Working with multiple Microsoft CRM instances and security roles
Can you have two instances of Microsoft CRM 3.0 on the same domain? If so, how should this be implemented? Also, how does this affect the user roles on the separate instances? Will a user setup as "System Admin" on CRM1 have the same level of access on CRM2?

    Requires Free Membership to View

    Login

    When you register, you'll begin receiving targeted emails from my team of award-winning editorial writers on the latest customer relationship management (CRM)and call center technology issues today. Our goal is to keep you informed on the hottest issues facing this fast-changing industry.

    Hannah Smalltree, Editorial Director

    By submitting your registration information to SearchCRM.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchCRM.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

You can have two instances of Microsoft CRM 3.0 on the same domain. Security roles in earlier versions of Microsoft CRM were implemented in Active Directory. However, in version 3.0, security roles are stored in the Microsoft CRM database and you can configure the same user with different security roles in each instance. While Microsoft CRM 3.0 leverages Active Security to validate a user's credentials when the user logs into the application, access to specific functionality in the application is controlled by security roles which are native to Microsoft CRM database.

The Microsoft CRM 3.0 setup does create four groups in Active Directory to store information about the users and computers included in a Microsoft CRM instance. These groups are called:

  • UserGroup
  • UserPrivGroup
  • ReportingGroup
  • SQLAccessGroup

    They are used to grant access to various system resources to users and do not control access to application functionality directly the way that security roles do. By default, the Microsoft CRM setup creates these groups in Active Directory and hard-codes their names as listed above. You may choose to use a second set of Active Directory groups for your second Microsoft CRM instance in order to eliminate any concurrency issues between the two instances. You can do that by running the Microsoft CRM setup from the command line and specifying an XML configuration file for the configuration. This XML configuration file allows you to specify different names for the aforementioned Active Directory groups. For more information on installing Microsoft CRM using an XML configuration file, refer to Chapter 19 in the Microsoft CRM 3.0 Implementation Guide.

    Although you can install two instances of Microsoft CRM 3.0 on the same domain, each instance will require its own hardware. If you need to have two separate instances of Microsoft CRM, it may be a better use of your resources to upgrade to Microsoft CRM 4.0, which supports multi-tenancy and allows you to install two instances of Microsoft CRM on the same hardware. This approach will not only limit your hardware investment, but will also simplify maintenance and provide access to some of the great new functionality available in Microsoft CRM 4.0.

    • This was first published in December 2008