Microsoft KB Archive/890589

From BetaArchive Wiki
< Microsoft KB Archive
Revision as of 18:21, 18 July 2020 by 3155ffGd (talk | contribs) (importing KB archive)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Knowledge Base


Article ID: 890589

Article Last Modified on 8/26/2006


APPLIES TO

  • Microsoft CRM 1.2



SYMPTOMS

After you reassign a child business unit, you cannot see records in child business units or in the subunits of a child business unit that are more than one level under the current business unit. This problem occurs when the child business unit that you reassigned uses the same security group name in the Active Directory directory service that is used by the new parent business unit. After the change, the MSCRM DEEP Active Directory security group that is used by the child business unit does not link to the MSCRM DEEP Active Directory security group that is used by the new parent business unit.

RESOLUTION

Microsoft CRM has a fix for this problem that is part of a cumulative update. The cumulative update information is described in the following Microsoft Knowledge Base article:

904435 Update Rollup 2 is available for Microsoft CRM 1.2


MORE INFORMATION

Steps to reproduce the problem

Note Only create the business units and the security roles that are mentioned in the following steps in a test system. We provide the following steps to describe the business unit structure and the Microsoft CRM security roles that cause the problem that is described in the "Symptoms" section.

In this scenario, each business unit has at least one Microsoft CRM user who is associated with that business unit. That user owns multiple contacts, accounts, and leads.

The original business unit structure contains a root business unit. The root business unit has two child business units. The child business units of the root business unit are Region 1 and Region 2. The Region 1 and Region 2 business units each have two child business units. The child business units of Region 1 are Area 1A and Area 1B. The child business units of Region 2 are Area 2A and Area 2B.

Each Area business unit also has two children. The child business units of Area 1A are Biz 1A_1 and Biz 1A_2. The child business units of Area 1B are Biz 1B_1 and Biz1B_2. The child business units of Area 2A are Biz 2A_1 and Biz 2A_2. The child business units of Area 2B are Biz 2B_1 and Biz 2B_2. Table 1 shows the organization of these business units.

Table 1

Root Region 1 Area A1 Biz 1A_1
Biz 1A_2
Area 1B Biz 1B_1
Biz 1B_2
Region 2 Area 2A Biz 2A_1
Biz 2A_2
Area 2B Biz 2B_1
Biz 2B_2
  1. Create a custom Microsoft CRM security role at the level of the root business unit. Name the security role C1_REGION1, and then give "Parent: Child Business Unit" privileges to the security role. To do this, follow these steps:
    1. On the GoTo menu, point to Home, and then click Settings.
    2. On the Settings page, click Business Unit Settings.
    3. On the Business Unit Settings page, click Security Roles.
    4. In the Business Unit list, click Root Unit.
    5. Click Create a new Role.
    6. In the Role Name box, type C1_REGION1.
    7. On the Core Records tab, click Account three times to change the privileges to Parent: Child Business Unit. Then, click the Save and Close button.
  2. Create a new user. Name the user User_Region1. Then, assign the C1_REGION1 custom Microsoft CRM security role to this user in the Region 1 business unit. To do this, follow these steps:
    1. On the GoTo menu, point to Home, and then click Settings.
    2. On the Settings page, click Business Unit Settings.
    3. On the Business Unit Settings page, click Users.
    4. Click New User.
    5. In the First Name box and in the Last Name box, type User_Region1.
    6. In the Domain Logon Name box, type adventure-works\User_Region1.
    7. Click the lookup button next to the Business Unit box.
    8. In the Look Up Records dialog box, click Go.
    9. Select Region 1, click OK, and then click Save.
    10. On the Actions menu bar, click Manage Roles.
    11. In the Role Name column, click to select the C1_REGION1 check box, and then click OK.
  3. Create another custom Microsoft CRM security role at the level of the root business unit. Name the security role C1_REGION2, and then give "Parent: Child Business Unit" privileges to the security role. To do this, follow these steps:
    1. Repeat step 1a through step 1e.
    2. In the Role Name box, type C1_REGION2.
    3. On the Core Records tab, click Account three times to change the privileges to Parent: Child Business Unit. Then, click the Save and Close button.
  4. Create a new user. Name the user User_Region2. Then, assign the C1_REGION2 custom Microsoft CRM security role to this user in the Region 2 business unit. To do this, follow these steps:
    1. Repeat step 2a through step 2d.
    2. In the First Name box and in the Last Name box, type User_Region2.
    3. In the Domain Logon Name box, type adventure-works\User_Region2.
    4. Click the lookup button next to the Business Unit box.
    5. In the Look Up Records dialog box, click Go.
    6. Select Region 2, click OK, and then click Save.
    7. On the Actions menu bar, click Manage Roles.
    8. In the Role Name column, click to select the C1_REGION1 check box, and then click OK.
  5. Log on to the Microsoft CRM Web client as User_Region1 to verify that you can read and update account records in all the child business units and the subunits of the child business units in Region 1.
  6. Log on to the Microsoft CRM Web client as User_Region2 to verify that you can read and update account records in all the child business units and the subunits of the child business units in Region 2.
  7. Log on to the Active Directory server as a user who can view the Microsoft CRM organizational units (OU) and the child organizational units.
  8. Start the Active Directory Users and Computers snap-in. To do this, click Start, click Run, type dsa.msc, and then click OK.

