Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics GP (Archived) / Adding AD Group to Web...
Microsoft Dynamics GP (Archived)

Adding AD Group to Web Client/Tenant Users

(0) ShareShare
ReportReport
Posted on by Jothi Krishnan N 1,865

Hi,

I have the GP Web client installed with Multi tenant configuration. I've added our AD users group to the WebClient users list during the Web Components installation and also added the same group under the Tenant Users list as well and it's "Active". Now, if an user part of that AD group try to access GP web client, it throws an error saying "You are not allowed to use Microsoft Dynamics GP". But, if I add the user directly to Tenant Users list, it just works fine. I'm not sure if it is a bug or limitation or am I missing any step to add the AD Users group to the Tenant Users list.

Any help would be greatly appreciated.

Web Management Console >> Exceptions:

Access Denied: this user is not authorized to access the service

 

Event Viewer Log:

User Name: ****
Correlation ID: 89b84b3e-2241-44e7-8065-064998a4cbaf
System.Web.HttpException (0x80004005): The user is not assigned to any tenants. ---> System.ServiceModel.FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.

System.ServiceModel.FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.

Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Dynamics.MultitenantServices.ServicesInterface.ITenantDiscoveryService.GetActiveTenantList(String identity, Boolean returnActiveOnly)
at Microsoft.Dynamics.GP.Web.Services.Session.TenantServiceHandler.GetTenantList(String identity, Boolean onlyActive)
at Microsoft.Dynamics.GP.Web.Services.Session.Service.SessionCentralService.GetTenantList(String identity, Boolean onlyActive)

Version : GP 2015 R2

Thanks,

Jothikrishnan

*This post is locked for comments

  • Verified answer
    Jothi Krishnan N Profile Picture
    Jothi Krishnan N 1,865 on at
    RE: Adding AD Group to Web Client/Tenant Users

    Thank you for the response, John.

    My problem is resolved. Not sure which one of these are the root cause. We were using the default domain users group that comes with AD called "<DomainName>\Domain Users" itself for Tenant users and it was also part of another group called "Users" ( per our IT dept), but was not working.

    Tried another domain group called "TSUsers" which was created by IT and NOT part of any other groups and it worked.

  • Suggested answer
    John Lowther Profile Picture
    John Lowther 5,122 on at
    RE: Adding AD Group to Web Client/Tenant Users

    I believe that when you add the users to the tenant you should do it for each user. That way you can make them an administrator or not, of that specific tenant. While they still have to a member of web client user group in AD.

    Let me know how it goes,

  • Jothi Krishnan N Profile Picture
    Jothi Krishnan N 1,865 on at
    RE: Adding AD Group to Web Client/Tenant Users

    Thanks Ian. I did include the Domain Users group in the Web Client Users group but is not working unless I add them individually to the Tenant. So it seems it's more of Tenant service issue that it is not recognizing the user. It just throws the error "The user is not assigned to any tenants" even though I've added the Domain group to the Tenant Users list.

  • Suggested answer
    Ian Grieve Profile Picture
    Ian Grieve 22,782 on at
    RE: Adding AD Group to Web Client/Tenant Users

    I believe users need to be in the Web Client Users group and also in a specific tenants group as well.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,235 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans