Create domain administrators

Domain administrators have full administration rights to their domain. However, they have no rights to other domains.

Some customers who have many companies in Microsoft Dynamics AX have a requirement to keep the data in each company completely separate. In such large system environments the system administrator is not the person who grants permissions to the user or creates companies. The system administrator creates a role called the domain administrator to do this. Domain administrators have complete access to all resources within their domain, but do not have access to companies in other domains.

Domain administrators

Before the system administrator creates the domain administrators, the companies, domains, and users must be created in the Microsoft Dynamics AX environment. For instructions, see Manage company accounts, Manage domains, and Manage users.

  1. From a Microsoft Dynamics AX client, click > > .

  2. On the tab, create a Domain administrator user group for each domain in the Microsoft Dynamics AX system.

  3. Select the new Domain administrator user group, and then click .

  4. Select the Admin domain in the pane, and then open the tab.

  5. Select every security key and apply access to them for the Admin domain.

  6. Open the tab again and select the domains in the pane that this user group will administer.

  7. Open the tab.

  8. Click .

  9. In the tree, select > and apply .

    This restricts the Domain administrator from seeing data in other domains.

  10. Close the form.

    This grants full rights to the Domain administrator user group for the selected domain.

After the Domain administrator user groups are created for each domain, the system administrator adds users to these user groups.

  1. From a Microsoft Dynamics AX client, click > > .

  2. Select the Domain administrator user group that you just created.

  3. Open the Users tab.

  4. Select the users who will be the domain administrators for the domain represented by the user group, and then click the left-arrow (<) to move each user into the Selected user pane.

  5. Open the Groups tab.

  6. Select the Admin user group and any other unnecessary user groups.

  7. Open the Users tab.

  8. Select the users who are domain administrators, and then click the right-arrow (>) to move these users into the Remaining users pane.

    This makes sure that the Domain administrators do not have administrator rights over the whole system.

Community Additions