Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Unable to add a new Deployment Administrator from trusted domain in same forest


View products that this article applies to.

Symptom

A current Deployment Administrator may be unable to add a new Deployment Administrator from a trusted domain

↑ Back to the top


Cause

When adding a user from another domain as a Deployment Administrator, you are able to find that user in the UserPickerForm, but only after the current signed in Deployment Administrator enters credentials to be able to browse the object in the trusted domain. Once the user is chosen and we retrieve the user properties with an LDAP call, the credentials are lost and reverted back to the CRM domain credentials (local deployment administrator credentials without access to the trusted domain). This causes the LDAP call to not find any users and a null value is returned for the user. This simulates that the user cancelled out of the wizard.

↑ Back to the top


Resolution

1. Create a two-way trust between the domains in order to add the user as a new Deployment Administrator.

2. Manage the username and password prior to assigning it as a Deployment Administrator. To do this:

a. Go to Manage your Network Passwords on the server and have the current Deployment Administrator add the Domain Controller and credentials from the trusted domain. This allows the credentials to be automatically passed for the LDAP query and not dropped.

↑ Back to the top


Keywords: kb

↑ Back to the top

Article Info
Article ID : 2842571
Revision : 1
Created on : 1/7/2017
Published on : 5/17/2013
Exists online : False
Views : 171