web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Multiple Users Losing ...
Microsoft Dynamics 365 | Integration, Dataverse...
Answered

Multiple Users Losing Security Roles due to expiration AD Account

(0) ShareShare
ReportReport
Posted on by Community Member

Hello,

I am a Junior Profile in the CRM Domain, Thanks in advance or the directions and help

I am facing an issue with some users (8 users) that cannot access CRM as of 13 Jan because they lost their security Roles,

After checking we found that all these users had their accounts on AD expired.

I wanted to know if this is the cause or it's not related,

Also i it's the cause what is the Trigger in CRM, Is there like a Process that detects if the Users Account on AD is expired and removes the roles ?

Thank you,

Nabil

I have the same question (0)
  • Community Member Profile Picture
    Community Member on at

    Hi Nabil Louardi,

    A quick question: Are those Users' type Guest?

  • Suggested answer
    Bipin D365 Profile Picture
    Bipin D365 28,983 Moderator on at

    Hello,

    Are you using On-premise version of Dynamics CRM?

    Have you tried checking Audit history of the user whose roles are remove to know which account has been used to remove roles?

    I know a background job runs in CRM online which check for the user license in Azure AD and if licese is remove from the user then User status will be marked as disabled in dynamics crm but this is not applicable for CRM On-premise version.

    Please mark my answer verified if this is helpful!

    Regards,

    Bipin Kumar

    Follow my Blog: xrmdynamicscrm.wordpress.com/

  • Suggested answer
    Community Member Profile Picture
    Community Member on at

    Thanks Steve and Kumar for the feedbacks,

     Bipin Kumar We use On Premise Version, if i'm not mistaking the same behavior exist in CRM on Premise --> If the user's account is expired in AD that means that it's deactivated in CRM, in other words it loses roles too

    For the Solution, we found Out that someone has hanged a Parent Division in PROD without telling anyone, which made the users attached to it lose their roles, now roles have to be re-assigned

    Could a Mod mark this as answered, as I'm not able from my side, Thanks,

    Regards,

    Nabil

  • Verified answer
    PhilipK Profile Picture
    PhilipK 613 on at

    Hi Nabil.

    On-premise has no active(on schedule) "syncing" with Active directory, it does however query AD for a user when it's added to the organization, but after that it does not keep track of the state of the user in AD e.g. Disabled or change of other properties.
    Security Roles in CRM is related to Business Unit(I assume that what you was referring to with "Divisions") and if a user changes business unit the enabled security roles are reset, hence needs to be set for those under that Business Unit.

    In D365 Online however there is an active sync between AD and the users that would either be enabled(licensed and if used, a member of a specified AD/AAD security group) or disabled.

    Best regards.

    Philip

  • Community Member Profile Picture
    Community Member on at

    Hello Philip,

    Thank you for the clarification, i believe that's exactly what happend,

    Well noted for the on premise, i thought i has Synch too

    Regards,

    Nabil

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
Siv Sagar Profile Picture

Siv Sagar 93 Super User 2025 Season 2

#2
#ManoVerse Profile Picture

#ManoVerse 74

#3
Martin Dráb Profile Picture

Martin Dráb 64 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans