Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Identify Active Directory Groups - Existing Deployment RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi

    How can we identify the Active Directory groups used by CRM in an existing deployment?

    I have been running the following query, however there are no groups in AD with the GUID specified, is it therefore safe to assume that the AD Groups no longer exist?

    We are getting an error attempting to add a new user during an import of another organization from a Production database (this is a test instance and that user doesn't exist - during import we are getting an access denied error trying to add that user into AD, but we are having trouble identifying the AD groups CRM are using). I can however identify the Production CRM groups being used, and there is no trouble there. I'm not sure whether the test CRM AD groups even exist.

    USE [MSCRM_CONFIG]
    SELECT ID FROM Organization

    Can anyone help shed some light on how to identify these CRM groups, or whether it's safe to say they no longer exist given the above information?
    Thursday, February 25, 2010 10:48 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Josh,

    If this is your Query:

    USE [MSCRM_CONFIG]
    SELECT ID FROM Organization

    THEN

    You need to change it to look at the correct Database. The query should be:

    USE [OrgName_MSCRM]
    Select SqlAccessGroupName, PrivReportingGroupName from OrganizationBase

    This will fetch 2 names for you.
    Example: Domain\SqlAccessGroup {GUID} and Domain\PrivReportingGroup {GUID}

    Now with those names you can look the other Security Groups up. The {GUID} remains constant the prefix changes.

  • PrivReportingGroup {GUID}
  • PrivUserGroup {GUID}
  • ReportingGroup {GUID}
  • SqlAccessGroup {GUID}
  • UserGroup {GUID}

    • So now if you run

    USE [MSCRM_CONFIG]
    SELECT DefaultOrganizationId FROM Deployment

    You will find the GUID which is being used in the AD after the Security group names.

    I hope this information helps you. :-)

  • Proposed as answer by Kaustubh Giri Friday, February 26, 2010 2:44 AM
  • Marked as answer by Josh Ashwood Friday, February 26, 2010 4:32 AM
Friday, February 26, 2010 2:44 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Josh,

    If this is your Query:

    USE [MSCRM_CONFIG]
    SELECT ID FROM Organization

    THEN

    You need to change it to look at the correct Database. The query should be:

    USE [OrgName_MSCRM]
    Select SqlAccessGroupName, PrivReportingGroupName from OrganizationBase

    This will fetch 2 names for you.
    Example: Domain\SqlAccessGroup {GUID} and Domain\PrivReportingGroup {GUID}

    Now with those names you can look the other Security Groups up. The {GUID} remains constant the prefix changes.

  • PrivReportingGroup {GUID}
  • PrivUserGroup {GUID}
  • ReportingGroup {GUID}
  • SqlAccessGroup {GUID}
  • UserGroup {GUID}

    • So now if you run

    USE [MSCRM_CONFIG]
    SELECT DefaultOrganizationId FROM Deployment

    You will find the GUID which is being used in the AD after the Security group names.

    I hope this information helps you. :-)

  • Proposed as answer by Kaustubh Giri Friday, February 26, 2010 2:44 AM
  • Marked as answer by Josh Ashwood Friday, February 26, 2010 4:32 AM
Friday, February 26, 2010 2:44 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thanks again Kaustubh - I have correctly identified the groups, and have discovered and fixed the permissioning error mentioned above. :)
    Friday, February 26, 2010 4:33 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    My pleasure.. :-)
    Friday, February 26, 2010 7:19 PM