Microsoft Dynamics CRM 2011 supported configurations
This section describes the supported network, domain, and server configurations for Microsoft Dynamics CRM, which supports multiple domains in either a native- or interim-mode environment.
Active Directory requirements
The Active Directory requirements are as follows:
The computer that runs Microsoft Dynamics CRM Server 2011 and the computer that runs SQL Server, where the Microsoft Dynamics CRM databases are located, must be in the same Active Directory domain.
The Active Directory domain where the Microsoft Dynamics CRM Server 2011 is located must run in Windows 2000 native, Windows Server 2003 interim, Windows Server 2003 native, or any Windows Server 2008 domain modes.
The Active Directory forest where the Microsoft Dynamics CRM Server 2011 is located can run in Windows 2000, Windows Server 2003 interim, Windows Server 2003, or Windows Server 2008 forest functional levels.
The accounts that are used to run the Microsoft Dynamics CRM services must be in the same domain as the computer that is running Microsoft Dynamics CRM Server 2011.
The Microsoft Dynamics CRM security groups (PrivUserGroup, SQLAccessGroup, ReportingGroup, and PrivReportingGroup) must be in the same domain as the computer that is running Microsoft Dynamics CRM. These security groups can be located in the same organizational unit (OU) or in different OUs. To use security groups that are located in different OUs, you must install Microsoft Dynamics CRM Server 2011 by using an XML configuration file and specify the correct distinguished name for each pre-existing security group within the <Groups> element. For more information see Sample server XML configuration file for installing with pre-created groups in the Installing Guide.
Important Direct user account membership to the Microsoft Dynamics CRM privusergroup security group is required and group membership nesting under privusergroup currently is not supported. For example, if you add a security group named mycrmprivgroupusers to privusergroup, members of mycrmprivgroupusers will not resolve as privusergroup members. This includes the CRMAppPool or the SQL Server Reporting Services service identities, which if granted membership to privusergroup through another security group, can cause system-wide failures in the Microsoft Dynamics CRM web application and reporting features.
For users who access Microsoft Dynamics CRM from another domain and are not using claims-based authentication, a one-way trust must exist in which the domain where the Microsoft Dynamics CRM Server 2011 is located trusts the domain where the users are located.
For users who access Microsoft Dynamics CRM from another forest and are not using claims-based authentication, a two-way trust must exist between the forests.
For small user bases, a Microsoft Dynamics CRM Server (any edition) can be deployed in a single-server configuration, with Microsoft Dynamics CRM Server 2011, SQL Server, Microsoft SQL Server Reporting Services, and optionally Microsoft Exchange Server installed and running on the same computer.
Single-server deployments are not recommended for best experience in application performance and disaster recovery.
There is one limitation to single-server deployments: the server where Microsoft Dynamics CRM Server 2011 is installed cannot also function as a domain controller, unless it is running Windows Small Business Server. If the computer is a member server (not functioning as a domain controller), you can deploy a single-server Microsoft Dynamics CRM solution on any other supported version of Windows Server.
|Except for Windows Small Business Server, Microsoft Dynamics CRM is not supported when you install it on an Active Directory domain controller.|
Send comments about this article to Microsoft.
© 2012 Microsoft Corporation. All rights reserved.