locked
Redeployment to test - active directory users deleted RRS feed

  • Question

  • Hi

    We are attempting to redeploy an instance of crm from our production server to a test environment (same domain).

    However during the user mapping stage we've discovered that a lot of the users have been deleted from Active Directory.

    Couple of questions:-

    What is the result of skipping the mapping for those users during the 'edit user mapping' stage? We've noticed it let's you continue without mapping all the users across.

    Has anyone else run into this situation before, and is there a preferred way of dealing with it?
    Thursday, February 25, 2010 12:19 AM

Answers

  • Hi Josh,

    To answer your question:

    What is the result of skipping the mapping for those users during the 'edit user mapping' stage?
    => This will let install CRM successfully; however, the users who were not mapped won't be able to access CRM. They will get login errors. You will then have to manually map the users from Settings => Administration => Users.

    => Not mapping the users will not harm the User data that exists in CRM. The user information/ data remains intact in the database.

    What does mapping user process do?
    It contacts your active directory and get the SID of the account and feed it in the CRM Database.

    Please let me know if you need more information.
    • Proposed as answer by Kaustubh Giri Thursday, February 25, 2010 2:49 AM
    • Marked as answer by Josh Ashwood Thursday, February 25, 2010 5:40 AM
    Thursday, February 25, 2010 1:35 AM

All replies

  • Hi Josh,

    To answer your question:

    What is the result of skipping the mapping for those users during the 'edit user mapping' stage?
    => This will let install CRM successfully; however, the users who were not mapped won't be able to access CRM. They will get login errors. You will then have to manually map the users from Settings => Administration => Users.

    => Not mapping the users will not harm the User data that exists in CRM. The user information/ data remains intact in the database.

    What does mapping user process do?
    It contacts your active directory and get the SID of the account and feed it in the CRM Database.

    Please let me know if you need more information.
    • Proposed as answer by Kaustubh Giri Thursday, February 25, 2010 2:49 AM
    • Marked as answer by Josh Ashwood Thursday, February 25, 2010 5:40 AM
    Thursday, February 25, 2010 1:35 AM
  • Thanks Kaustubh

    Just one more question - we are getting an error on a new user that has been created in Active Directory and owns some records in the Production database.

    It appears CRM is trying to add the user into a group in Active Directory and is getting an Access Denied error.

    Can we assume that what is happening is that CRM is attempting to add the new user into one of the CRM groups, and possibly the CRM groups in test are different to production, and that the account we are running doesn't have permission to add the user into the group?

    Is there anything else the deployment manager does in terms of adding users into groups?

    Thanks for your help!
    Thursday, February 25, 2010 2:22 AM
  • My pleasure :-)

    There are various reasons for you not being able to add the user. It is true that CRM tries adding the Users to a UserGroup {GUID} security group created while creating them.

    1. The user does not have permissions to create new users in CRM (check roles: System Administrator)
    2. The user already exists in the Database and we are trying to create a duplicate
    3. Communication with Active Directory is causing an issue
    4. Permissions to the Application Pool account (the CRM service account, usually Network service. i.e. ComputerName$)
     
    there are many more issues..

    What version (3.0/4.0) of CRM are you re-deploying to the Test Environment?

    => While adding a user in CRM, the application first checks if the user has permissions to create a new user. (If you don't have CRM permissions it will never show you the ‘New’ button to create users)
    => Then it checks if the user exists in CRM's Active/ Disabled users list or the Database. If it exists, it will throw an error stating the User already exists.
    => If the User is unique then it will contact AD and get its SID and inserts it in the database and start creating database entries and relationships.

    So now you need to identify where the issue is. While contacting the AD or right before that. How to check that?
     
    Enable DevErrors/ Platform tracing and check the actual error to understand what is really causing the issue
        Tool: CRMDiagTool4.zip http://www.box.net/shared/6oxfqi2ida

    If the error is too complex and needs support please approach the MS Support for the best resolution.

    I hope I have answered your question.

    Thursday, February 25, 2010 3:29 AM