Each organization within MS CRM, will have there own set of unique groups within active directory. You can either pre-create these groups or allow the "Deployment Manager" to create these as part of the creation process.
Regardless which option you use, you should have the following 3 groups:
Eventually you will discover that active directory will soon become overun with these groups and it can become difficult to identify which groupds are associated with which CRM organization.
Being able to identify these groups is very useful when investigating permissions and security related issues. You can use a simple SQL query against the "Organization_MSCRM" database.
select ReportingGroupName, SqlAccessGroupName, PrivReportingGroupName from Organization
Regardless which option you use, you should have the following 3 groups:
- SqlAccessGroup
- PrivReportingGroup
- ReportingGroup
Eventually you will discover that active directory will soon become overun with these groups and it can become difficult to identify which groupds are associated with which CRM organization.
Being able to identify these groups is very useful when investigating permissions and security related issues. You can use a simple SQL query against the "Organization_MSCRM" database.
select ReportingGroupName, SqlAccessGroupName, PrivReportingGroupName from Organization