web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Off boarding members o...
Finance | Project Operations, Human Resources, ...
Unanswered

Off boarding members of sysadmin team

(0) ShareShare
ReportReport
Posted on by HarryDesh 67

hi

We are concerned that most members of our ax support team have access to Sysadmin login and password.  This is an issue since these members can continue to access Production even after they are off boarded unless axadmin password is reset. Resetting axadmin password is risky since it might break integrations etc. 

Our plan is to implement the following

1) Create a user called say 'AXAdminNonProd', add it in PROD but do not enable it. 

2) Deploy all lower environments as AXAdminNonProd, so that this user is automatically enabled after refresh from PROD.

3) Restrict AXAdmin password to select few members. One of these people will be responsible for setting up batch jobs. Support team to provide screenshots when a new batch job is being setup in PROD. 

4) Reset AXAdminNonProd password whenever a member of support team is off boarded.

 

Any other suggestion?

regards

I have the same question (0)
  • Ludwig Reinhard Profile Picture
    Ludwig Reinhard Microsoft Employee on at

    Hello HarryDesh,

    Are these ax support team people in-house persons or externals?

    If they are internals and need to support all of your application related questions and issues they might need system admin rights even in prod.

    How many people do have those rights?

    Best regards,

    Ludwig

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,194 Super User 2025 Season 2 on at

    Hi Harry,

    At least make sure that the axadmin account has no direct access from outside your network. Then you are able to block the normal user accounts and prevent abuse of this account. And indeed limit the number of users which has knowledge of the admin account.

  • Martin Dráb Profile Picture
    Martin Dráb 237,990 Most Valuable Professional on at

    And don't use admin account for non-admin activities, such us integration. Not only it complicates password changes, but more importantly you're giving integration processes very dangerous permissions.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 490 Super User 2025 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 429 Most Valuable Professional

#3
BillurSamdancioglu Profile Picture

BillurSamdancioglu 241 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans