locked
Using domain local group for CRM install. RRS feed

  • Question

  • This question relates to an installation scenario I have not tried before . I have a client who for security reasons would like to select an empty dedicated OU for CRM then populate that OU with a Domain Local group and add Global groups as members of the DL group.  The hope is this approach will mean that the groups that are generated will be contained in a dedicated OU rather than at the root of  the highler lvel OU.  Anybody tried any thing like this?

     

    Thursday, November 25, 2010 9:57 PM

Answers

  • Not quite sure I fully understand what you're trying to achieve. When you install CRM, you can choose whichever OU you like (providing you have permissions), wherever you want in the AD structure, so you can easily have a dedicated OU without any other changes.

    CRM will always need 5 AD groups. The 2 things you can control (beyond the OU in which they are created) are:

    1. You can pre-create the groups with whatever names you want, and get CRM to use them. To do this you need to create a config file for use during setup. The CRM Implementation Guide has examples
    2. You can manually populate the groups, rather than have CRM do so. This is controlled via a CRM registry value (AutoGroupManagementOff). This should allow you to use the pattern of users in global groups that are members of domain local groups, rather than the default CRM behviour of adding users directly into domain local groups

    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    Friday, November 26, 2010 10:16 AM
    Moderator