Saturday, January 8, 2011

Managing Active Directory User Accounts from CRM

One of the most frequently requested features from our customers is maintaining AD User accounts directly from CRM without using Active Directory Console. I know it can be done because I found somebody did that kind of work for CRM 3.0 before.

After thinking through all scenarios thoroughly, I found a way to implement it by triggering plug-in in CRM's User Profile. Below is the list of steps that my plug-in works for AD integration:
  1. Enquiry "Domain User Name" in Active Directory when User Profile is saved (pre-create) in CRM
  2. If plug-in cannot find user in AD, it will automatically create an account based on saving profile's data
  3. If user already exists in AD, it will skip the account creation steps
  4. Once User Profile is saved, MS CRM will automatically add ReportingGroup and UserGroup to specific AD user account (This is a feature of CRM)
You may need to provide following configuration settings to run plug-in successfully
  1. Default Password for all users
  2. DNS Name (or) IP Address
  3. Admin User Account which has permission to create user account in Active Directory
  4. Admin User Password
  5. LDAP Path (Optional, provide it if you want to create CRM user under specific OU)
For easier management, we create an OU to put all CRM's AD user accounts in one location. We also create one admin account to manage that OU for user accounts creations. If you want to allow users to change their Default Password from CRM, please read this article and follow the instructions. For us, we host an asp page (aexp4b.asp) in IIS and provide a link in CRM site-map to use "Change Password" feature.

I successfully tested this plug-in on following AD Domain Controllers
  • Win 2K Server with SP4,
  • Win 2K3 Server
  • Win 2K8 Server
Feel free to use this application. Either leave comment or email me if you want to know further information or give suggestion to me. But, please use it as your own risk :)

Download Link

Please refer below link to download PSXrmDevLib.dll for both 32-bit and 64-bit platform
PSXrmDevLib [32-bit]
PSXrmDevLib [64-bit]

Using System.DirectoryServices.AccountManagement
CRM: Creating System user without going to AD to create AD user beforehand

No comments:

Post a Comment