web
You’re offline. This is a read only version of the page.
close
Skip to main content
News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / Security : Disabling A...
Microsoft Dynamics AX (Archived)

Security : Disabling AD Security Groups in AX

(0) ShareShare
ReportReport
Posted on by Sven Peeters Prodware 657

Hi All,

I've discovered an issue with the use of AD Security Groups within AX 2012 R2 (CU9).

Our customer is currently using active directory groups in AX to allow access to it's users.

Because we need a more refined way to define security, we no longer use the ad groups.

So I set the 'enabled' on all these groups to 'false'. Amazingly enough this has no effect at all.

Just to be sure I tried this in a vanilla environment.

Added an AD Group 'Domain Users' and assigned the role 'System Administrator".

Then disabled the AD Group in AX, so you would expect that nobody can access AX except me.

Well, this isn't the case. Any domain user that logs on to the vanilla box has 'System Admin' rights even with the AD group disabled.

So I'm wondering, is this a know issue or am I doing something wrong here?

Couldn't find anything on the net about this ...

Regards,

Sven Peeters

*This post is locked for comments

I have the same question (0)
  • Sven Peeters Prodware Profile Picture
    Sven Peeters Prodware 657 on at
    RE: Security : Disabling AD Security Groups in AX

    Hi Vilmos,

    It's clearly mentioned in the help file (that's where a developer never looks), that the active/inactive field doesn't make any difference in an Active Directory Group record. They are always active. So that explains why ...

  • Vilmos Kintera Profile Picture
    Vilmos Kintera 46,149 on at
    RE: Security : Disabling AD Security Groups in AX

    Occam's razor suggests that they did not bother implementing to disable the field on all the forms where users and groups could be edited in case of an AD group.

  • Sven Peeters Prodware Profile Picture
    Sven Peeters Prodware 657 on at
    RE: Security : Disabling AD Security Groups in AX

    Hi Vilmos,

    Deleting the active directory groups does solve the issue, but that is a bit besides the point no?

    Why have the field 'enabled' visible on Active Directory Groups if you disabling it won't make any difference.

  • Suggested answer
    Vilmos Kintera Profile Picture
    Vilmos Kintera 46,149 on at
    RE: Security : Disabling AD Security Groups in AX

    I have not actually checked if there is a source code behind the import logic or if it is in the kernel, but just disabling it probably has no effect as you have observed, the logic in AX might be just checking if there are any AD groups created.

    Did you try removing the AD group from AX? Already deployed users would remain, but there would be no newly associated users. Wouldn't that resolve your issue? Check this in Dev/Test first.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Dynamics 365 Community Calls Return
Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Responsible AI policies for the Community

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Andrés Arias – Community Spotlight

We are honored to recognize Andrés Arias as our Community Spotlight honoree for…

Congratulations to the August Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Syed Haris Shah Profile Picture

Syed Haris Shah 9

#2
Mea_ Profile Picture

Mea_ 4

#3
Rahul Shah Profile Picture

Rahul Shah 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans