Required AD permissions

Required AD permissions: Posted by Morten on March 17th, 2006; Hi!

Does anyone know what objects CRM needs to be able to acces in the AD for
the system to work?

I have installed the CRM server in 2 different ADs. In one it works (I can
open the web site and administer users via the web interface or user
manager). When it's installed in the other AD I run into all sorts of
permission problems. No users can log onto the web site (not even the domain
admin) and the user manager can't display any users. I get a permission
denied.
The AD that isn't working is designed to host a number of different
companies and the permissions have been set to disallow users in one company
to see users in other companies. I'm sure that this is the cause of the
permission errors but I can't find any guides that state which groups and
OUs the CRM server needs to be able to access and what permissions are
aboslutely essential for it to work.

Can anyone shed some light on this?

Thanks in advance

Morten; Posted by Ian S. on March 18th, 2006; Hi Morten,

That used to be true in CRM 1.2 but AFAIK, in CRM 3.0 AD is basically used
to authenticate the user of the system. All the roles and privileges are not
saved in the database and still the setup and configurations would be within
CRM application.

Of course you have to uncheck the Restricted access mode on the
administrator user first for you to be able to see everything.

HTH.

"Morten" wrote:; Posted by Morten on March 18th, 2006; Well - as I mentioned there are definitely some differences regarding
permissions depending on how the AD is set up. I've made similar setups in 2
different ADs. One works, the other one (with tighter permissions) doesn't.

Morten

"Ian S." <IanS@discussions.microsoft.com> wrote in message
news:CCED0D4B-5BB0-44D6-8041-9C93E4B8C303@microsoft.com...; Posted by Jay Grewal [MSFT] on March 21st, 2006; Hi Morten,

In the domain where it isn't working, is the error you receive in the web
application an IIS error or a CRM error? Are you receiving something like a
401 Unauthorized or are you receiving a CRM error about user
permissions/roles/etc.?

If it is an IIS error, than it is failing before reaching CRM while
attempting to authenticate the user. The account under which IIS is running
will need enough rights to be able to read the AD user properties in order
to authenticate the users.

If it is a CRM error you receiving, could you post the text of the error?

--
Jay Grewal
Microsoft Dynamics CRM

This posting is provided "AS IS" with no warranties and confers no rights.
"Morten" <morten_skovgaard@hotmail.com> wrote in message
news:Oomu$bfSGHA.736@TK2MSFTNGP12.phx.gbl...

Similar Posts

Rights required or group membership required to install fonts (Basics) by GLaubscher
permissions (Security & Administration) by Ahmed
W2K Permissions (Computers & Technology) by zim
Permissions required to read performance monitor from a remote machine (Windows 2000) by David K
Can't see permissions on DFS (Windows NT) by Invisible