security descriptors, and it is evidently truly all through the DB.
It seems that AD is now only used for signon authentication. When we
upgraded from 1.2 to 3.0, evidently those BU's and Roles remained in
the AD structure as legacy info. Now when we did this reinstall, they
are no longer there. Can anybody verify that with a clean 3.0 install,
you don't see the BU's in AD? Thanks!

I'll update this note if we find anything else today. I believe our
reports guru will have to republish the reports, but so far, so good...
Please let us know if this works for you Peter, thanks,

Dave

--> Get great auditing functionality within MSCRM at www.c360.com/Audit

--> Visionary sold the VAST technology to c360 - same great technology,
new great sales and support organization...

Peter wrote:

Thank you for such an indepth response. I am hoping to attempt this in the
next couple of days. I will re-post to this message to let you know how the
recover work and any issues i encountered. I'm sure there are other people
out there which will find it helpful.

Thanks.

"Dave Carr" wrote:

Dave,

You are correct, a clean install of v3 creates 3 or 4 security groups
in the OU you specify, you can even create them yourself, delegate the
CRM service user control of those groups then use a config install to
pick up those groups, negating the need for domain admin for install.

Derek


Dave Carr wrote:

Thank you, This worked perfectly.

For my scenario i used "Auto-Map Users" with Active Directory Account Name
during the reployment procedure.

Couple of things to note. You may recieve warnings when you install CRM. In
my case these could be ignored. Also the server will require a restart after
installation stage.

I would also recommend reading the redeployment document on the CRM cd.

Over the next week i will be reconnecting unsynchronised offline outlook CRM
clients. If i encounter any problems i will post the solutions here.

Thanks,

"Dave Carr" wrote:

I'm not sure what you meant here, and I think it could really help with my
own (very similar) issue... how do you "delegate the CRM service user control
of those groups then use a config install to pick up those groups"

I'm trying to create a test environment to try out the upgrade from 3 to 4,
and I just can't get it running.

"DerekH" wrote: