none
Installing Dynamics CRM 2011: Unable to browse Active Directory Object

    Question

  • Hello,

    We are trying to set up Dynamics CRM Server 2011 on Windows Server 2008 R2 Enterprise Edition(SERVER01):

    1. Server (SERVER01) on which Dynamics CRM 2011 is being installed is a domain member with domain admin rights

    2. Logged into SERVER01 with domain user account

    3. The software and hardware prerequisites are met

    We faced the error "Unable to browse Active Directory Objects" in Select Organization Unit. Hope we have provided complete information to help understand why we are facing this. Would anybody be able to help us in this regard?

    Thanks in advance.

     

    Cheers,

    Karthik

    Friday, April 01, 2011 5:51 AM

Answers

All replies

  • I'm not sure what you mean in point 1 by ' a domain member with domain admin rights'; machines don't have domain admin rights (or it is possible to give the machine account such rights, they won't help when installing CRM)

    The user account used to install CRM must have appropriate AD rights to browse the OU that will contain the CRM AD Groups. This user account will also need rights to either create groups in this OU, or to add users to pre-created groups (if using a config file), and it sounds like this is your problem


    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    Friday, April 01, 2011 9:03 AM
  • Hi David, 

    Thanks for your reply.

    Point 1: There is an option to add rights to the computers under the Active Directory, if you see under Active Directory Users and Computers> Computers > Your Computer > Properties > Member Of , so we can add rights to the computers as well is what I have seen. Another point is, the domain account used install CRM 2011 Server has Domain Admin rights

    Your point about possibility of machine account to have rights that would not allow to install CRM Server could be true, I'll have to investigate on that. Secondly the user account used to install CRM Server has right to manage the organization units, the user is able to add, modify and delete OUs. But im not sure which Groups are used to manage the groups inside OUs. I dint find anything that could fit. Any suggestions would be helpful.

    Since Domain admin rights are provided to both domain user account and the domain computer account, I suspect the source of error could due to failure of DNS connectivity. I'll have to investigate further.

    Thanks for your help till now.

    Cheers,

    Karthik

    Friday, April 01, 2011 10:56 AM
  • The rights pertain to the System and Network account when added to a computer. The fact that the user is domain admin also is strange.

    You actually could be correct in a DNS problem or something to that effect.  I would check the explicit permissions on your OU though anyways to see if that account or computer could be being excluded explicitly.


    Jamie Miley
    http://mileyja.blogspot.com
    Linked-In Profile
    Follow Me on Twitter!
    Friday, April 01, 2011 1:33 PM
  • The CRM setup log may give a bit more information, but this does more like a networking (e.g. DNS, or other AD connectivity) problem, rather than a permission one
    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    Friday, April 01, 2011 3:27 PM
  • Hello Karthik,

    I face the same issue with same environnement you have , did you find the solution ?

    Could you explain me step by step ?

    I am not an IT guy so I am a bit lost

    thnaks

    serge

    Friday, July 01, 2011 9:36 AM
  • I solved this issue by defining a Lookup forward zone on first serverr.

     


    Your knowledge is enhanced by that of others.
    Friday, July 01, 2011 6:04 PM
  • So this was a DNS issue?  I will mark my solution above as proposed also in case you are correct.  Then hopefully Karthik will mark both of them.
    Jamie Miley
    Check out my about.me profile!
    http://mileyja.blogspot.com
    Linked-In Profile
    Follow Me on Twitter!
    Friday, July 01, 2011 8:32 PM
  • I experienced this issue while creating a demo Active Directory domain and CRM instance.  I created a domain corp.contoso.com but had logged in as the Domain Admin (actually Enterprise Admin) using CONTOSO\username credentials on the host where CRM was to be installed.  Logging in with CORP\username did the trick and I was able to select the OU I had prepared.  Had this not been a demo instance I would not have been so flippant about the installing user, security, etc. though I also would not have had such a valuable learning experience :).

    -Ben

    Tuesday, August 27, 2013 9:30 PM