locked
Sharing one active directory for multiple CRM deployments/environments RRS feed

  • Question

  • I am new to CRM and working on gathering information for deployments.

    I need to setup DEV, Test and Production CRM environments each will be having separate CRM and DB servers but need to share one Active directory server.  I understand that CRM will create 4 security groups in AD during the installation.  These 4 groups will be created upon setting up the DEV CRM server.

    My questions are:

    1. Can one Active directory server be used for dev, test and production CRM environments to manage the users?  If so, Is there any other impacts/issues?

    2.  What happens to those security groups in AD when installing the Test and Production CRM servers? 
     a.  Does it delete and re-create new one during each installation?
     b.  Does it use same security group for all the deployment?
     c.  What happens when adding users to CRM for each environment (DEV, Test and Production)

    3.  How the users in different environments will be managed with one AD server?

    Thanks in advance for your answers!  Also, please let me know any best practices/blog posts/articles over the web.

    Thanks.

    Friday, January 22, 2010 7:13 PM

Answers

  • Hi, 

    You can use one AD for all of your environment, just create a new OU for each of the environment,  then select the correct OU for each environment during your installation.  However the best practice is to have an AD for each of your environments.  But I do have clients having 1 AD for all environments. 

    1. Yes
    2. If they are in different OU, it doesn't matter. the security group will create under that OU. The user will add to the correct group since they will be in a different OU.
    3. You just adding user to the security groups, you don't need to create a new user for each environment.  The credential will be share between environments.

    I hope this helps.

    Darren Liu | 刘嘉鸿 | MS CRM MVP | English Blog: http://msdynamicscrm-e.blogspot.com | Chinese Blog: http://liudarren.spaces.live.com
    • Proposed as answer by kgorczewski Monday, January 25, 2010 6:19 PM
    • Marked as answer by Donna EdwardsMVP Thursday, January 28, 2010 4:41 PM
    Saturday, January 23, 2010 4:03 AM
    Moderator

All replies

  • Hi, 

    You can use one AD for all of your environment, just create a new OU for each of the environment,  then select the correct OU for each environment during your installation.  However the best practice is to have an AD for each of your environments.  But I do have clients having 1 AD for all environments. 

    1. Yes
    2. If they are in different OU, it doesn't matter. the security group will create under that OU. The user will add to the correct group since they will be in a different OU.
    3. You just adding user to the security groups, you don't need to create a new user for each environment.  The credential will be share between environments.

    I hope this helps.

    Darren Liu | 刘嘉鸿 | MS CRM MVP | English Blog: http://msdynamicscrm-e.blogspot.com | Chinese Blog: http://liudarren.spaces.live.com
    • Proposed as answer by kgorczewski Monday, January 25, 2010 6:19 PM
    • Marked as answer by Donna EdwardsMVP Thursday, January 28, 2010 4:41 PM
    Saturday, January 23, 2010 4:03 AM
    Moderator
  • Thank you so much.
    Monday, January 25, 2010 6:18 PM