The CRM Deployment Administrator must have permissions to all five Microsoft Dynamics CRM security groups. The specific permissions a deployment administrator must have on the CRM security groups are:
Permissions
Read
Write
Add/Remove self as member
Advanced permissions
List Contents
Read All Properties
Write All Properties
Read Permissions
Modify Permissions
All Validated Writes
Add/Remove self as member
The group will be used to grant the necessary permissions to the Microsoft Dynamics CRM security groups. To do so, use the following steps:
On a domain controller, start the Active Directory Users and Computers management console.
On the View menu, click Advanced Features.
Expand contoso.com.
Select the organization unit containing the CRM Security groups (as defined during the installation of the first CRM server), The listing pane should display the following CRM security groups:
PrivReportingGroup {�}
PrivUserGroup {�}
ReportingGroup {...}
SQLAccessGroup {�}
Note
In the previous list, the {...} represents the globally unique identifier (GUID) following the group name. The GUID will be unique in every deployment. A representative example group name could be ReportingGroup {4efba72a-232f-44ec-9d95-155eb6ffb1be}.
Right-click the PrivReportingGroup security group and then click Properties.
In the Properties dialog box, select the Security tab, and in the Group or user names list, click Add.
In the Enter the object name to select text box, type CRMDG01Admins, click the Check Names button, and then click OK.
With the CRMDG01Admins group selected, click to select the Allow check box for the Write permission. This action causes the system to select automatically the Add/Remove self as member check box.
Note
By default, the Allow check box is selected for the Read permission.
Click Advanced.
In the Permission list, select the CRMDG01Admins group, and then click Edit.
Click to select the Allow check box for the Modify Permissions permission.
Note
By default, the Allow check box is selected for the following permissions:
List Contents
List Object
Read All Properties
Write All Properties
Read Permissions
All Validated Writes
Add/Remove self as member
Click OK three times.
Repeat the steps in this procedure to grant the CRMDG01Admins permissions to modify the PrivUserGroup, ReportingGroup, and SQLAccessGroup security groups.
