Using Active Directory By John O'Donnell, Microsoft CRM Most Valuable Professional  Microsoft CRM 1.2 requires you to install the application into an Active Directory-enabled domain. Before you insert the Microsoft CRM CD into your server and run the setup program, take a look at some of the issues covered on this page.
In addition, make sure you follow the Microsoft CRM Version 1.2 Implementation Guide (also included with the Microsoft CRM CDs). This is the definitive guide to installing Microsoft CRM. Note that Chapter 15 of this guide, which focuses purely on installing Microsoft CRM 1.2 on Microsoft Small Business Server 2003, has been updated and is available from the Microsoft Download Center.  Tip
Microsoft CRM 1.2 relies on Active Directory. Therefore, as a Microsoft CRM professional, you need to become very familiar with the application—to the point that you can talk about it confidently with prospective customers or even your own network administrator.
As my FAQ page on creating a Microsoft CRM testing environment recommends, you might want to use Microsoft Virtual PC 2004 to create an Active Directory test environment so you can learn how Active Directory forests, domains, trusts, domain controllers, sites, and global catalogs work. The Microsoft CRM Version 1.2 Implementation Guide is an excellent resource for information on Active Directory and server placement.
|
On This PageQ. Does Microsoft CRM 1.2 extend the Active Directory schema?A. When you install a product such as Microsoft Exchange, this new application actually modifies the Active Directory schema in order to store much of its data. If you work at a large company with many domain controllers, perhaps even spread out geographically, then extending the Active Directory schema can have major implications. This is because the additions will be replicated to all domain controllers throughout the company network. You will also find that companies are very protective of Active Directory—and rightly so. Active Directory is literally the heart of a company's network. Therefore, any request to install applications on top of Active Directory will be met with many questions and will require some good answers. The good news is that Microsoft CRM does not extend the Active Directory schema. Instead, Microsoft CRM simply adds new organizational units (OUs) and user groups to Active Directory. Q. How do I view the additions Microsoft CRM 1.2 makes to Active Directory?A. You can view the additions to Active Directory by running this program on a domain controller. To do so, go to Start, select Programs, select Administrative Tools, and then select Active Directory Users and Computers. After running this program, you will see a window that resembles Figure 1, which shows the Adventure Works Cycle organizational unit (OU). When you buy a license for Microsoft CRM, your company name will be for the name the license is issued to (unless you specify a different name). For example, if my company were called O'Donnell Consulting, you would see O'Donnell Consulting as the top-level OU in Active Directory. In this figure, you can also see that the business units in Microsoft CRM are represented by OUs in Active Directory.  Figure 1: To see the additions Microsoft CRM 1.2 makes to Active Directory, open the Active Directory Users and Computers window
Q. What should I do if I get an error when trying to remove a user's Microsoft CRM license?A. Every Microsoft CRM object is tied to a Microsoft CRM user. In addition, every Microsoft CRM user is tied to Active Directory. When you try to remove a user from Microsoft CRM, Microsoft CRM will check Active Directory for that user. If you try to remove a user from Active Directory before removing him or her from Microsoft CRM, you will not be able to remove the user's license from Microsoft CRM—and you will see the error shown in Figure 2. The first time people realize this issue exists is when an employee leaves the company and the system administrator goes through his or her routine of removing that user from Active Directory. The administrator is then be told by Active Directory to remove the user from Microsoft CRM. At this point, the administrator cannot retrieve the license because the user no longer exists in Active Directory. One workaround for this problem is to perform an Authoritative Restore to restore the deleted user to Active Directory. To then safely remove a user from Microsoft Active Directory and Microsoft CRM, see the next question on this page.  Figure 2: If you try to remove a user’s Microsoft CRM license, you’ll get this error message Q. How can I safely remove a user from both Active Directory and Microsoft CRM?A. When a Microsoft CRM user leaves your company, there are some steps you should follow to avoid losing his or her Microsoft CRM user license: 1. | Find another user to transfer the leaving user's Microsoft CRM data to. You can do this easily by contacting the manager of the user who's leaving the company and asking who should receive that user's Microsoft CRM data. | 2. | Open the record of the Microsoft CRM user who's leaving, and click the Actions-Reassign Records menu option. At this point, you can specify the new user to transfer the former employee's data to. | 3. | Once you have transferred the former user's data, you are ready to remove his license. Simply open his or her user record in Microsoft CRM, click Actions, and then select Manage Licenses. The following dialog box should appear. Using this dialog box, you can remove the former user's license and transfer it to another employee.  Figure 3: Use the Manage Licenses dialog box to transfer a former user’s Microsoft CRM license to another user
