As part of import organization process via Deployment Manager, it maps the existing CRM users with Active Directory as per user mapping specified. However, sometimes CRM is not able to map some users. There are multiple reasons around that:
- User does not exist in Active Directory
- User is disabled or left the organization but was enabled in CRM
- Two user profile exists (one Enabled and another disabled); may be in different domain but both domains has full trust now. In this case, CRM might map the wrong user profile (may be disabled user one).
If user mapping gets failed because of first two reasons, we should be fine. We can go ahead and disable those users. However, in case of third condition, we need to fix the issue. There are two ways to fix the issue:
Flip the profiles:
- Disable the user which is enabled.
- Enable the user which was disabled.
The problem with this fix is the user GUIDs associated with the records will be changed. If you are using user ownership in CRM, you are losing the visibility of the records. In case of team ownership, you are losing visibility for Activity records where you are one of the activity party.
Flip the user record:
- Enable the disabled user profile.
- Change the user name to some other user which does not exists in CRM. Save the record.
- Go to original profile which you wanted to keep. Change the user name to some other AD user which does not exists in CRM. (Same like #2). Save the record.
- In the same profile (which you modified in #3), revert the User Name back to original and Save.
Now the issue is how to find the user records those are enabled but could not get mapped. Execute below query against CRM organization database:
Declare @OrgId uniqueidentifier
select @OrgId = organizationid from organization
;With userAuthentication as
select distinct sup.CrmUserId UserId
inner join MSCRM_CONFIG.dbo.SystemUserAuthentication sua
on sup.UserId = sua.UserId
where sup.OrganizationId = @OrgId
select su.systemuserid, su.fullname, su.DomainName, su.BusinessUnitIdName, su.InternalEMailAddress
left outer join userAuthentication ua
on su.SystemUserId = ua.UserId
where su.isdisabled = 0 and ua.UserId is NULL
order by su.fullname