Microsoft CRM 2011 Application Install with pre-created AD Groups

We are going to look at installing Microsoft CRM 2011 in a corporate environment with the Active Directory groups pre-created.

Software components required:

Microsoft CRM Server installation: CRM2011-Server-ENU-amd64.exe

Report Authoring Extension install: CRM2011-Bids-ENU-i386.exe

SharePoint 2010 integration: CRM2011-SharePointList-ENU-amd64.exe

90 day trial license for Microsoft CRM 2011: MQM2H-JYYRB-RRD6J-8WBBC-CVBD3

These can be downloaded from Microsoft Site

Start with the CRM2011-Server-ENU-amd64.exe file. This will prompt for a folder to extract the compressed files to. Once the files have been extracted, navigate to the folder and locate the setupserver.exe file. This is the actual Microsoft CRM installation file. Navigate to the appropriate folder in command prompt and type the following command:

D:\install\CRM2011Setup>setupserver /config d:\install\crminstall.xml

This assumes that I have extracted my files in the ‘CRM2011Setup’ folder under the ‘install’ folder on the ‘D:’ drive of my App server – replace as appropriate. This also assumes that I am passing a config.xml file stored in the ‘install’ folder on the ‘D:’ drive of the app server. The contents of the xml file is as follows:

The XML file:

<CRMSetup>

<Server>

<Groups AutoGroupManagementOff=”true”>

<PrivUserGroup>CN=PrivUserGroupDev,OU=Corporate Groups,OU=Users &amp; Groups,DC=ad,DC=AniMandal,DC=com </PrivUserGroup>

<SQLAccessGroup>CN=SQLAccessGroupDev,OU=Corporate Groups,OU=Users &amp; Groups,DC=ad,DC=AniMandal,DC=com</SQLAccessGroup>

<ReportingGroup>CN=ReportingGroupDev,OU=Corporate Groups,OU=Users &amp; Groups,DC=ad,DC=AniMandal,DC=com</ReportingGroup>

<PrivReportingGroup>CN=PrivReportingGroupDev,OU=Corporate Groups,OU=Users &amp; Groups,DC=ad,DC=AniMandal,DC=com</PrivReportingGroup>

</Groups>

</Server>

</CRMSetup>

The key thing to note regarding this config file are the following:

  • AutoGroupManagementOff is set to true, so all users have to manually added to the security groups and the groups themselves have to be manual pre-created. If this is set to False or this line is missing from the config.xml file then Microsoft CRM 2011 will try to create the groups and assign users on its own. This is an issue if you, the installing user do not have domain admin rights.
  • The groups themselves need to be pre-created. So once the four groups – PrivUserGroup, SQLAccessGroup, ReportingGroup and PrivReportingGroup have been created, the location of the groups in AD needs to be specified and that what the tags in the <Groups> specify. The generic format is

    <PrivUserGroup>CN=PrivUserGroup, OU=Company Name, OU=Company Name, DC=<domain>, DC=<domain_extension></PrivUserGroup>

    The example above resolves to AniMandal.com\Users & Groups \ Corporate groups – notice the escape amp; character for the & in the xml file. Using & in xml without an escape character will break the xml file.

Of couse there are many more tags you can include in the XML file in order to do a completely silent install, but right now we are interested in only passing the pre-created groups and we will enter all other details as and when we get prompted for it.

So, if the XMl file parses correctly, we get the following screen:


Enter an option and click next.

The Product Key page comes up next:


Enter your Microsoft Dynamics License Key and press next. The product key above is the trial license key and has been called out accordingly. Press next to get the License agreement page:


Read the license agreement and check the license agreement acceptance checkbox and press “I Accept” to get the next screen.


This is the pre-requisite component validation page where CRM checks if the pre-requisite software is installed or not. If you r server has an internet connection is can download from the internet, then you are in luck, simply click ‘Install’ and CRM 2011 will download the components from the Microsoft site and install them. If your server has no or severely limited internet access, then you will have to search for, download and install the components yourself on the App server before you can proceed with the install. Click next once you have all green.


Enter the location where CRM2011 will be installed. Click Next.


Enter the SQL Server that you will be using for the Database. Use SQLserver\instance if you are using SQL instances. Click Next:


Specify the service account on this page. Though you can get away with entering “Network” service as the service account for each of the services, it really is a good idea to have your IT admin group create separate service accounts. Remember you will need not only the service accounts, but also the passwords.

Enter the Service Account Ids and Passwords. The accounts must be entered as domain\accountname. Click Next:


Select the website for CRM2011. You can either go with the default website or select a Port Number. You can input a DNS hostname on the IIS server once the installation is complete. Click Next:


This is for specifying the Email Router Server – this step can be left blank for now. But you should decide whether you want to manage email through Outlook or by using the Email Router. Click Next:


Enter the Organization Name, for eg, AniMandal. The Database name will default to the organization (after stripping out the spaces). You can however choose a completely different name for the Database. Whatever database name you choose, the actual database will be created as DBName_MSCRM (if you have entered the database name as DBName). Enter the base currency – this cannot be changed later. Click Next:


Specify the reporting server name. As pointed out give the path to the Report server URL and not the Report Manager URL. Click Next:


Click Next:


Choose an option and click Next:


If there are any errors they will show up here. You cannot proceed till all errors have been resolved – you can however proceed with warnings. Click Next:


Click Next:


You will get a summary page. Click Next:


The installation progress page. Wait for the process to complete:


Congratulations – CRM2011 Application has been successfully installed. The next step will be to go to the website url and launch CRM 2011!

Note:

This just installs the CRM App Server. There are few other components to be installed:

  • Reporting Extensions – without this extension reports will not execute
  • Report Authoring Extension – to support fetch based reports
  • SharePoint – if you want to integrate CRM2011 and SharePoint

AniMandal

Find me on Microsoft Forum: http://social.microsoft.com/profile/animandal/

About these ads
This entry was posted in CRM2011. Bookmark the permalink.

15 Responses to Microsoft CRM 2011 Application Install with pre-created AD Groups

  1. Hosk says:

    excellent blog post. I particularly like all the screen shots.

    Thanks for taking the time to blog this, it has been a great a help.

  2. Pingback: CRM 2011 – Upgradinginstalling CRM 2011 « Hosk's Dynamic CRM 2011 Blog

  3. Pingback: CRM 2011 – Upgradinginstalling CRM 2011 - Hosk's Dynamic CRM 2011 Blog - CRM Technical Blogs - Microsoft Dynamics Community

  4. Great post!. Thanks for sharing.
    As a question, I am not sure about the AutoGroupManagementOff attribute.
    According to official documentation:
    “If automatic group member management is turned off, Setup will not
    add or remove any members to the security groups. An Active
    Directory administrator must manually manage the membership of
    these groups for users to be able to run the application and must
    continue to do so as users are added and removed from Microsoft
    Dynamics CRM.
    • If automatic group member management is turned on, the application
    will manage membership of the groups.”

    I guess that if Off=True then, for each user new user to CRM, a domain admin has to manually add it to the groups. Am I right?
    I need to use pre-created groups but dont want a domain admin to always have to manually add users, make sense?

    Thanks.
    PP

    • animandal says:

      Hi Pablo

      AutoGroupManagementOff is an attribute that is available only while installing or repairing MS CRM, only if you use the configuration xml file. This option was given to ensure that AD administrators are able to control, manage and audit users having access to corporate data.

      What you can do, is simple leave this attribute off the config xml, or set it to False, so that CRM continues to perform AutoGroupManagement, and include the pre created group names in the config file. This will cause CRM to utilize the pre-created groups, but omission or (AutoGroupManagemetOff = False) will cause MS CRM to manage the group automatically and hence the admin will not have to add the users manually. But you need to make sure the user installing MS CRM has domain admin rights.

      Will suggest you study the config file and the various settings available in the installation guide.

      Thanks and Regards
      AniMandal

  5. Didier says:

    Hi Ani,
    Do the pre-created ad groups have to conform to the MS naming or can these be given other “corporate approved” names?
    Eg.: PrivUserGroup being named X003AD…
    Our customer a reserve bank doens’t allow for automatic group creation or group naming…
    Thanks for your input.
    Regards,
    :~Didier

    • animandal says:

      Hi Didier

      You can use the approved naming convention for the bank. There is no restriction on how you name the AD group or what the path is, as long as you the groups pre-created and the groups are mentioned within the XML tags with the correct path.

      This is the only way to install CRM in a corporate environment, where the CRM installation user doesn’t have domain admin rights.
      Thanks and Regards
      Ani

      • Didier says:

        Hi Animandal,

        So would the flowwing syntax be proper? using the CN (common name) to provide the corporate approved name, eg: X003AD

        CN=X003AD,OU=Corporate Groups,OU=Users & Groups,DC=ad,DC=AniMandal,DC=com …
        Or is it the tags, eg: , that have to be modified? if that’s the case how will the application recognize the groups?

        Thank you for your input.
        Great blog too, keep the good work dude!

        Regards,
        :~Didier

      • animandal says:

        Hi Didier

        The tags should not be modified, as that’s how MS CRM would recognize the group. So, for example, indicates the information given in this tag refers to the Priv User Group. Within this tag you then need to specify your AD group and the path to the group.

        For information on installing using the command prompt please see this link: http://technet.microsoft.com/en-us/library/hh699703.aspx

        and see this link for details on the XML configuration: http://technet.microsoft.com/en-us/library/hh699720.aspx

        Thanks and Regards
        -Ani

  6. I desired to present this specific posting, “Microsoft CRM 2011
    Application Install with pre-created AD Groups | xrmadventures”
    along with my own pals on facebook itself. I personallysimply just sought
    to disperse your terrific writing! With
    thanks, Angeles

  7. Dani says:

    Hmm it looks like your site ate my first comment (it was super long) so
    I guess I’ll just sum it up what I submitted and say, I’m thoroughly enjoying your blog.
    I too am an aspiring blog writer but I’m still new to the whole thing. Do you have any tips and hints for beginner blog writers? I’d genuinely appreciate it.

  8. I was wondering if you ever considered changing the page layout of
    your site? Its very well written; I love what youve got to say.
    But maybe you could a little more in the way of content so people could connect with it better.

    Youve got an awful lot of text for only having one
    or two pictures. Maybe you could space it out better?

  9. Jed says:

    Aw, this was an incredibly nice post. Taking a few minutes and actual effort to create a top
    notch article… but what can I say… I procrastinate a lot and never
    seem to get anything done.

  10. James says:

    Hello there, just became aware of your blog through Google, and found that it’s truly informative. I am gonna watch out for brussels. I’ll appreciate if you continue this in future.
    Numerous people will be benefited from your writing. Cheers!

  11. Pingback: Microsoft CRM 2011 Application Install with pre-created Active Directory Groups | Sivaram0808

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s