Tuesday, April 19, 2011

Managing Active Directory User Accounts from CRM 2011

I upgraded my ADUserHelper (CRM4.0) plugin to CRM 2011 version today. The feature will be the same as previous one. Below is the list of steps that my plug-in works for AD integration:
  1. Enquiry "Domain User Name" in Active Directory when User Profile is saved (pre-create) in CRM
  2. If plug-in cannot find user in AD, it will automatically create an account based on saving profile's data
  3. If user already exists in AD, it will skip the account creation steps
  4. Once User Profile is saved, MS CRM will automatically add ReportingGroup and UserGroup to specific AD user account (This is a feature of CRM)
 You may need to provide following configuration settings to run plug-in successfully
  1. Default Password for all users
  2. DNS Name (or) IP Address
  3. Admin User Account which has permission to create user account in Active Directory
  4. Admin User Password
  5. LDAP Path (Optional, provide it if you want to create CRM user under specific OU)
For easier management, we create an OU to put all CRM's AD user accounts in one location. We also create one admin account to manage that OU for user accounts creations. If you want to allow users to change their Default Password from CRM, please read this article and follow the instructions. For us, we host an asp page (aexp4b.asp) in IIS and provide a link in CRM site-map to use "Change Password" feature.

I successfully tested this plug-in on Windows Server 2008R2 64bit Machine.Feel free to use this application. Either leave comment or email me if you want to know further information or give suggestion to me. But, please use it as your own risk :)

Download Link
Plugin Registration Tool (CRM 2011 SDK)

Reference:

Wednesday, April 6, 2011

XrmVisioER: CRM/xRM 2011 ER Diagram Generator

It's been a quite while I haven't keep in touch with Dynamics CRM and my XRM Notebook. I was been assigned to do research on Windows Communication Foundation (WCF) and Microsoft Enterprise Library (EntLib) to implement code generator for our new project.

Today, I am very happy to announce that I have successfully updated my "XrmVisioER Diagram Generator" for Microsoft Dynamics CRM 2011. Features will be the same as previous version of my "XrmVisioER Diagram Generator". Below is the screen shot for reference:


Feel free to use this application. Either leave comment or email me if you want to know further information or give suggestion to me.

System Requirements:
  • .NET Framework 4.0
  • Microsoft Visio 2010
  • Windows Identity Foundation (Both Client and Server)
Caution: For those who got application crash message, please install "Windows Identity Foundation" in your Client Computer and CRM 2011 Server. (Updated: 19/04/2011)

Download Link:
XrmVisioER: CRM/xRM 2011 ER Diagram Generator (Application)
XrmVisioER: CRM/xRM 2011 ER Diagram Generator (Source Code)

Reference:
XrmVisioER: CRM/xRM ER Diagram Generator Revised Version (MS CRM 4.0)

Monday, February 21, 2011

SoapException: 0x80040204 Invalid user auth. Platform (Multi-tenancy)

Last week, one of my colleagues faced a very strange issue. Only four users out of two hundreds got below errors on one of his extension page module. (He was using Active Directory authentication type and Multi-tenancy deployment in his program.)

SoapException:
0x80040204
Invalid user auth.
Platform

Exception: The request failed with HTTP status 401:
Unauthorized.App_Web_z6j-hbn7Void Create()

I tried to help him trace error on various scenarios. Checking in program code, logic and credential shows no issue. When I hard-code user's credential in his program, application worked perfectly. But, when I key-in this credential through log-in screen, the error came out.

We also noticed some strange behaviors in this CRM deployment.
  1. CrmService could not return current user id through WhoAmI query. 
  2. When I log-in with those users' credentials, CRM loader page was redirected to another organization which was not a correct default organization we specified in Deployment Manager. 
  3. Although we tried to specified default organization again and again, it was always redirected to the wrong one.

After careful analysis, we found that those CRM users belong to more than one organizations, and some organizations in this deployment have been imported multiple times through Deployment Manager. I used CrmImpersonator in his code, and found that program returned wrong user id. Please refer to below error message.

Exception type: CrmObjectNotFoundException
Exception message: systemuser With Id = [Guid] Does Not Exist

I decided to look for more information in MSCRM_CONFIG database and found following useful information:


  1. Default Organization in stored in Deployment table
  2. Crm User ID is stored in SystemUser table
  3. Default Organization for Crm User is stored in SystemUserOrganizations table
In our case, organization id for those users in SystemUserOrganizations was pointed to another organization id. After updating organization id with default organization one, program worked perfectly. May be it is an another unsupported way to solve the issue :)

DECLARE @DefaultOrgID UNIQUEIDENTIFIER
, @CrmUserID UNIQUEIDENTIFIER

-- Your CRM User Id, Specified in your CRM Organization
SET @CrmUserID = 'D06DDFBC-0DB7-DF11-8756-000C2956F0A0'

SELECT @DefaultOrgID = DefaultOrganizationId
FROM Deployment

UPDATE SystemUser
SET DefaultOrganizationId = @DefaultOrgID
FROM (SELECT UserId
  FROM SystemUserOrganizations 
  WHERE CrmUserId = @CrmUserId) AS U
WHERE SystemUser.Id = U.UserId

Reference:
Why is the default organization does not change when we modify the Deployment Manager?

Saturday, January 8, 2011

Managing Active Directory User Accounts from CRM

One of the most frequently requested features from our customers is maintaining AD User accounts directly from CRM without using Active Directory Console. I know it can be done because I found somebody did that kind of work for CRM 3.0 before.

After thinking through all scenarios thoroughly, I found a way to implement it by triggering plug-in in CRM's User Profile. Below is the list of steps that my plug-in works for AD integration:
  1. Enquiry "Domain User Name" in Active Directory when User Profile is saved (pre-create) in CRM
  2. If plug-in cannot find user in AD, it will automatically create an account based on saving profile's data
  3. If user already exists in AD, it will skip the account creation steps
  4. Once User Profile is saved, MS CRM will automatically add ReportingGroup and UserGroup to specific AD user account (This is a feature of CRM)
You may need to provide following configuration settings to run plug-in successfully
  1. Default Password for all users
  2. DNS Name (or) IP Address
  3. Admin User Account which has permission to create user account in Active Directory
  4. Admin User Password
  5. LDAP Path (Optional, provide it if you want to create CRM user under specific OU)
For easier management, we create an OU to put all CRM's AD user accounts in one location. We also create one admin account to manage that OU for user accounts creations. If you want to allow users to change their Default Password from CRM, please read this article and follow the instructions. For us, we host an asp page (aexp4b.asp) in IIS and provide a link in CRM site-map to use "Change Password" feature.

I successfully tested this plug-in on following AD Domain Controllers
  • Win 2K Server with SP4,
  • Win 2K3 Server
  • Win 2K8 Server
Feel free to use this application. Either leave comment or email me if you want to know further information or give suggestion to me. But, please use it as your own risk :)

Download Link

Please refer below link to download PSXrmDevLib.dll for both 32-bit and 64-bit platform
PSXrmDevLib [32-bit]
PSXrmDevLib [64-bit]

Reference:
Using System.DirectoryServices.AccountManagement
CRM: Creating System user without going to AD to create AD user beforehand

I'm back in 2011

Dear all,

Happy New Year. I have been very busy with my work and family matters in past few months. I didn't have enough time to update my blog and to reply some of your emails. Please do accept my apology.

To be honest, there are TWO main reasons that made me keep silent in past few months.
  1. Microsoft is going to release CRM 2011 very soon and there is no point for me to write about old versions in my blog.
  2. Lack of motivation factors, I feel like my blog is not interactive enough and I doubt that my contribution will helpful for community.
But, anyway, I am back now. I believe, I still have a few more things to share with you all for my XRM application development experience. And, I hope my two cents of contribution will still be useful for our XRM development community. Please forgive me and welcome me back. Thanks!

Best Regards,
Thuta