Synchronize user information between Microsoft Dynamics CRM and Active Directory

  • Article

 

Applies To: Dynamics CRM 2013

Microsoft Dynamics CRM 2013 supports two methods for authenticating users:

  • Integrated Windows Authentication 

  • Claims-based authentication

By default, customers who purchase Microsoft Dynamics CRM and deploy it on-premises use Windows Authentication. These customers also can set up claims-based authentication for Internet-facing deployments (IFDs) of the product.

With integrated Windows Authentication, each user record in CRM 2013 must be associated with a user account in Active Directory to enable log on to CRM. When the user records are associated, CRM 2013 automatically reads and stores other information about the user record (including the first and last name, the email address, and the globally unique identifier, or GUID) from the Active Directory directory service.

However, changes to the Active Directory information associated with a specific user can create discrepancies with the information maintained in CRM, thereby preventing the user from accessing CRM. Specifically, if value of the User SamAccountName logon attribute in Active Directory changes for a user, the corresponding user information in CRM 2013 won’t match and the user won’t be able log on to CRM.

To ensure that the user can successfully log on to CRM 2013, you must update the information in the CRM user record so that it matches the detail in Active Directory.

Before you start, be sure to record the value of the User SamAccountName logon attribute for the affected user before updating the corresponding user record in CRM.

Note

For information about synchronizing Microsoft Dynamics CRM Online with Active Directory, see the blog post How to Synchronize CRM Online with your Active Directory.

  1. Make sure you have the System Administrator security role or equivalent permissions in Microsoft Dynamics CRM. 

    Check your security role

    • Follow the steps in View your user profile.

    • Don’t have the correct permissions? Contact your system administrator.

  2. Follow the steps for the app you’re using.

    If using the CRM web application

    1. On the nav bar, click or tap Microsoft Dynamics CRM > Settings.

      Settings appears on the nav bar.

    2. Click or tap Settings > Administration > Users.

    If using CRM for Outlook

    1. In the Navigation Pane, expand your organization if necessary, and then click or tap Settings > System > Administration > Users.

  3. In the list of users, click or tap to select the user record you want to update, and then click or tap Edit.

  4. In the User Name text box, type an Active Directory user name that isn’t used by any CRM user record.

    Important

    If you specify a user name that already exists in Active Directory, CRM will try to map the user to the updated user in Active Directory, and when it locates an existing record with the same GUID, the mapping will fail.

    If all the user accounts in Active Directory are used by CRM user records, create a temporary Active Directory user account.

  5. Save the user record, and then in the User Name text box, type in the User SamAccountName logon value that appears for the user Active Directory, which you recorded prior to starting this procedure.

  6. Click Save and Close.

See Also

Manage security, users and teams
Add or remove territory members

© 2016 Microsoft Corporation. All rights reserved. Copyright