Authentication when you are adding a new user to CRM, or a user to a new Organization in CRM


We have seen a couple of errors such as:

"The specified Active Directory user already exists as a CRM user"

"You are attempting to create a user with a domain logon that is already used by another user. Select another domain logon and try again."

When the user which you are trying to add is not an existing CRM user, or not an existing CRM user in the Organization you are trying to add to.

If you see this type of error, please log a case with the Support team and we will be looking at the following stored procedure and database tables to rectify the issue.

N.B. Please do not make direct database modifications, as this is unsupported.

The stored procedure explained:

There are 3 tables that the stored procedure p_GetCrmUserId checks to authenticate the user from the Domain\LoginName provided.

We will assume that the Admin user is logged in to CRM and adding a new user.

p_GetCrmUserId

set ANSI_NULLS ON

set QUOTED_IDENTIFIER ON

go

ALTER procedure [dbo].[p_GetCrmUserId] (@OrganizationId uniqueidentifier, @AuthInfo nvarchar(128)) as

The parameters passed are the OrganizationId(of the database the Admin user is currently logged into) and the AuthInfo(the ObjectSID from AD of the user you are trying to add W:S-x-x-xx-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxx)

begin

set nocount on

select suo.CrmUserId as CrmUserId

from SystemUserOrganizations suo

join SystemUserAuthentication sua on (suo.UserId = sua.UserId)

From the MSCRM_CONFIG database a join is made on the UserId column:
SystemUserAuthentication table UserId column
SystemUserOrganization table UserId column

where sua.AuthInfo = @AuthInfo and suo.OrganizationId = @OrganizationId

The ObjectSID is matched with the value in the AuthInfo column in SystemUserAuthentication table and the OrganizationId of the organization the Admin User is logged in to is matched with the value in the OrganizationId column of the SystemUserOrganization table.

and suo.IsDeleted = 0

and sua.IsDeleted = 0

Confirm the IsDeleted value is not ‘1’ (or ‘True’)in either SystemUserAuthentication or SystemUserOrganization table.

end

A graphical representation of how the 3 tables correspond to one another, AD and CRM:

AD Explorer:

image

MSCRM_CONFIG

SystemUserAuthentication

image

There will only ever be one row in this table for a user.

SystemUserOrganizations

image 

There will be one row in this table for EACH Organization the user belongs to

ORG_MSCRM

SystemUserBase

image

There will be one row in this table in EACH ORG_MSCRM database for each Organization the user belongs to.

Note the DomainName\Login from the above table corresponds to the user we are trying to add in CRM:

image

Despina Kitsantonis

Senior Support Engineer


Comments (9)

  1. Rob D says:

    IT edited the AD login name and Last name after a user was in CRM. I cannot edit their details in the User record in the CRM UI as it says the AD user already exists(mastering on AD GUID).

    Can I just change the last name and AD logon in the systemuserbase table?

  2. Rob D says:

    IT edited the AD login name and Last name after a user was in CRM. I cannot edit their details in the User record in the CRM UI as it says the AD user already exists(mastering on AD GUID).

    Can I just change the last name and AD logon in the systemuserbase table?

  3. Vikash Punia says:

    Hi Rob,

    You have no need to do direct change in Database.

    Following is not exactly what you want but you can definitely use this to get the required result.

    What I tried was first assigning the CRM user record an AD logon who is not already a user in CRM, saving, and then reassigning the user record with the new and correct AD logon. I tried it with a dummy AD user and found success, who would have guessed?

  4. Same error on CRM 2011 says:

    Hello,

     I'm getting the same error in CRM 2011.  I've confirmerd the user does not already exist both in CRM and by looking at the domain account and GUID in the CRM database.  Should I open a case also, or is there a fix for CRM 2011?  Thanks much.

  5. Irman I says:

    Hello all,

    I'm getting the same error  too, after I restore the backup database and import the organization.

  6. Sorin Ratiu says:

    Hello,

    I am also getting this error.

    My problem is that I can trace the AD user in MSCRM_CONFIG in all 3 tables, but I cannot find it in ORG_MSCRM –SystemUserBase Table .

    Can you guide me how to remove the user from MSCRM_CONFIG Tables?

  7. Sorin Ratiu says:

    I have done the following:

    – Backup CRM DB's

    – In the MSCRM_CONFIG – SystemUserAuthentication Table I have changed the Data in the AuthInfo column of the user – to a nonexisting SID; I thought delete to be more dangerous than update.

    – I have created a new user in CRM … as usual … with the same AD account as the one I have previously changed

    and everything worked fine !!! 🙂

    I just hope now that there will be no Problems from now on …

  8. Karmendra says:

    I am not able to create user in CRM with same message. I checked all 3 table but not able to find that user details anywhere in org_MSCRM and MSCRM_Config Databases. Please help

  9. Test McGhee says:

    This was exactly what I needed to solve this problem. Thanks for the info.