The CRM Grid – A Microsoft CRM Blog

Greg Owens’ rose-tinted MS-CRM mumblings

You are not a Deployment Administrator

We’ve all seen this error at some point when trying to access the Microsoft Dynamics CRM Deployment Manager on the server:

Only the Deployment Administrators are able to use Deployment Manager. You are not a Deployment Administrator.

Most of the time this is not a problem at all – perhaps you’re logged in with the wrong account or you simply need to request that another administrator logs in and adds you to this list. Sometimes it can be trickier though – perhaps the only administrator is on holiday, has left (and had their account deleted rather than just disabled) or any other number of things that might just ruin your day. The only supported method at this point is a reinstall of CRM. Cripes…!

How about an unsupported method to get you by?

Try this little SQL script which should add you to the list of Deployment Administrators. It is ENTIRELY UNSUPPORTED and probably shouldn’t be used in a production environment etc etc. But needs must and this might just save your day (but don’t blame me if I make it worse, right?).

IMPORTANT NOTE: This script will get you into the Deployment Administrator, but if you were NOT already a CRM user, it won’t get you into the CRM front-end. Clearly something missing from my script at present – be very very careful if you use this in production…

USE MSCRM_CONFIG

DECLARE @username AS VARCHAR(MAX) ,
        @newuserguid AS uniqueidentifier ,
        @userguid AS uniqueidentifier ,
        @adminroleguid AS uniqueidentifier

-- *** TODO:  ADD THE USERNAME YOU WANT TO MAKE A DEPLOYMENT ADMINISTRATOR HERE
SET @username           = '<domain>\<username>' 
SET @newuserguid        = NEWID()

-- Get guid for the Deployment Admin role
SELECT @adminroleguid = id
FROM   dbo.securityrole
WHERE  Name = 'Administrator'

-- Add the user as a systemuser (unless they already exist...)
IF NOT EXISTS
    (SELECT ID
    FROM    SYSTEMUSER
    WHERE   NAME = @username
    )
    BEGIN
            INSERT
            INTO   SYSTEMUSER VALUES
                   (
                          '00000000-0000-0000-0000-000000000000',
                          @newuserguid                            ,
                          @username                               ,
                          0
                   )
    END

-- Get the user's guid
SELECT @userguid = ID
FROM   SYSTEMUSER
WHERE  NAME = @username

-- Add the user's guid and the admin role to the SystemUserRoles table
INSERT
INTO   dbo.SystemUserRoles VALUES
       (
              NEWID()       ,
              @adminroleguid,
              @userguid   ,
              NULL          ,
              0
       )

We also may need to add the record to the appropriate AD groups and CRM tables. I’m not going to show you how to add items to Active Directory Groups or which groups to use. Suffice to say, you would need to know the user’s Active Directory sid (Security ID). Try this command from the server prompt:

dsquery user -name Greg* | dsget user -sid

This should return a result similar to this:

sid
S-1-5-21-0123456789-0123456789-0123456789-1234
dsget succeeded

You’re on your own from this point… 😉

Advertisements

5 Comments»

  Samuel wrote @

Hi Greg

thank you for this great work-around.

microsoft has documented which AD groups the deployment administrator needs to be a member of – in the article – http://support.microsoft.com/kb/946686

but would it not be complete if you continued the blog and stated the necessary CRM tables that the “new” deployment user needs to be a member of?

it would really be very helpful and for one, I would be grateful.

the reason i came upon your blog;
i am cloning (as in hyperV / VMWare) a CRM installation, from a company who deployed the CRM installation as domain\Administrator. I have now brought up the CRM installation into my AD domain, but we do not have any trust relationships between the two domains and the company will not release their password or render any assistance, hence ….

I have run your SQL script, and added the “new” deployment administrator account to the relevant AD groups…
* ReportingGroup
* PrivUserGroup
* UserGroup

hoping to hear from you before I continue.

regards,
samuel

  Greg Owens wrote @

Thanks for the feedback Sam. Sadly I won’t have the time to review or extend this article for the moment due to time constraints. The issue (above) came up a while back for me and I simply chose to document the steps I took to resolve it.

In the end, I didn’t need to create the AD groups etc at the time, but foresaw that it might be necessary if you were working from a standing start (like you have). If you’ve managed to resolve the last few steps, do feed back with more comment and I’ll enhance the article with credit.

Sorry I can’t be more help, but good luck!

  paingthu wrote @

Hi, I having same problem, i did all the sql things and i have checked the user groups. all there. Dsquery also return sid and success. but the error seems to be still there. any suggestion? 😦

[…] You are not Deployment Administrator […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: