locked
which account is to add CRM user to AD security group? RRS feed

  • Question

  • it is clear that during CRM installation/setup the setup user needs modify permission to the several AD security groups so that CRM App Pool account and other service account can be added to the right groups.

    How about after installation if we want to add user AD users? which account will do that job?

    I need to understand this so that I can make such request to AD team.

    Thanks,

    Friday, June 14, 2013 8:12 PM

Answers

  • CRM has a configuration setting 'AutoGroupManagementOff'. If this is not set, then CRM will add or remove users from the ReportingGroup AD group, using the identity of the CrmAppPool application pool. If it is set, then an administrator will separately have to add or remove members of this group


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Proposed as answer by nrodriEditor Friday, June 21, 2013 11:31 AM
    • Marked as answer by nrodriEditor Tuesday, June 25, 2013 7:58 AM
    Tuesday, June 18, 2013 8:23 AM
    Moderator

All replies

  • Hi,

    After installation there is no need to any special permissions on the AD. A simple AD user which has create CRM user privilege could do this action.



    My Weblog | My Website

    Saturday, June 15, 2013 4:12 PM
    Moderator
  • this seems unlikely or not convincing: at least for this group, someone needs permission to do that -

    ReportingGroup

    All Microsoft Dynamics CRM users are included in this group. This group is updated automatically as users are added and removed from Microsoft Dynamics CRM. By default, all Microsoft Dynamics CRM Reporting Services reports grant Browse permission to this group.

    I did not see any detail document on how CRM manages CRM users - there is no CRM User AD security group any more.

    Monday, June 17, 2013 5:13 PM
  • CRM has a configuration setting 'AutoGroupManagementOff'. If this is not set, then CRM will add or remove users from the ReportingGroup AD group, using the identity of the CrmAppPool application pool. If it is set, then an administrator will separately have to add or remove members of this group


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Proposed as answer by nrodriEditor Friday, June 21, 2013 11:31 AM
    • Marked as answer by nrodriEditor Tuesday, June 25, 2013 7:58 AM
    Tuesday, June 18, 2013 8:23 AM
    Moderator