Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
CRM 4.0 - disabled user and active user with same logon name and diferent Active Directory guid RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Using CRM 4.0 with Rollup 15

    his is what happend:

    The user is a summer student and worked in CRM last year. She left and I disabled her CRM user account, then her AD account was deleted. Her CRM disabled user account still points to the deleted AD guid. Trying to enable it gives me the error below.

    Now she returned, a new AD logon was created for her (same name , differen guid); if I add her as a new CRM user, it creates it properly pointing to a new AD guid.

    My problem is that we have BI daily loads for the reporting tool which fail because they see these 2 CRM users as duplicates. So it is not CRM itself which creates the problem, but business intelligence loads (reporting tool) which fail because of the 2 identical logon names.

    my questions:

    1. Is there a way to point the disabled crm user to my new AD guid?

    2. Is there a way to change the logon name of a disabled CRM user?

    3. how can I find what does MS recommends in these situations (returning user)?

    error:

    Thread account name: CA\prdcrm_svc

    Is impersonating: False

    Stack trace: at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

    at System.Web.Services.Protocols.LogicalMethodInfo.Invoke(Object target, Object[] values)

    at Microsoft.Crm.Extensibility.InternalOperationPlugin.Execute(IPluginExecutionContext context)

    at Microsoft.Crm.Extensibility.PluginStep.Execute(PipelineExecutionContext context)

    at Microsoft.Crm.Extensibility.Pipeline.Execute(PipelineExecutionContext context)

    at Microsoft.Crm.Extensibility.MessageProcessor.Execute(PipelineExecutionContext context)

    at Microsoft.Crm.Extensibility.InternalMessageDispatcher.Execute(PipelineExecutionContext context)

    at Microsoft.Crm.Extensibility.ExternalMessageDispatcher.Execute(String messageName, Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode, PropertyBag fields, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)

    at Microsoft.Crm.Sdk.RequestBase.Process(Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)

    at Microsoft.Crm.Sdk.RequestBase.Process(CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)

    at Microsoft.Crm.Sdk.CrmServiceInternal.Execute(RequestBase request, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)

    at Microsoft.Crm.Sdk.InProcessCrmService.Execute(Object request)

    at Microsoft.Crm.Application.Platform.ServiceCommands.PlatformCommand.ExecuteInternal()

    at Microsoft.Crm.Application.Platform.ServiceCommands.SetStateCommand.Execute()

    at Microsoft.Crm.Web.BusinessManagement.SystemUserDetailPage.ChangeState(Object sender, DataEventArgs e)

    at Microsoft.Crm.Application.Forms.DataEventProcessor.Raise(FormEventId eventId, FormState state, IUser user, String objectId, Entity entity)

    at Microsoft.Crm.Application.Forms.AppForm.RaiseDataEvent(FormEventId eventId)

    at Microsoft.Crm.Application.Forms.EndUserForm.Initialize(Entity entity)

    at Microsoft.Crm.Application.Forms.CustomizableForm.Execute(Entity entity, String formType)

    at Microsoft.Crm.Web.BusinessManagement.SystemUserDetailPage.ConfigureForm()

    at Microsoft.Crm.Application.Controls.AppUIPage.OnPreRender(EventArgs e)

    at System.Web.UI.Control.PreRenderRecursiveInternal()

    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

    thank you in advance

    Daniela Nicolette

    Nicolette

    Wednesday, May 2, 2012 6:49 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Here is a very helpful answer from Steve (user lemonje) from a different post which is shedding light on this issues. Thank you again

    http://social.microsoft.com/Forums/en/crmdevelopment/thread/cc0dd930-b5a8-4b49-9e40-17f628b3d820

    You cannot vote again Hi Daniela

    I'm glad its all working again. I know what a head scratcher it can be as I had the same issue myself.

    With regards to your staff turnover, I believe there is an issue here that Microsoft need to address, and that's when people leave because CRM only allows disablement where as AD allows a full delete.

    The way I see it there are two options you could consider:

    1. Never delete AD users (not least for a year or so) incase they return.

    2. If you delete the AD user, when you create a new AD users of the same name use LDAP to find out what is Guid value is then update the disabled CRM user with the same value. You will then be able to re-activate the CRM user again and it will corresponde to and active AD use, so everything will be fine.

    PS. If these answers have worked for you please "mark as answer" to clear it off the forum queue.

    All the best

    Steve

    Nicolette

    Friday, May 4, 2012 3:21 PM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi Daniela,

    This should be easy to fix, you have two options:

    1. On the SQL table SystemUsers Update the old disabled account DomainName to a dummy logon name (let us know if you need the SQL query). Now on CRM add the new AD account.
    2. Don't create the new AD account. Re-enable the old disabled account. Get a dummy Ad account not in CRM. double click the old account and change the domain logon name to the dummy account, Save. Now change again the domain name to the new user AD account press tab save the account. should have updated the AD guid

    Let us know if it worked.

    Regards

    Nuno

    Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com

    Thursday, May 3, 2012 9:39 PM
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Nuno

    thank you for repying. What i did was very closed to what you suggest.

    What worked for me today was changing the logon name for the disabled user in SystemUserBase, just changing it slightly to somethign that is not a current user. 

    Then I added my new user in CRM, gave him the rights and all was good.

    What puzzles me is that I have the exact situation in DEV environment, where  I have still the same disabled user with the exact activeDirectoryGuid and System userId as in prod (DEV was refreshed a while ago). In DEV I can re-enable my user account, while in PROD I couldn't.

    Anyway, with so many students joining the company I am worried this will happen again, so I will need to look at installing the latest rollups which hopefully will solve this issue.

    Thank you again for your reply. you've got my vote:)

    Have a good one

    Daniela

    Nicolette

    Thursday, May 3, 2012 11:32 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Client machine & CRM server time zone is same. I tried giving host name also but getting same error. Do i need to do any configuration after installation of CRM Server for Outlook in Server machine Thank you.
    Artykuł
    Friday, May 4, 2012 3:14 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Here is a very helpful answer from Steve (user lemonje) from a different post which is shedding light on this issues. Thank you again

    http://social.microsoft.com/Forums/en/crmdevelopment/thread/cc0dd930-b5a8-4b49-9e40-17f628b3d820

    You cannot vote again Hi Daniela

    I'm glad its all working again. I know what a head scratcher it can be as I had the same issue myself.

    With regards to your staff turnover, I believe there is an issue here that Microsoft need to address, and that's when people leave because CRM only allows disablement where as AD allows a full delete.

    The way I see it there are two options you could consider:

    1. Never delete AD users (not least for a year or so) incase they return.

    2. If you delete the AD user, when you create a new AD users of the same name use LDAP to find out what is Guid value is then update the disabled CRM user with the same value. You will then be able to re-activate the CRM user again and it will corresponde to and active AD use, so everything will be fine.

    PS. If these answers have worked for you please "mark as answer" to clear it off the forum queue.

    All the best

    Steve

    Nicolette

    Friday, May 4, 2012 3:21 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    wrong post?!

    Daniela

    Nicolette

    Friday, May 4, 2012 3:22 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    All answers are correct. What Steve is telling you is that you have another 3rd option, update the AD GUID. However not sure if this only affects one table.

    Both answers are correct, it's down to you which one is more practicable.

    Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com

    Friday, May 4, 2012 3:46 PM
    Answerer