2

I've been tasked with identifying the needs and lab-simulating a hosted Dynamics CRM 2011 multi-tenant solution. I've read through the 'Service Provider Planning and Deployment Guide', however I'm stuck on one key part and can't seem to find the relevant information anywhere.

I've never had to structure AD for multi-tenancy before, and am unsure how to proceed. The Guide listed above says:

"Hosted Microsoft Dynamics CRM must be deployed within an Active Directory platform that has been configured for multi-tenancy. However, this guide does not provide directions for implementing multi-tenancy within Active Directory."

Can anyone point me in the right direction for a few examples or some documentation on how to proceed?

Arun Vinoth - MVP
  • 314
  • 1
  • 3
  • 15
JohnThePro
  • 2,595
  • 14
  • 23
  • Do you really want to build a SAS-environment or do you simply need multiple organizations? – ccellar Feb 08 '12 at 05:59
  • The endgame is a SaaS offering on Amazon (or other provider as of yet undetermined). We do not plan on offering any OTHER products besides CRM in this solution. Speaking to the infrastructure, I'm prepared to make the clusters, do the NLB, etc. But before I can get there, I've got to see what an AD for a solution like this looks like. – JohnThePro Feb 08 '12 at 15:29
  • I've found an [overview for SharePoint](http://ajay555.wordpress.com/2010/10/23/sharepoint-2010-for-hosting-service-providers-multi-tenant-configuration-and-management-made-easy/) which is similar.. It's not so much a technical configuration of AD as it is methodology and security. – Chris S Feb 08 '12 at 15:51
  • Great read, and I actually do have a copy of that graphic showing the AD hierarchy (about halfway down the page). I'm just unsure whether or not that kind of structure will actually work (and work securely, as the endgame data will be financial) for a CRM deployment. I find all kinds of articles regarding multi-tenancy in SP and Exchange, but the Dynamics CRM side of things is much more elusive. – JohnThePro Feb 08 '12 at 15:53

1 Answers1

1

The answer to this is very simple. CRM 2011 in a multi-tenant configuration allows users to see each other in the directory, regardless of their OU container. Given my reason for AD separation was to prevent users in organizations from seeing each other, this is no longer a factor.

A simple, yet effective AD structure that is viable for hosting CRM 2011 is as such:

domain.local

  • Domain Controllers
  • Users
  • CRM
  • CUSTOMERS
    • Customer A
    • Customer B

This structure allows you to specify where the CRM Security Groups will be created (CRM OU) and when you provision users to different organizations, you can keep them organized by creating the customers OU.

JohnThePro
  • 2,595
  • 14
  • 23