locked
AD Error when installing CRM 4.0 RRS feed

  • Question

  •  

    Hi Guys,

     

    I'm installing Microsoft CRM using a domain admin account ( also has local admin) to a DC using 2000 Native AD Mode. Almost at the end of the installation wizard we are getting the following error message.....

     

    The following permissions are required for organizational unit and all child objects: read, write, modify permissions, create child objects, all extended rights. Current user does not have these permissions for the Active Directory Organizational Unit: OU=xx,DC=xx,DC=xx.

     

    We have checked within Add and the Domain Admin account has FULL read, write, update ertc permissions. Has anyone seen this before or can offer any advice as to what the specific issue?

     

    Tuesday, December 2, 2008 12:19 PM

Answers

  • Hi    MSCRM4_Man,

    If i am not mistaken, last time i have read somewhere that if the particular OU has been created before, it might give some issues, probably you need to check whether existing OU has been deleted properly. I am not AD expert, so you might want to check with your system administrator, to check carefully by scanning through the list of OU to check whether there's duplicate OU exist.

    hmmm... it's quite weird, that even though you have specified your intended OU using pre-installation xml file, it still throw you error.

    Regards,

    hadi teo
    Sunday, December 7, 2008 2:30 AM

All replies

  • Hi,

    I am not quite sure whether you can install CRM with domain controller in 2000 Native AD mode, if i am not wrong, the minimum should be Windows 2003 Mixed mode.

    Please refer to the implementation guide for reference :

    http://www.microsoft.com/downloads/details.aspx?FamilyID=1ceb5e01-de9f-48c0-8ce2-51633ebf4714&displaylang=en

    hope this helps,

    hadi teo.
    Tuesday, December 2, 2008 2:19 PM
  • Hi, thanks for getting back to me. THe MS CRM Planning Guide states the folloiwng......

     

    Active Directory Modes

    The computer on which Microsoft Dynamics CRM 4.0 is running must be a domain member in a domain that is running in one of the following Active Directory® modes:

    ·         Windows 2000 Mixed

    ·         Windows 2000 Native

    ·         Windows Server 2003 Native

    ·         Windows Server 2003 Interim

    ·         All Windows Server 2008 Modes

     

     

     

    So, I guess this is ok for our environment? Please confirm if this is correct?

     

    Thanks

    Tuesday, December 2, 2008 2:26 PM
  • See if this post helps.  I know you state you are installing with a Domain Admin account, but maybe it is possible that you missed something.  I would go through the post and check everything systematically to ensure you have the rights needed on all child objects, etc.

     

    http://forums.microsoft.com/Dynamics/ShowPost.aspx?PostID=2357212&SiteID=27

    Tuesday, December 2, 2008 3:25 PM
  • Hi,

    I would like to inquire some, so that other people can also have the same facts regarding the background of your environment

    *) Is the CRM installed in the same domain as your AD ? or is it cross domain ?
    *) Is there any warning during Environmental Diagnostic Wizard ? During the Environmental Diagnostic Wizard window, actually the wizard have tested the intended OU against the current installer permission whether the current installer permission have sufficient permission to write into the OU. If the permission is not enough, actually it will throw a warning.

    Regards,

    hadi teo.
    Tuesday, December 2, 2008 10:49 PM
  • Hi Guys,

     

    Sorry it's taken me a while to reply.

     

     

    In answer to your questions......

     

    CRM is being installed onto a machine within the same Domain as AD. The warning within the Environmental Diagnostic wizard is "The following permissions are required for organizational unit and all child objects: read, write, modify permissions, create child objects, all extended rights" 

     

    Then clicking on DETAILS sort-of repeats the error in full..."The following permissions are required for organizational unit and all child objects: read, write, modify permissions, create child objects, all extended rights. Current user does not have these permissions for the Active Directory Organizational Unit: OU=xx,DC=xx,DC=xx."

     

    We have checked everything within AD and the user (administrator) has full permissions on every OU (we manually checked them all!). Has anyone else got any suggestions?

     

    Saturday, December 6, 2008 10:33 PM
  • Hi    MSCRM4_Man,

    If i am not mistaken, last time i have read somewhere that if the particular OU has been created before, it might give some issues, probably you need to check whether existing OU has been deleted properly. I am not AD expert, so you might want to check with your system administrator, to check carefully by scanning through the list of OU to check whether there's duplicate OU exist.

    hmmm... it's quite weird, that even though you have specified your intended OU using pre-installation xml file, it still throw you error.

    Regards,

    hadi teo
    Sunday, December 7, 2008 2:30 AM
  •  

    Try to give the full permissions for your Service Account(By which you are trying to install MSCRM) as fully delegated to the OU.

     

    Hope this Fixes

    Tuesday, December 9, 2008 12:15 AM
  • Hi,

     

    Checked AD and no previous or "rouge" OU exist!

     

    The account who we are installing CRM under has full admin rights (to our knowledge) in terms of your suggestion, by giving full permissions" - where specifically are you saying we should do this?

     

     

    Thanks

     

    Tuesday, December 9, 2008 6:59 PM