Synchronize user information between Microsoft Dynamics CRM and Active Directory

  • Article

 

Applies To: Dynamics CRM 2015

Microsoft Dynamics CRM supports two methods for authenticating users:

  • Integrated Windows Authentication 

  • Claims-based authentication

By default, customers who purchase Microsoft Dynamics CRM and deploy it on-premises use Windows Authentication. These customers also can set up claims-based authentication for Internet-facing deployments (IFDs) of the product.

With integrated Windows Authentication, each user record in CRM must be associated with a user account in Active Directory to enable log on to CRM. When the user records are associated, CRM automatically reads and stores other information about the user record (including the first and last name, the email address, and the globally unique identifier, or GUID) from the Active Directory directory service.

However, changes to the Active Directory information associated with a specific user can create discrepancies with the information maintained in CRM, thereby preventing the user from accessing CRM. Specifically, if value of the User SamAccountName logon attribute in Active Directory changes for a user, the corresponding user information in CRM won’t match and the user won’t be able log on..

To ensure that the user can successfully log on to CRM, you must update the information in the CRM user record so that it matches the detail in Active Directory.

Before you start, be sure to record the value of the User SamAccountName logon attribute for the affected user before updating the corresponding user record in CRM.

Note

For information about synchronizing Microsoft Dynamics CRM Online with Active Directory, see the blog post How to Synchronize CRM Online with your Active Directory.

  1. Go to Settings > Security.

  2. Choose Users.

  3. In the list of users, choose to select the user record you want to update, and then choose Edit.

  4. In the User Name text box, type an Active Directory user name that isn’t used by any CRM user record.

    Important

    If you specify a user name that already exists in Active Directory, CRM will try to map the user to the updated user in Active Directory, and when it locates an existing record with the same GUID, the mapping will fail.

    If all the user accounts in Active Directory are used by CRM user records, create a temporary Active Directory user account.

  5. Save the user record, and then in the User Name text box, type in the User SamAccountName logon value that appears for the user Active Directory, which you recorded prior to starting this procedure.

  6. Choose Save and Close.

See Also

Manage security, users and teams
Add or remove territory members

© 2016 Microsoft Corporation. All rights reserved. Copyright