Active Directory and network requirements for Microsoft Dynamics CRM 2015
Applies To: Dynamics CRM 2015
Active Directory Domain Services (AD DS) is a feature of the Windows Server operating systems. AD DS provides a directory and security structure for network applications such as Microsoft Dynamics CRM.
As with most applications that rely on a directory service, Microsoft Dynamics CRM has dependencies that are important for operation, such as use of AD DS to store user and group information and to create application security.
Microsoft Dynamics CRM Server should only be installed on a Windows Server that is a domain member. The domain where the server is located must be running in one of the Active Directory domain functional levels listed in the Active Directory modes topic.
Federation and claims-based authentication support
When you configure Microsoft Dynamics CRM for Internet-facing access it requires federated services that support claims-based authentication. We recommend Active Directory Federation Services (AD FS) in Windows Server 2012.
Active Directory Federation Services
Active Directory Federation Services (AD FS) is a highly secure, highly extensible, and Internet-scalable identity access solution that allows organizations to authenticate users from partner organizations. Using AD FS in Microsoft Windows Server, you can simply and very securely grant external users access to your organization’s domain resources. AD FS can also simplify integration between untrusted resources and domain resources within your own organization.
AD FS is available as a server role in Windows Server.
Active Directory Federation Services (AD FS) requires two types of digital certificates:
Claims encryption. claims-based authentication requires identities to provide an encryption certificate for authentication. This certificate should be trusted by the computer where you are installing Microsoft Dynamics CRM Server so it must be located in the local Personal store where the Configure Claims-Based Authentication Wizard is running.
SSL (HTTPS) encryption. The certificates for SSL encryption should be valid for host names similar to org.contoso.com, auth.contoso.com, and dev.contoso.com. To satisfy this requirement you can use a single wildcard certificate (*.contoso.com), a certificate that supports subject alternative names, or individual certificates for each name. Individual certificates for each host name are only valid if you use different servers for each web server role. Multiple IIS bindings, such as a website with two HTTPS or two HTTP bindings, isn’t supported for running Microsoft Dynamics CRM. For more information about the options that are available to you, contact your certification authority service company or your certification authority administrator.
To meet these requirements, your organization should have a public key infrastructure or a contract with a digital certificate provider such as VeriSign, GoDaddy, or Comodo.
Microsoft Dynamics CRM 2015 works with IPv6 either alone or together with IPv4 within environments that have networks where IPv6 is supported.
© 2016 Microsoft Corporation. All rights reserved. Copyright