Authentication when you are adding a new user to CRM, or a user to a new Organization in CRM
We have seen a couple of errors such as:
"The specified Active Directory user already exists as a CRM user"
"You are attempting to create a user with a domain logon that is already used by another user. Select another domain logon and try again."
When the user which you are trying to add is not an existing CRM user, or not an existing CRM user in the Organization you are trying to add to.
If you see this type of error, please log a case with the Support team and we will be looking at the following stored procedure and database tables to rectify the issue.
N.B. Please do not make direct database modifications, as this is unsupported.
The stored procedure explained:
There are 3 tables that the stored procedure p_GetCrmUserId checks to authenticate the user from the Domain\LoginName provided.
We will assume that the Admin user is logged in to CRM and adding a new user.
set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
ALTER procedure [dbo].[p_GetCrmUserId] (@OrganizationId uniqueidentifier, @AuthInfo nvarchar(128)) as
The parameters passed are the OrganizationId(of the database the Admin user is currently logged into) and the AuthInfo(the ObjectSID from AD of the user you are trying to add W:S-x-x-xx-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxx)
set nocount on
select suo.CrmUserId as CrmUserId
from SystemUserOrganizations suo
join SystemUserAuthentication sua on (suo.UserId = sua.UserId)
From the MSCRM_CONFIG database a join is made on the UserId column:
SystemUserAuthentication table UserId column
SystemUserOrganization table UserId column
where sua.AuthInfo = @AuthInfo and suo.OrganizationId = @OrganizationId
The ObjectSID is matched with the value in the AuthInfo column in SystemUserAuthentication table and the OrganizationId of the organization the Admin User is logged in to is matched with the value in the OrganizationId column of the SystemUserOrganization table.
and suo.IsDeleted = 0
and sua.IsDeleted = 0
Confirm the IsDeleted value is not ‘1’ (or ‘True’)in either SystemUserAuthentication or SystemUserOrganization table.
A graphical representation of how the 3 tables correspond to one another, AD and CRM:
There will only ever be one row in this table for a user.
There will be one row in this table for EACH Organization the user belongs to
There will be one row in this table in EACH ORG_MSCRM database for each Organization the user belongs to.
Note the DomainName\Login from the above table corresponds to the user we are trying to add in CRM:
Senior Support Engineer