Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / AD-synced Users missin...
Customer experience | Sales, Customer Insights,...
Answered

AD-synced Users missing for CRM-assignment

(0) ShareShare
ReportReport
Posted on by mobileX 1,275

Hello,
managing CRM Online users seems a bit weird to me. We are doing first steps with CRM Online in order to get familiar with it. I have created a sandbox CRM organization, have assigned Dynamics 365 Customer Engagement Plan license to a handful of my AD-synced users in Office Portal.

Then I moved over to my CRM organization and started to search for my users in order to assign them certain roles. While doing so I figured out that in the list of users in CRM I see lots of # something "users" plus several of my AD-synced users. But the list of my AD-synced users isn't the same as the one of the uses I assigned a Dynamics 365 Customer Engagement Plan license. Several of my licensed CRM users show up in the list, but also several others, and beside, some of my licensed users do not show up in that list. I thought I might need to add them to the team, there seems to be created a team named the same as my organization. But in that team all the users form the previous list are in, but again I am missing the other users which have al license but do not show up. When I attempt to add an user here, it does not allow me to chose from the Office 365 Active users list, instead I could add a new user. But that would be a Azure AD user, and not one of my existing AD-synced users.
Can anybody explain to me how this team members got into that team, and why I cannot add users to CRM form the list of available AD-synced users?
I am pretty confused. What is the right way to add a CRM-licensed user as a regular user into a CRM online organization? And what can be the reason,membership of what, so that several AD-synced users, which are not CRM-licensed show up in that list and team, while other don't? I don't get the reason for this, what the link is for having users in the list of users I can add to CRM.

kind regards,
Dieter

  • mobileX Profile Picture
    mobileX 1,275 on at
    RE: AD-synced Users missing for CRM-assignment

    You are absolutely right, these users show up because of other related licenses. And my users whom I missed, also did appear after a few minutes, sync-time.

  • Suggested answer
    PerezAguiar Profile Picture
    PerezAguiar on at
    RE: AD-synced Users missing for CRM-assignment

    hey!

    Let me try to address all the situations there.

    a. You're going to see a lot of "# Users" like "[tag:CDSUserManagement]" "#DataLakeStorage".  Those users are System Accounts, they're documented on docs.microsoft.com/.../system-application-users and you're going to see that in most cases their access is "non-interactive" (they can't login).

    b. IN order for a "regular" user to appear (and Login), certain conditions must be met (in this particular order):

    1. User must exist in AzureAD/O365 portal.
    2. User must be Enabled (Disabled users or users with login prevented will not synchronize)
    3. User must have a valid license.  Valid license might be for example Dynamics 365 licenses but there are also other set of licenses that provide access to the Dataverse (the layer underneath Dynamics). For example PowerApps per user, PowerAutomate Free (A license intended for automation).  Even Office 365 provides a "Common Data Service" App license that allows user data to be synchronized.  Please note that users with O365 licenses are not automatically provisioned. They can be Manually synchronized or forced using workflows.
    4. If there's a security group on the Environment, user must be part of the security group.  Global Admins are an exception to this, as they're considered "Domain administrators" and can bypass this particular enforcement.
    5. If there's a Plugin/Workflow that runs on the SystemUsers or Roles tables, user should be granted the right permissions. For example, a plugin/workflow that might be updating the SystemUser on Creation, to populate Manager, Location or any other field. IF this plugin/workflow fails, the user could be prevented from login in.
    6. Up to this point, the user will show up on the environment (Data is synchronized).  In order to allow login, user should also get a Security role, either directly or from a team.

    On this link docs.microsoft.com/.../troubleshooting-user-needs-read-write-access-organization you have a nice troubleshooting on how to verify user synchronization and login. Licensing, etc.  It makes reference to running a Diagnose on the PowerPlatform Admin Center, Forcing the user sync (either adding each user manually on PowerPlatformAdmin center or by using a PowerAutomate template).

    Finally, if you still face any issue with users not showing on the instance or being prevented from login, you should open a support request to Microsoft so they can verify what's going on on the backend.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,214 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans