Sunday, July 12, 2009

Cannot add users in CRM 4.0 organization

In a CRM 4.0 multi-tenancy environment I recently experienced problems when trying to add new users to one of the organizations. The error message was pretty non-informative – just a error dialog telling that: ”An error has occurred”.

As I experienced this in the test environment, I had no thought on turning on the CRM Server Trace. After some digging on the trace files I found another pretty unusable error message. This time stating that:

DirectoryServicesCOMException: The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)

Thus, I had to do some thinking in what the cause could be. I came to realize, that the user I was trying to add belonged to a different domain than the CRM server. So I tried adding a user from the same domain, which succeeded without any problems. However, I had already added users from that other domain implying that a complete lag of permission was not the issue here.

The next thing i remembered was that the users I was trying to add actually was already added as user in another organization on that same CRM server. Could it be, that this had to do with limited permissions that prohibited CRM from re-adding the CRM AD-groups to users in that other domain. When installing CRM I read an article on the minimum required permission for doing the installation (http://support.microsoft.com/kb/946677). It contains a section on Auto Group Management  - should CRM added AD groups to users automatically. I found out that Auto Group Management can be turned off by a registry key:

HKLM\Software\Microsoft\MSCRM\AutoGroupManagementOff

When setting this DWORD regkey to 1 and trying to create the users again, the operation succeeded..

AddThis