web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics GP (Archived) / Cross Domain Access in...
Microsoft Dynamics GP (Archived)

Cross Domain Access in Business Portal

(0) ShareShare
ReportReport
Posted on by Bill Campbell 12

We have a client that is 'slowly' migrating off of Dynamics due to a company merger.  Unfortunately the parent company will not consider keeping GP in any form after May - so, I am looking for a solution to the following 'short term' problem.

Background Details

We have two domains in the network - new parent and child - so I will label PAR1 and CLD1

Currently Microsoft Dynamics GP2013 and BP6.1 is running (and has been running for many years) in the CLD1 environment.  All users are members of the BPUSER group in the CLD1 AD as well as user added in the BP User Set up window to grant and define their specific access levels with the site.  As noted, this is working and is not the problem.

In the CLD1 AD we have created a BPUSER group, added all domain users by adding CLD1\EVERYONE AD group to the CLD1\BPUSER group.  Works.

In the PAR1 AD we have created a new BPUSER group, added the newly named users in the form PAR1\USERID1 and are not having any issues with this.

Situation

We have added to the Share Point site the PAR1\BPUSER group to the same locations we currently have the CLD1\BPUSER group to make sure we are keeping the same access

Now when we go to the Business Portal Administration and click on User, then chose Add Users, we click on Add manually - as the PAR1 domain does not appear - we then click on and enter the DOMAIN - PAR1 and then enter the USER - USERID1 and then click on Add.

At this point we get an error that the User name is not a valid Domain User

When we add the AD Group PAR1\BPUSER we use the Name Lookup and verify and get no error - when I try (for testing) to add PAR1\USERID1 to the Business Portal Site Members list, I use the form PAR1\USERID1 and the lookup and it returns the correctly qualified name from the PAR1 domain, not from the CLD1 domain and I tested this further by adding both the CLD1\USERID1 and PAR1\USERID1 to the list and based on the 'department' names I know we are seeing the data from the two different AD servers.  We have another client where by different companies have different AD Group names and we simply enter that in the Domain line and have no issues.

Question

Why can we not enter the name into the Business Portal Add user window by entering the correct domain id and correct user id and having it return a valid entry?

*This post is locked for comments

I have the same question (0)
  • Bill Campbell Profile Picture
    Bill Campbell 12 on at

    Anybody got any suggestions?  We are struggling to figure out what we are doing wrong.

    Interesting we can connect to the CLD1 hosted BP site when logged in as PAR1\USERID and the system is wise enough to tell us to login into BP as someone else - it gets that  - but will not allow us to add the domin user in the Add User - can not figure.

  • Derek Albaugh Profile Picture
    Derek Albaugh on at

    Hello Bill,

    From my experience with cases where we can add users to Business Portal from the domain on which BP is installed onto but not from a secondary domain, it usually falls with the cause being one or more of the following:

    A. There isn't a Full, Two-way trust setup between the two domains.

    B. The account that is running the Microsoft.BusinessFramework.Identity COM+ object doesn't have sufficient permissions to query both domain's Active Directory users and groups to be able to find the users or groups being looked for.

    As a test, we usually have the partner or customer add THE domain administrator account (i.e. DOMAINName\ADMINISTRATOR) as the account running the Microsoft.BusinessFramework.Identity COM+ object, as this account should have more permissions and access than any other account and if this account can't query the users or groups in BP, then it may be how the relationship is setup between the two domains.

    This all being said, normally the scenarios we see are the customer still staying on the primary domain that BP is installed onto, but just adding a secondary domain, which they want to add users to BP from. If you have a different domain environment than this, then it may work differently than what we have seen.

    C. Another thing we've see cause this type of behavior is having to do with the Network connections, specifically in TCP/IP properties > Advanced > DNS tab > select 'Append these DNX suffixes (in order)' and add the domains where the users exist with the domain where your IIS server and Business Portal resides, then launch Business Portal and attempt to add the new users from the secondary domain.

    Lastly, some other things to look at:

    >>Do you have shared DNS between zones or do you use conditional forwarders?

    >>In the DNS store of the BP domain, do you have conditional forwarders to route requests for the domain name that is failing to be added?

         I.e. If you get an error when adding DomainA\user to BP on the BP domain, do you have a forwarder setup to forward DOMAINA requests to the DNS zone for DomainA?

    >>Can you add these secondary users and groups directly to the SharePoint site that BP is installed onto, or does it give the same type of error?

    As you can see, these type of issues can get complicated as the setup is more on the domain/Active Directory side and not so much on the Business Portal side, other than the account running the COM+ object that I mentioned.

    If you haven't, it may not be a bad idea to run this type of question on the Windows Support team's Active Directory forums, to see if they have any tips from that side.

    Thanks

  • Bill Campbell Profile Picture
    Bill Campbell 12 on at

    Derek I have not been able to get an answer back from the client - they are doing some major AD work and will get to this a soon as they have time.  It is not a pressing matter to the IT Team - the users maybe - not the IT Team - updates soon.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics GP (Archived)

#1
mtabor Profile Picture

mtabor 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans