3

As I said in the title we have to migrate MS Dynamics CRM 4.0 Server and database from our local network, to an external datacenter. This datacenter has different domain and active directory. The first issue we have to solve is AD authentication for users. The ideas we have are:

  • Make a new AD at the datacenter and trust domains.
  • Use ADAM (technet libraries say that CRM does not work with this)
  • Make a copy of the existing AD and move it to the new place.

I would be grateful to everyone who could give any idea.

fotag
  • 105
  • 6
  • if you follow the entire office365 trail you find crm as a future hosted solution that will allow for on premise AD. – tony roth Jan 19 '11 at 03:44

3 Answers3

1

If you are the only user of the MS Dynamics CRM server why does it need to be a part of the providers AD domain?

I would join it to the local domain. But setup a read-only domain controller in the remote datacenter and only copy the users that need access to the CRM.

And I assume you got a vpn connection setup between your offices and the datacenter?

Espennilsen
  • 454
  • 3
  • 8
  • This. A datacenter that runs it's own domain isn't a proper multi-tenanted datacenter. You need to deploy your own DC to the remote site and ensure you're completely firewalled off from the other occupants of this 'datacenter'. If you're unable to isolate, you should be running for the hills (or to a proper DC). – Chris Thorpe Apr 15 '11 at 07:09
0

If using a trust, ensure that you do not trust your provider's domain but that they trust yours.

Gepeto
  • 236
  • 1
  • 5
  • Good point, but it's highly unlikely that the DC will trust your domain either, as they're two seperate entities, and I sure as hell don't want to trust some random companies domain into my datacentre. It's a tricky one... – Mark Henderson Feb 09 '11 at 02:07
0

You don't mention what Windows server OS you are using nor the current level of your local forest or domain so this is just a suggestion based on MSFT best practice.

Setting up a trust requires that the external domain (at the data center) trusts you, like someone above mentioned they will probably not want to do that.

Take a look at Active Directory Federation Services (AD FS) Wiki Link. It was designed to allow two organizations to handle authentication without having to establish physical domain trusts to share user details. This is probably your best bet. Pickup one of the Windows Server 2008 or R2 reference books by William Stanek, its got some good background and instructions on getting it up and running.

Brent

Brent Pabst
  • 6,059
  • 2
  • 23
  • 36