Microsoft Dynamics CRM 2013 supported configurations
This section describes the supported network, domain, and server configurations for Microsoft Dynamics CRM, which supports multiple domains in either a native- or interim-mode environment.
The Active Directory requirements are as follows:
The computers that run Microsoft Dynamics CRM Server 2013 roles and the computer that runs SQL Server, where the Microsoft Dynamics CRM databases are located, must be in the same Active Directory domain.
The Active Directory domain where a Microsoft Dynamics CRM Server 2013 role is located must run in Windows Server 2003 interim, Windows Server 2003 native, or any Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 domain modes.
The Active Directory forest where a Microsoft Dynamics CRM Server 2013 role is located can run in Windows Server 2003 interim, Windows Server 2003, Windows Server 2008, or Windows Server 2012 forest functional levels.
The user account that is used to run a Microsoft Dynamics CRM service must be in the same domain as the computer that is running the Microsoft Dynamics CRM Server 2013 role.
The Microsoft Dynamics CRM security groups (PrivUserGroup, SQLAccessGroup, ReportingGroup, and PrivReportingGroup) must be in the same domain as the computer that is running Microsoft Dynamics CRM. These security groups can be located in the same organizational unit (OU) or in different OUs. To use security groups that are located in different OUs, you must install Microsoft Dynamics CRM Server 2013 by using an XML configuration file and specify the correct distinguished name for each pre-existing security group within the <Groups> element. More information: Sample server XML configuration file for installing with pre-created groups
Warning Direct user account membership in the Microsoft Dynamics CRM privusergroup security group is required and group membership nesting under privusergroup currently is not supported. Granting membership to privusergroup through another security group can cause system-wide failures in the CRM web application and reporting features. For example, if you add a security group named mycrmprivgroupusers to privusergroup, members of mycrmprivgroupusers will not resolve as privusergroup members. This includes the CRMAppPool or the SQL Server Reporting Services service identities.
For users who access Microsoft Dynamics CRM from another domain and are not using claims-based authentication, a one-way trust must exist in which the domain where the Microsoft Dynamics CRM Server 2013 is located trusts the domain where the users are located.
Important To add users to Microsoft Dynamics CRM that are not authenticated by using claims-based authentication, a two-way forest trust is required.
For small user bases, a Microsoft Dynamics CRM Server (any edition) can be deployed in a single-server configuration, with Microsoft Dynamics CRM Server 2013, SQL Server, Microsoft SQL Server Reporting Services, and optionally Microsoft Exchange Server installed and running on the same computer.
Single-server deployments are not recommended for best experience in application performance and disaster recovery.
There is one limitation to single-server deployments: the server where Microsoft Dynamics CRM Server 2013 is installed cannot also function as a domain controller. If the computer is a member server (not functioning as a domain controller), you can deploy the Microsoft Dynamics CRM Server 2013 Full Server server role on a single Windows Server that is also running the additional required products.
|Running Microsoft Dynamics CRM Server 2013 in a production environment on an Active Directory domain controller is not supported.|
|To reduce IT administration overhead, consider running Microsoft Dynamics CRM in the cloud. More information: Microsoft Dynamics|
Send comments about this article to Microsoft.
© 2014 Microsoft Corporation. All rights reserved.