Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.7K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 317 Dynamics CRM
- 110 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 385 SQL Performance
- 33 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Windows AD Groups
Fisherman
Member Posts: 456
Hi all -
Got a quick question about AD Groups as Windows Logins -
I've added my own AD security group to SQL as a login, to the Navision Database as a database user, and to Navision itself through the Windows Login screen. Resynced Navision security... When I switch my authentication type to Windows, I can log in with no problems - great so far... keep in mind, that I'm a member of the Administrator group, which also has logon rights to all three levels...
Now, I added one of our Accounting Department's Security groups in the same manner and resynced. I went to a member of that group and had him try to log on using Windows Authentication - no dice. I refreshed AD from the PDC to the BDC - no dice. I added another security group to which he is a member - no dice. I had him log off and back on while I resynchronized Navision security (again) , no dice...
Has anyone been able to get this to work correctly? I'd like to create our organizational hierarchy in AD, add the AD Groups to Navision, and then assign the permissions to those groups, but I'm having a hell of a time doing it. Are there any good Microsoft resources available on how to get this done?
Thanks.
Got a quick question about AD Groups as Windows Logins -
I've added my own AD security group to SQL as a login, to the Navision Database as a database user, and to Navision itself through the Windows Login screen. Resynced Navision security... When I switch my authentication type to Windows, I can log in with no problems - great so far... keep in mind, that I'm a member of the Administrator group, which also has logon rights to all three levels...
Now, I added one of our Accounting Department's Security groups in the same manner and resynced. I went to a member of that group and had him try to log on using Windows Authentication - no dice. I refreshed AD from the PDC to the BDC - no dice. I added another security group to which he is a member - no dice. I had him log off and back on while I resynchronized Navision security (again) , no dice...
Has anyone been able to get this to work correctly? I'd like to create our organizational hierarchy in AD, add the AD Groups to Navision, and then assign the permissions to those groups, but I'm having a hell of a time doing it. Are there any good Microsoft resources available on how to get this done?
Thanks.
0
Comments
This is documented somewhere, but I can't remember where right now.
Also, you do not need to add the AD user to SQL manually. The sync should take care of this.
Did it work that way in 3.x? If so, then why in the world would they change it? I would think that would be the desired behavior?
So.. add the Group as a Database Login and user, and to Navision as a Windows Login. Assign Roles and Permissions to the Group, and then I only have to add the windows login to Navision from that point?
My Windows User Login is not set up in Navision, only the MIS and Administrator security groups.. and I'm able to log in with Windows Auth....
You should not need to add anything manually in SQL. Just create your AD groups and assign users. Then add then to Navision as Windows logins and sync. The user doing the sync must be a member of the SQL security admin role or higher.
Didn't you say you were an Administrator? This basicly overrides everything.
Man.. this is just screwy. The old model of mapping organizational hierarchy through AD groups and adding those to Navision just makes more sense. I don't see how this really provides any tighter security.
Do people like this new model?
I can't disagree with you. I used to have a 2.6 site with ~300 authorized users. With 20 to 30 user changes a month, the old model made this a breeze to manage.
Bruno
http://blogs.ittoolbox.com/erp/smb
1) You can add group into navision and connect Navision roles to this group
2) Users must have account for their user account in the Navision (but it can be without any role)
3) Users must be directly members of the group used in the Navision, it is not possible to use more nested groups
(It must be - NAV Role - AD Group - AD User, NAV Role - AD Group-AD Group -AD User is not allowed)
4) You needs to run the synchronization process over the user ID, not over the group, sync for group is doing nothing...
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
Thanks for the synopsis kine. It is simple... but it is simpler still to just be able to add/map the AD groups.
4.0 SP2 Update 02 introduces the new option that allows you to choose between the old security model (prior to 4.0) and the new security (4.0 and above).
You should contact your NSC/Microsoft to get the update...so far, we have not encountered any issues and use the Standard security model (prior to 4.0) that allows us to make changes to table data w/o synching the users!
Vice President, Deployment Operations
Symbiant Technologies, Inc.
http://www.symbiantsolutions.com