locked
what are impacts of CRM on active directory? RRS feed

  • Question

  • hi,

     

    what impacts CRM make on active directory? if CRM administrator has full rights on a perticular OU ( but not the full AD), can we still install CRM?

     

     

    Friday, January 16, 2009 10:40 AM

Answers

  • Hi Sohaib,
        
    >>what impacts CRM make on active directory?
    MS CRM creates 4 OUs in the AD. UserGroup, PrivUserGroup, SQLAccessGroup, ReportingGroup, PrivReportingGroup.
    The installer askes you for the OU during the installation wizard.

    >>if CRM administrator has full rights on a perticular OU ( but not the full AD), can we still install CRM?
    The MS CRM 4.0 Planning and Installation Guides are a bit gray on this. According to the documentation all you need is to "Log on to the domain as a user who has administrator-level privileges where Microsoft Dynamics CRM will be installed and who is a member of the Administrators group on the local computer. You cannot install the application as a member from a trusted domain."

    The AD requirements from the documentation below again no mention of the security level required.

    The Active Directory requirements are as follows:

    ·         The computer that running Microsoft Dynamics CRM Server and the computer that is running SQL Server, where the Microsoft Dynamics CRM databases are located, must be in the same Active Directory domain.

    ·         The Active Directory domain where the Microsoft Dynamics CRM Server computer is located must run in Windows 2000 native, Windows Server 2003 interim, Windows Server 2003 native, or any Windows Server 2008 domain modes.

    ·         The Active Directory forest where the Microsoft Dynamics CRM Server computer is located can run in Windows 2000, Windows Server 2003 interim, or Windows Server 2003 forest modes.

    ·         The accounts that are used to run the Microsoft Dynamics CRM services must be in the same domain as the computer that is running Microsoft Dynamics CRM Server.

    ·         The Microsoft Dynamics CRM security groups (UserGroup, PrivUserGroup, SQLAccessGroup, ReportingGroup, PrivReportingGroup) must be in a single OU. However, the OU does not have to be in the same domain as the computer that is running Microsoft Dynamics CRM.

    ·         For users who are accessing Microsoft Dynamics CRM from another domain, a one-way trust must exist where the user domain trusts the domain where the Microsoft Dynamics CRM Server computer is located.


    You can download the Guides from the URL below:

    http://www.microsoft.com/downloads/details.aspx?FamilyID=1ceb5e01-de9f-48c0-8ce2-51633ebf4714&DisplayLang=en


    Hassan.


    Friday, January 16, 2009 11:47 AM

All replies

  • Hi Sohaib,
        
    >>what impacts CRM make on active directory?
    MS CRM creates 4 OUs in the AD. UserGroup, PrivUserGroup, SQLAccessGroup, ReportingGroup, PrivReportingGroup.
    The installer askes you for the OU during the installation wizard.

    >>if CRM administrator has full rights on a perticular OU ( but not the full AD), can we still install CRM?
    The MS CRM 4.0 Planning and Installation Guides are a bit gray on this. According to the documentation all you need is to "Log on to the domain as a user who has administrator-level privileges where Microsoft Dynamics CRM will be installed and who is a member of the Administrators group on the local computer. You cannot install the application as a member from a trusted domain."

    The AD requirements from the documentation below again no mention of the security level required.

    The Active Directory requirements are as follows:

    ·         The computer that running Microsoft Dynamics CRM Server and the computer that is running SQL Server, where the Microsoft Dynamics CRM databases are located, must be in the same Active Directory domain.

    ·         The Active Directory domain where the Microsoft Dynamics CRM Server computer is located must run in Windows 2000 native, Windows Server 2003 interim, Windows Server 2003 native, or any Windows Server 2008 domain modes.

    ·         The Active Directory forest where the Microsoft Dynamics CRM Server computer is located can run in Windows 2000, Windows Server 2003 interim, or Windows Server 2003 forest modes.

    ·         The accounts that are used to run the Microsoft Dynamics CRM services must be in the same domain as the computer that is running Microsoft Dynamics CRM Server.

    ·         The Microsoft Dynamics CRM security groups (UserGroup, PrivUserGroup, SQLAccessGroup, ReportingGroup, PrivReportingGroup) must be in a single OU. However, the OU does not have to be in the same domain as the computer that is running Microsoft Dynamics CRM.

    ·         For users who are accessing Microsoft Dynamics CRM from another domain, a one-way trust must exist where the user domain trusts the domain where the Microsoft Dynamics CRM Server computer is located.


    You can download the Guides from the URL below:

    http://www.microsoft.com/downloads/details.aspx?FamilyID=1ceb5e01-de9f-48c0-8ce2-51633ebf4714&DisplayLang=en


    Hassan.


    Friday, January 16, 2009 11:47 AM
  • This is how our CRM is installed and it runs fine.  We have created a OU in our AD named Dynamics CRM and granted full rights to the person running the install and the service account that runs our servers.  We have not run into any issues yet. 

    Just remember that both the installer and the account running IIS needs privs since the application creates groups under the OU that it later updates as users are added to the system.
    Friday, January 16, 2009 2:09 PM