seanmcne
commented
2 years ago Can you try this sample for creating an app user? https://github.com/seanmcne/Microsoft.Xrm.Data.PowerShell.Samples/blob/master/UserOperations/CreateApplicationUser.ps1
Closed cT-m00cat closed 2 years ago
seanmcne
commented
2 years ago Can you try this sample for creating an app user? https://github.com/seanmcne/Microsoft.Xrm.Data.PowerShell.Samples/blob/master/UserOperations/CreateApplicationUser.ps1
cT-m00cat
commented
2 years ago That works. Thanks a lot.
cT-m00cat
commented
2 years ago Add-CrmSecurityRoleToUser - well.. ain't that just perfect - you just made my life so much easier...!!!!
Thanks Sean... I'm joining you down this rabbit hole.. what was an immediate requirement for a quick fix to a quick problem... just became a whole new world of "well.. damn I can do this in a pipeline now"
seanmcne
commented
2 years ago So glad this could help you accomplish what you needed to do! Thanks for sharing your feedback and happy you can adopt more scripting and automation 😀
cT-m00cat
commented
2 years ago @seanmcne it STARTED as a one off requirement.. then I saw the other tools.. and started off writing some automation steps... I have a need to configure dynamics on-line environments with some prerequisites... this list of prerequisites can differ from project to project but - each project will require some... I can now build a generic pipeline that takes some input variables and configures accordingly... your work here has saved me hours and hours of messing about.
Thanks a lot. Linking me to the examples was like showing me where the light switch is in that dark room...
Appreciate you and @kenakamu :)
cT-m00cat
commented
2 years ago Hi Sean Sorry for the direct approach – tell me to go away if you like 😉 I don’t mind. Really, I don’t. However, if you could spare five minutes, I really would appreciate it. First – some background – I am a COMPLETE Dynamics newbie. I got a new job with CloudThing in December and was dropped into a Dynamics project – “sink or swim” style – I am still here so, I guess I’m doing something right.
XRM.Data.PowerShell is AWESOME and the Example scripts are incredibly useful. I’m already running scripts to apply “UK / CloudThing specific default CRM Settings” and all sorts of cool stuff. You have accelerated my d365 learning curve massively. So, Thank you for this.
The use case is as follows: Each environment has a similarly named SharePoint site. The SharePoint M365 group is also used as the Dynamics Security Group. The license is assigned by adding the users to a “license group”.
I have taken your AddUsersToCrmOLFromCSV.ps1 and with the accompanying csv have successfully got it to the point where it does all the above – but it fails when assigning the security role because apparently, the user is disabled?
Example: FaultException`1 - Associate : Execute (Associate) request to CRM from IOrganizationService |=> The user with SystemUserId=****----**** is disabled. Only enabled user can be associated with a role.
I do not know enough about the CRM (yet) to know why this is.. Your work clearly can assign a role to a user – so I know it’s possible to create the user as enabled.. and I am wondering it this could be happening because of the time it takes for the license info to synchronize across maybe? Perhaps putting a sleep in there would do the trick?
I have approximately 2.5k users with different roles that need to be added – So am quite anxious to get this working. Any advice would be gratefully received, and I am more than happy to send you the edited version of the AddUsersToCrmOLFromCSV.ps1 with my additions in there.. but, just from looking at it I do not think the issue lies there as those functions are more or less as you wrote them.. You do Set-MsolUserLicense -UserPrincipalName $userPrincipalName -AddLicenses $crmLicenseName to assign the license.. I comment that out and have a connection to ExchangeOnline (after importing module) and then do the following:
Add-MsolGroupMember -GroupObjectId $LicenseGroupId -GroupMemberObjectId $msolUser.ObjectId -GroupMemberType User # the licensing security group Add-UnifiedGroupLinks -Identity "$MsolGroupName" -LinkType Members -Links "$msolUser" # The 365 group created when sharepoint site was created for environment (used as CRM security group)
Because I add them to the “license group” I also comment out this bit of the user creation: -LicenseAssignment $crmLicenseName
Everything else is the same – so I am at a loss and am trying to understand WHY it adds the user to crm in a disabled state.. once I can get past that I can assign the roles and get this job done.
Sorry for the long email – I felt this was better to reach out directly as it’s not a bug or an issue with the tools and I didn’t feel it belonged on your GitHub page.. after you pointed me in the right direction the last time I commented, with regards to promoting an app user to sysadmin in crm, I went to town with it and have all sorts of wonderful PowerShell scripts doing all kinds of useful stuff.. for this I am in your debt.
Thanks in advance – and if this is an over-reach – let me know.. and apologies if it is. Regards
@.*** Daniel Styles DevSecOps Engineer
cT-m00cat
commented
2 years ago Forget everything I wrote. I was correct in my musings... and inserting a Start-Sleep with 300 seconds gives it enough time to sync the license and assign the role.
@.*** Daniel Styles DevSecOps Engineer
seanmcne
commented
2 years ago Glad to hear you've gotten it figured out Daniel! And I'm super happy to hear what you've found here and in the .samples repo are helpful - a lot of time went into creating them but also our community of folks here have certainly helped create, curate, update, and shape the direction of what's here today and folks like yourself have been invaluable to the project! Also, I very happy to hear this has helped accelerate learning in conjunction with "getting things done" - it's always great to hear folks getting to learn while being able to accomplish something :)
Regarding your scenario, one feature many might not be aware of is Azure AD's group based licensing which auto-assigns a license when you add a member to the group.
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal
If you combine this with Dataverse's AAD linked Team's/groups you can make it possible to add a member to a group and have them provision without having to make a bunch of changes or wait on a script. https://docs.microsoft.com/en-us/power-platform/admin/manage-group-teams
PS: hopefully you don't mind, I edited your replies earlier to scrub the contact info out just in case that wasn't intended!
cT-m00cat
commented
2 years ago Thanks a lot for the info & assistance Sean… that is all incredibly helpful.
@.*** Daniel Styles DevSecOps Engineer
When I use this and do: $applicationUser=New-CrmRecord -EntityLogicalName applicationuser -Fields @{"applicationid"=$appId; "applicationname"=$myappName}
I get this:
**** FaultException`1 - Create : applicationuser |=> Expecting business column to be set for Creating business owned entities, business column is null Expecting business column to be set for Creating business owned entities, business column is null => Expecting business column to be set for Creating business owned entities, business column is null[TerminalFailure] Failed to Execute Command - Create : RequestID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx : applicationuser duration=00:00:00.0633933 ExceptionMessage = Expecting business column to be set for Creating business owned entities, business column is null Expecting business column to be set for Creating business owned entities, business column is null => Expecting business column to be set for Creating business owned entities, business column is null At C:\Users\DanielStyles\OneDrive - cloudThing\Documents\WindowsPowerShell\Modules\Microsoft.Xrm.Data.Powershell\2.8.14\Microsoft.Xrm.Data.Powershell.psm1:440 char:9
PS C:>