Synchronize user information between Microsoft Dynamics 365 and Active Directory

 

Updated: November 28, 2016

Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online

Microsoft Dynamics 365 supports two methods for authenticating users:

  • Integrated Windows Authentication 

  • Claims-based authentication

By default, customers who purchase Microsoft Dynamics 365 and deploy it on-premises use Windows Authentication. These customers also can set up claims-based authentication for Internet-facing deployments (IFDs) of the product.

With integrated Windows Authentication, each user record in Dynamics 365 must be associated with a user account in Active Directory to enable log on to Dynamics 365. When the user records are associated, Dynamics 365 automatically reads and stores other information about the user record (including the first and last name, the email address, and the globally unique identifier, or GUID) from the Active Directory directory service.

However, changes to the Active Directory information associated with a specific user can create discrepancies with the information maintained in Dynamics 365, thereby preventing the user from accessing Dynamics 365. Specifically, if value of the User SamAccountName logon attribute in Active Directory changes for a user, the corresponding user information in Dynamics 365 won’t match and the user won’t be able log on..

To ensure that the user can successfully log on to Dynamics 365, you must update the information in the Dynamics 365 user record so that it matches the detail in Active Directory.

Before you start, be sure to record the value of the User SamAccountName logon attribute for the affected user before updating the corresponding user record in Dynamics 365.

System_CAPS_noteNote

For information about synchronizing Microsoft Dynamics 365 (online) with Active Directory, see the blog post How to Synchronize CRM Online with your Active Directory.


  1. Go to Settings > Security.

  2. Choose Users.

  3. In the list of users, choose to select the user record you want to update, and then choose Edit.

  4. In the User Name text box, type an Active Directory user name that isn’t used by any Dynamics 365 user record.

    System_CAPS_importantImportant

    If you specify a user name that already exists in Active Directory, Dynamics 365 will try to map the user to the updated user in Active Directory, and when it locates an existing record with the same GUID, the mapping will fail.

    If all the user accounts in Active Directory are used by Dynamics 365 user records, create a temporary Active Directory user account.

  5. Save the user record, and then in the User Name text box, type in the User SamAccountName logon value that appears for the user Active Directory, which you recorded prior to starting this procedure.

  6. Choose Save and Close.

© 2016 Microsoft. All rights reserved. Copyright

Community Additions

ADD
Show: