Multi forest CRM deployment RRS feed

  • Question

  • I have a customer with several distinct AD forests (different companies) and they want now to have a CRM solution, however they have no time or budget to first consolidate their ADs or implement a Identity Manager solution. The total nr of employees don't exceed 150 users and they are open to have a distinct AD for the CRM (2011 version) implementation. My question is which of the following alternatives is the best way (given the conditions mentioned) to implement the CRM solution:

    i) a distinct AD where users are created from scratch and where users have to login in order to get into CRM (a new distinct login object in the new forest). This scenario don't require a trust relationship.

    ii) a new AD, but trust relatinships which enable login into the new forest. In other word a "resource forest" where you don't have distinct new login objects but trust the login names from other forests.

    iii) any other option? (given the fact that they don't want to do AD consolidation or Forefront Identity Manager project)

    Wednesday, March 2, 2011 1:04 PM

All replies

  • The most significant influences on options i) or ii):

    i) The main drawback is that this will probably mean that users will have 2 distinct logins; their current one, and the one in the new AD. This tends to lead to user-adoption problems, so is not desirable

    ii) Providing you can create the trust relationships (you have permission to do this, and there are no issues with forest or domain functional levels), this is what I'd go with. I have met some issues in similar environments that required a particular Windows Server hotfix on all domain controllers; this caused a project delay as it took a while to get approval to apply a hotfix to domain controllers, so check in advance how much control you can have over the domain controllers. In this scenario, if you have low (Windows 2000) functional levels, you may need to create the CRM AD groups in advance as Domain Local Groups and run a command-line install

    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    Thursday, March 3, 2011 10:36 PM