| 4. | After removing the former user's Microsoft CRM license, you can disable him or her as a user. Note that in Microsoft CRM you never delete a user, you simply disable them. | 5. | After disabling the former user's record in Microsoft CRM, you can have your network administrator safely delete that user's Active Directory record—and you can put your feet up for the rest of the day, knowing that you have saved another Microsoft CRM user license. :) |
When implementing Microsoft CRM on your company's network, you must ensure that any processes for handling users who are leaving the company include a test to see whether that employee was a user of Microsoft CRM. If he or she was a Microsoft CRM user, make sure his or her Microsoft CRM user license is removed before deleting him or her from Active Directory. If your network administrators are concerned about you waiting to remove a user's Microsoft CRM license, they can disable that user's domain account, which will prevent the user from logging on to the network. Q. Why does Microsoft CRM require a native-mode domain?A. Microsoft CRM 1.0 and Microsoft CRM 1.2 will not install if they detect a mixed-mode domain instead of a native-mode domain. Microsoft CRM requires a native-mode domain because of its reliance on nested domain local groups. On a domain controller, you can determine whether your domain is in native mode by clicking Start, then Programs, then Administrative Tools, and finally Active Directory Domains And Trusts. After right-clicking the domain name and selecting Properties, you will get the following dialog box, which will tell you which mode the domain is in.  Figure 4: The Active Directory Domains And Trusts application can tell you whether you have a native-mode domain Q. How do I move a Microsoft CRM installation between domains?A. Until recently, this was the number one question asked about Active Directory in the Microsoft CRM newsgroups. All the data in a Microsoft CRM installation is linked to Active Directory or the domain you install it under. This means that if a user creates a Microsoft CRM record, a link is established between that user in Active Directory and the data in Microsoft CRM. So if I try to back up my Microsoft CRM data and restore it to a different domain, all the links would be broken. The data would "think" it was linked to a user in Active Directory that it cannot see because that user would not exist in the new domain. Primarily this issue has come up when users created test domains for their Microsoft CRM system. Eventually they would ask, "How do I transfer Microsoft CRM to a production domain?" Once upon a time, this solution was very difficult to achieve, requiring the user to employ tools such as the Data Migration Framework, which ships with Microsoft CRM 1.2. However, Microsoft has since released Microsoft CRM Redeployment Tools, which you can use to move an installation between domains. This tool makes moving a test Microsoft CRM system to a production domain very easy. Q. I no longer have administrator privileges in Microsoft CRM. How can I fix this? Help!A. Assume I go into Microsoft CRM as the Microsoft CRM administrator. It is possible for me to remove my administrator role and then save my user record. The next time I go into Microsoft CRM, I will no longer have administrator permissions, and of course, neither will anybody else! Perhaps you were just experimenting with your Microsoft CRM administrator account and changed your role to that of, say, a salesperson, and while doing so, you removed your administrator role. Because this scenario is very possible, even on Microsoft CRM 1.2, I strongly recommend you have more than one user defined as a Microsoft CRM System Administrator in the root Business Unit of your Microsoft CRM deployment. Q. How do Global Catalog servers impact Microsoft CRM?A. Microsoft CRM uses Global Catalog servers to access Active Directory. If Microsoft CRM cannot contact a Global Catalog in its own Active Directory site, it will try to contact one at random. Keep in mind that a Global Catalog is a domain controller. For this reason, if you have a large network, you may want to consider placing a domain controller enabled as a Global Catalog server on the same network segment as the Microsoft CRM servers. Microsoft CRM will use the Domain Name System (DNS) to locate a Global Catalog server. Suffice it to say, DNS is a critical service. Any issues with it will almost certainly stop Microsoft CRM from functioning correctly. John O'Donnell is a Microsoft CRM Most Valuable Professional (MVP). He works in the Microsoft Business Solutions (now Microsoft Dynamics) practice of Avanade as a Microsoft CRM application specialist. He is involved in all stages of the Microsoft CRM implementation process, from pre-sales to user training. If you see him in the Microsoft CRM newsgroups, be sure to say hello.
| 
