locked
Add CRM User from a trusted domain RRS feed

  • Question

  • Hi

    I have an account on a trusted domain to the domain that the CRM instance is in, there are a number of users from this domain that have access to CRM, but a number of accounts can't access across domains

    Is there some AD group that accounts need to be a member of, or is there some other magic formula

    Any help would be much appreciated

    Regards

    Andy


    CRM 4, SQL Server and .Net developer using C#

    Thursday, March 5, 2015 3:02 AM

Answers

  • I have done this on other installations, the main issue here was that the domain that CRM was in was trusted by the other domain, but there was no trust the other way. CRM needs a 2 way trust for this to work

    CRM 4, SQL Server and .Net developer using C#

    • Marked as answer by MayBoy Tuesday, July 26, 2016 9:35 PM
    Tuesday, July 26, 2016 9:35 PM

All replies

  • Which version if Crm are you using ? Up to (I think) Crm 4, users had to be a member of the AD group UserGroup, but that requirement was dropped from (again, I think) Crm 2011.

    When do you get errors ? Is it when trying to create the Crm user, or when the user tries to access Crm ?


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Thursday, March 5, 2015 9:13 AM
    Moderator
  • Are you using DomainName\UserName as credentials

    Regards Faisal

    Thursday, March 5, 2015 10:05 AM
  • I am using 2011, we have a number of organisations, so I added myself to all the UserGroups{......} I could find, but it made no difference.

    I get a an error that says "Business Management Error You are attempting to add a user with a domain logon that does not exist. Select another domain logon and try again"

    This account is set up to use all kinds of other resources on that domain, so it certainly exists, I have added it to numerous groups in that domain?

    The domain has a one way trust to the domain it is in and it works for most things


    CRM 4, SQL Server and .Net developer using C#

    Thursday, March 5, 2015 6:18 PM
  • Yes, I am

    CRM 4, SQL Server and .Net developer using C#

    Thursday, March 5, 2015 6:19 PM
  • To get this to work fully, I think you need a two-way trust between the domains:

    1. When you create the user in CRM, an account in the CRM Server domain accesses the other domain to get information about the domain user that you're trying to add to CRM. So, the domain in which the user account exists should trust the CRM Server domain
    2. When the user accesses CRM, then you need the trust the other way around

    It sounds like your error is with adding the user, in which case you may be missing the trust in the direction for item 1


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Friday, March 6, 2015 1:56 PM
    Moderator
  • OK, that sounds right.

    What if the process that runs the crm lookup of the other domain runs under an account from that domain, that should mean that you still only need a one way trust?

    Can you tell me what the process is that looks up the domain users?


    CRM 4, SQL Server and .Net developer using C#

    Sunday, March 8, 2015 12:03 AM
  • I'm fairly sure the process that looks up the domain users runs in the Crm application pool, and I'm not sure you can set that to run under the identity of an account in a different domain without causing other problems

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Monday, March 9, 2015 8:45 PM
    Moderator
  • I have done this on other installations, the main issue here was that the domain that CRM was in was trusted by the other domain, but there was no trust the other way. CRM needs a 2 way trust for this to work

    CRM 4, SQL Server and .Net developer using C#

    • Marked as answer by MayBoy Tuesday, July 26, 2016 9:35 PM
    Tuesday, July 26, 2016 9:35 PM