Search code examples
dynamics-crmdynamics-crm-2015

Certain users are unable to login to CRM after organization export/import: "No Microsoft Dynamics CRM user exists with the specified domain name"

After doing an export and import of a CRM organization and doing user mapping certain users are unable to login to CRM. They get the following error:

No Microsoft Dynamics CRM user exists with the specified domain name and user ID

A Microsoft Dynamics CRM user record does not exist with the specified domain name and user ID.

When looking at the affected system users in CRM they all appear to have the correct security roles. Reassigning security roles, deactivating and re-activating the users or re-typing their domain name does not have any effect.

This issue only affects around 1% of the users. The rest are able to login without problems.

I have been able to solve the issue for single users by changing their domain name to an unused domain user-name, creating a new system user with the original domain name, and reassigning all records to the new system user.

This approach requires unused users in Active Directory. How do I fix the root cause of the issue instead?

Solution

  • In some cases I have experienced that the SIDs stored for users in the CRM database do not correspond with the SIDs of the users in Active Directory. You can correct that issue in the following way:

    Select the SIDs of users in CRM:

    select DomainName,ActiveDirectoryGuid,AuthInfo,A.UserId from 
MSCRM_CONFIG.dbo.SystemUserOrganizations O
join MSCRM_CONFIG.dbo.SystemUserAuthentication A on A.UserId=O.UserId
join YourOrg_MSCRM.dbo.SystemUserBase B on B.SystemUserId=O.CrmUserId

    You can add a where-clause to the above SQL to only show users you are interested in.

    Select the SID of a specific user in Active Directory

    Using the Active Directory Module for Windows PowerShell select the SID of a given user from Active Directory:

    Get-ADUser -Filter {SamAccountName -eq 'YourUserName'}

    Compare the SID in Active Directory with the SID in CRM. In case the two differ, you can correct the issue:

    Update the SID in CRM

    Disclaimer: As always, any direct changes in the CRM tables are unsupported.

    Update the SID in SystemUserAuthentication to the correct SID from AD, after which the user should be able to log in again.