locked
Deploying CRM 2011 under a Read Only Domain Controller RRS feed

  • Question

  • Hi everyone,

    I am trying to install CRM 2011 as a test (to get a feel for the software and start training users prior to a full migration) server on a site which has a local read-only domain controller.

    The local read-only domain controller is running Server 2008 R2, as is our global read-write domain controller.

    During the installation and migration, I keep receiving the error message "The current user does not have required permissions (read/write) for the following Active Directory group: {<group details>}" and I believe this is due to the fact that the server is using the local read-only domain controller.

    To fix this problem so far we have tried:

    - Turning off the local read-only domain controller after hours and this has stopped the error. (However we can't keep doing that, and migrating to CRM 2011 has required a few goes so I'm looking for a more permanent solution)

    - Setting HKLM/SOFTWARE/Microsoft/MSCRM/PreferredDc as outlined at the bottom of: http://blog.customereffective.com/blog/2010/11/crm-performance-and-setting-preferreddc-registry-key.html

    I am hoping that someone here might be running a CRM server in a similar environment or will be able to help me with this problem. Let me know if you need any further information.

    Thanks!

    Thursday, March 17, 2011 12:35 AM

Answers

  • The installation of CRM will require write access to AD, but I would have thought you do this out of hours with the local DC turned off. After installation of the CRM server software, I believe that setting the AutoGroupManagementOff registry value will stop CRM trying to update AD, and this should apply both when importing organisations or adding new users
    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    • Proposed as answer by Jim Glass Jr Thursday, March 17, 2011 5:00 PM
    • Marked as answer by Jacob Appleton Friday, March 18, 2011 2:46 AM
    Thursday, March 17, 2011 6:24 AM
    Moderator

All replies

  • The installation of CRM will require write access to AD, but I would have thought you do this out of hours with the local DC turned off. After installation of the CRM server software, I believe that setting the AutoGroupManagementOff registry value will stop CRM trying to update AD, and this should apply both when importing organisations or adding new users
    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    • Proposed as answer by Jim Glass Jr Thursday, March 17, 2011 5:00 PM
    • Marked as answer by Jacob Appleton Friday, March 18, 2011 2:46 AM
    Thursday, March 17, 2011 6:24 AM
    Moderator
  • Thank you. This worked perfectly.
    Friday, March 18, 2011 2:46 AM