We have a newly set up Dynamics 365 on-premise environment installed. What is the best practice around deployment managers? Do we just use the service account that we installed CRM as the only deployment manager or do we add individuals as deployment managers then have to manage this as people come and go? Can we add a group in the deployment manager then manage that group?
What do others do?
Deployment manager access should be restricted users instead of multiple users. Deployment manager USER can do following activities-
- Import and export organization.
- Rollup update or upgrade dynamics CRM.
- Check licencing.
- Maintain servers list ,name like backend , DB etc.
- Change dynamics CRM url.
- Repairing Dynamics CRM instance.
- Start/Stop Dynamics CRM services.
Now I believe you underatand which user you should give Deployment Manager access.
I understand what the role does. The team that will be doing this activity is wanting to keep the service account as the deployment manager and manage the password to that account instead of putting individuals as deployment managers. I am wondering what others do and what is best practice. The team already has process and procedure around the management of service account passwords. They don't want to create a new process for managing users assigned as deployment mangers. I have no argument either way, I was wondering what others do and why.
In that case I would not recommend all users share service account user to access deployment manager .
You should add those user in the deployment manager who do such kind of activity instead of giving service account credentials.
I am saying as service account user credentials do vital role in terms of administrative task so not to share this user credentials to everybody. Instead you can create one common admin user and add in the deployment manager. Share this user credentials to the team.
Strongly agree with the idea of using individual users rather than sharing the service account (or any account, for that matter). If you have a shared account, you cannot easily track who does what in the event of changes, and you cannot remove people without changing the password for everyone. And if it's the service account, that password change will always need to be done for the services, etc...
Thank you I have passed this information on, I appreciate the input.
Business Applications communities