Administrators can unexpectedly view Active Directory users who do not belong to the administrator's organizational unit in Microsoft Dynamics CRM 4.0

This article has been archived. It is offered "as is" and will no longer be updated.
Symptoms
Consider the following scenario. You are an administrator of an organizational unit (OU) in Microsoft Dynamics CRM 4.0. This OU is in an Internet-Facing Deployment (IFD) that has multiple organizations. In this scenario, you can unexpectedly view the whole Active Directory structure. Therefore, you can view Active Directory users even if they belong to another OU.
Resolution
This problem is fixed in Update Rollup 2 for Microsoft Dynamics CRM 4.0.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
959419 Update Rollup 2 for Microsoft Dynamics CRM 4.0 is available

Installation information

After you install Update Rollup 2 for Microsoft Dynamics CRM 4.0, you must perform the required configuration. To do this, follow these steps:
  1. Obtain the latest Microsoft Dynamics CRM Deployment Configuration tool. To do this, visit the following Microsoft Web site:
  2. For each organization in which you want to restrict Active Directory searches, run the following command to set the root of any search:
    Microsoft.Crm.DeploymentConfigTool.exe userorgsettings update -organization:<ORG_NAME> -propertyname:UserRootPath -propertyvalue:LDAP://<DOMAIN_NAME>/OU=<ORG_OU>;DC=<DOMAIN>;DC=<DOMAIN_SUFFIX>
    Notes
    • In this command, the <ORG_NAME> placeholder represents the actual name of the Microsoft Dynamics CRM organization.
    • The <DOMAIN_NAME> placeholder represents the actual fully qualified domain name. For example, the <DOMAIN_NAME> placeholder may be "microsoft.com."
    • The <ORG_OU> placeholder represents the actual organizational unit in the Active Directory structure that you want searches for the organization to start from.

      Note Multiple organizational unit levels may require an "OU=<ORG_OU>" parameter for each organizational unit that begins from the lowest level.
    • The <DOMAIN> placeholder represents the first part of the domain name. For example, the <DOMAIN> placeholder may be "microsoft."
    • The <DOMAIN_SUFFIX> placeholder represents the domain suffix. For example, the <DOMAIN_SUFFIX> placeholder may be "com."
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More information
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
For more information about Microsoft Business Solutions CRM software hotfix and update package terminology, click the following article number to view the article in the Microsoft Knowledge Base:
887283 Microsoft Business Solutions CRM software hotfix and update package naming standards
Properties

Article ID: 959549 - Last Review: 01/16/2015 03:23:50 - Revision: 2.0

Microsoft Dynamics CRM 4.0

  • kbnosurvey kbarchive kbfix kbexpertiseinter kbsurveynew kbmbsmigrate kbqfe KB959549
Feedback
ERROR: at System.Diagnostics.Process.Kill() at Microsoft.Support.SEOInfrastructureService.PhantomJS.PhantomJSRunner.WaitForExit(Process process, Int32 waitTime, StringBuilder dataBuilder, Boolean isTotalProcessTimeout)