Microsoft Dynamics CRM 2013 is an amazing solution, however one of the main reasons it is so amazing is because it leverages cutting edge technology. This can make for a complex on-premises installation.
If you choose to have a consultant perform the installation for you (highly recommended), then you have three choices for their access:
- Make them a domain admin and give them the keys to the kingdom
- Take the control-freak approach, and lock them down as much as possible
- Try to reach a middle-of-the-road compromise
For those of you that choose path #2, please take a look at Priscilla Tse’s blog. Not only does it talk about installing with minimum permissions, but also without internet access. Speaking for myself, I hope I never have to do one of these installations!
The approach that I want to propose here is a middle-of-the-road compromise (#3). In a simple on-premises installation, we start with a dedicated SQL Server (possibly shared with an ERP or other database) and a dedicated CRM Server. These can (and usually are) virtual servers, which really isn’t relevant from a permissions perspective. For the purpose of this simple installation, we will assume there is only one domain for all servers, and that an IFD (Internet Facing Deployment) will not be created.
The following needs to be configured prior to the installation.
- Domain User Account
- AD Organizational Unit (OU)
- CRM Installation Account
- CRM Service Account
- Exchange Email
- Remote Access, if applicable
Domain User Account
For our simple installation, a domain user account with local admin rights to both the SQL Server and the CRM Server is preferred. This account can be used for on-going support.
AD Organizational Unit (OU)
CRM requires an organizational unit (OU) in the Active Directory domain. This OU can be created during the CRM Installation if the CRM Installation Account has sufficient permissions. For assistance in creating an OU, navigate to Microsoft TechNet and search for “create OU”.
CRM Installation Account
The CRM Installation Account will be used for the installation of CRM on the CRM Server. It must be a domain user with local admin rights to both the CRM Server and the SQL Server. Once the installation is completed, a corresponding CRM System Administrator account will be created in the CRM application. This user should have organization and security group creation permissions in AD. If the OU is already created, then this user only needs permissions to create security groups for the specified OU.
CRM Service Account
There are 6 CRM Services. In a simple installation these can all be managed by the same domain account. This account should be dedicated to the CRM services only and can not be used to setup a CRM user account. The password should never expire, and it cannot be a Managed Service Account.
New with CRM 2013 is Server-Side Sync. A simpler solution, this approach requires an on-premises Exchange 2010 or greater server using the Exchange Web Services protocol. It does not work if SMTP and POP3 protocols are intermixed with Exchange. It also does not work for the creation of mass email marketing campaigns. For a complete list of supported email configurations for server-side synchronization, please reference this MSDN Library post. If Server-Side Sync is not an option, then the traditional Mail Router should be configured and will need a dedicated EMail Account.
Please note that this blog did not address system requirements. Those change as frequently as Microsoft releases new software versions. Please refer to the Dynamics CRM 2013 Implementation Guide located in the Microsoft Download Center (search for “crm 2013 implementation”). Reference the enclosed Planning document. Be prepared – Version 6.0.2 is 154 pages long.
For an up-to-the-minute list of compatible software versions, please reference Article 2669061 on the Microsoft Support Site. While Dynamics CRM works best if kept up-to-date, it is not advisable to install it with a version of software that has not been tested to be compatible. As with any compatibility list, just because a product is not listed, does not mean it won’t work – just that it hasn’t been tested (which directly correlates to supportability).
For additional technical questions on the topic of CRM, feel free to contact us.