    Notes
    • The Region 1 organizational unit has the MSCRM ROLE (C1_REGION1) security group and the MSCRM DEEP (C1_REGION1) security group for the C1_REGION1 custom Microsoft CRM security role. All the child organizational units under Region 1 have the MSCRM ROLE (C1_REGION1) security group and the MSCRM DEEP (C1_REGION1) security group for this custom Microsoft CRM security role.
    • The Region 2 organizational unit has the MSCRM ROLE (C1_REGION2) group and the MSCRM DEEP (C1_REGION2) security group for the C1_REGION2 custom Microsoft CRM security role. All the child organizational units under Region 2 have the MSCRM ROLE (C1_REGION2) security group and the MSCRM DEEP (C1_REGION2) security group for this custom Microsoft CRM security role.
  9. Reassign the Biz 2B_2 business unit to the Area 2A business unit. To do this, follow these steps:
    1. Log on to the Microsoft CRM Web client as a user who has administrative privileges.
    2. On the GoTo menu, point to Home, and then click Settings.
    3. On the Settings page, click Business Unit Settings.
    4. On the Business Unit Settings page, click Business Units.
    5. Double-click Biz 2B_2 to open the business unit.
    6. On the Actions menu bar, click Change Parent Business.
    7. Click the lookup button next to the New Parent Business box.
    8. In the Look Up Records dialog box, click Go.
    9. Select Area 2A, and then click OK.
    10. Click OK in the Confirm Change Parent Business dialog box.

      Note After you reassign the business unit, the business unit structure contains a root business unit. The root business unit has two child business units. The child business units of the root business unit are Region 1 and Region 2. Region 1 has three child business units, and Region 2 has one child business unit. The child business units of Region 1 are Area 1A, Area 1B, and Area 2B. The child business unit of Region 2 is Area 2A.

      Each Area business unit also has two child business units. The child business units of Area 1A are Biz 1A_1 and Biz 1A_2. The child business units of Area 1B are Biz 1B_1 and Biz 1B_2. The child business units of Area 2A are Biz 2A_1 and Biz 2A_2. The child business units of Area 2B are Biz 2B_1 and Biz 2B_2. Figure 2 shows the organization of these business units.
      Table 2
      Root Region 1 Area 1A Biz1A_1
      Biz1A_2
      Area 1B Biz1B_1
      Biz1B_2
      Area 2B Biz2B_1
      Biz2B_2
      Region 2 Area 2A Biz2A_1
      Biz2A_2


  10. Wait until the Microsoft CRM security descriptors are updated.

    Note To determine when the security descriptors are updated, open the C:\Program Files\Microsoft CRM\Server\Bin directory, where C: is the letter of your drive. Wait for the SSPCQC.bin file to disappear. Your settings for the \Program Files\Microsoft CRM\Server\Bin directory must be set to show hidden files for this file to appear. The SSPCQC.bin file is present after you perform an action that updates Microsoft CRM security roles. This file is also present after you create a new Microsoft CRM role. The file disappears after all security descriptors are updated.
  11. Log on to the Microsoft CRM Web client as User_Region1 to verify that you can see and write to accounts that belong to the users of the Area 2B business unit. This behavior is expected.

    Note You cannot see or write to accounts that belong to the child business units in Area 2B. This behavior is not expected.
  12. Log on to the Active Directory server as a user who can view the Microsoft CRM organizational units and the child organizational units.
  13. Start the Active Directory Users and Computers snap-in. To do this, click Start, click Run, type dsa.msc, and then click OK.
  14. View the Biz 2B_1 organizational unit and the Biz 2B_2 organizational unit. No roles exist for the MSCRM ROLE (C1_REGION1) security group or for the MSCRM DEEP (C1_REGION1) security group. However, these organizational units still have the MSCRM ROLE (C1_REGION2) security group and the MSCRM DEEP (C1_REGION2) security group.


REFERENCES

For more information about the terminology that is used to describe Microsoft product updates, see the following articles in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates


887283 Microsoft Business Solutions CRM software hotfix and update package naming standards



Additional query words: children grandchildren reparent re-parent

Keywords: kbmbsadministration kbfix kbbug kbqfe kbmbsmigrate KB890589



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/890589&oldid=211861
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki