2 person working on laptop

Azure Active Directory integration with SharePoint on-premises

Reading Time: 8 minutes
IN THIS TUTORIAL, YOU LEARN HOW TO INTEGRATE SHAREPOINT ON-PREMISES WITH AZURE ACTIVE DIRECTORY (AZURE AD).

Integrating SharePoint on-premises with Azure AD provides you with the following benefits:

  • You can control in Azure AD who has access to SharePoint on-premises.
  • You can enable your users to be automatically signed-in to SharePoint on-premises (Single Sign-On) with their Azure AD accounts.
  • You can manage your accounts in one central location – the Azure portal.
PREREQUISITES

To configure Azure AD integration with SharePoint on-premises, you need the following items:

  • An Azure AD subscription. If you don’t have an Azure AD environment, you can get a free account
  • SharePoint on-premises single sign-on enabled subscription
STEPS

1. Adding SharePoint on-premises from the gallery

2. Configure Azure AD single sign-on

3. Configure SharePoint on-premises Single Sign-On

4. Enable Azure Authentication provider to Sharepoint Web application

5. Setup People picker to assign permission to the SharePoint site

6. Test the single-sign-on

let’s start with the real steps…

S-1. ADDING SHAREPOINT ON-PREMISES FROM THE GALLERY

To configure the integration of SharePoint on-premises into Azure AD, you need to add SharePoint on-premises from the gallery to your list of managed SaaS apps.

To add SharePoint on-premises from the gallery, perform the following steps:

a). In the Azure portal, on the left navigation panel, click the Azure Active Directory icon.

Azure Active Directory

b). Navigate to Enterprise Applications and then select the All Applications option.

enterprise applications

c). To add a new application, click New application button on the top of the dialog.

New applcation button

d). In the search box, type SharePoint on-premises, select SharePoint on-premises from result panel then click Add button to add the application.

search new app
Add from the gallery
S-2. CONFIGURE AZURE AD SINGLE SIGN-ON

In this section, you enable Azure AD single sign-on in the Azure portal.

To configure Azure AD single sign-on with SharePoint on-premises, perform the following steps:

  1. In the Azure portal, on the SharePoint on-premises application integration page, select Single sign-on.
Management

2. On the Select a Single sign-on method dialog, select SAML/WS-Fed mode to enable single sign-on.

Select a single sing on method

3. On the Setup Single Sign-On with SAML page, click Edit icon to open Basic SAML Configuration dialog.

Setup Single Sign-On with SAML

4. On the Basic SAML Configuration section, perform the following steps:

Basic SAML Configuration
5.  a. In the Sign-on URL text box, type a URL using the following pattern: https://sharepoint.moreyeahs.com/_trust/default.aspx b. In the Identifier box, type a URL using the following pattern: urn:sharepoint:federation c. In the Reply URL text box, type a URL using the following pattern: https://sharepoint.moreyeahs.com/_trust/default.aspx

6.  On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click Download to download the Certificate (Base64) from the given options as per your requirement and save it on your computer.
Set up Single Sign-On with SAML
Note Please note down the file path to which you have downloaded the certificate file, as you need to use it later in the PowerShell script for configuration.

7. On the Set up SharePoint on-premises section, copy the appropriate URL(s) as per your requirement. For Single Sign-On Service URL, use a value of the following pattern: https://login.microsoftonline.com/_my_directory_id_/wsfedmy_directory_id is the tenant id of Azure Ad subscription.

Set up SharePoint on-premises

Sharepoint On-Premises application uses SAML 1.1 token, so Azure AD expects WS Fed request from the SharePoint server and after authentication, it issues the SAML 1.1. token.

S-3. CONFIGURE SHAREPOINT ON-PREMISES SINGLE SIGN-ON
  1. In a different web browser window, sign in to your SharePoint on-premises company site as an administrator.
  2. Configure a new trusted identity provider in SharePoint Server 2016Sign into the SharePoint Server 2016 server and open the SharePoint 2016 Management Shell. Fill in the values of $realm (Identifier value from the SharePoint on-premises Domain and URLs section in the Azure portal), $wsfedurl (Single Sign-On Service URL), and $filepath (file path to which you have downloaded the certificate file) from Azure portal and run the following commands to configure a new trusted identity provider.
CONFIGURE SHAREPOINT ON-PREMISES SINGLE SIGN-ON
S-4. ENABLE AZURE AUTHENTICATION PROVIDER TO SHAREPOINT WEB APPLICATION

FOLLOW THESE STEPS TO ENABLE THE TRUSTED IDENTITY PROVIDER FOR YOUR APPLICATION:

a. In Central Administration, navigate to Manage Web Application and select the web application that you wish to secure with Azure AD.

b. In the ribbon, click Authentication Providers and choose the zone that you wish to use.

c. Select Trusted Identity provider and select the identity provider you just registered named AzureAD.

d. On the sign-in page URL setting, select Custom sign in page and provide the value “/_trust/”.

e. Click OK.

Authentication Providers
S-5. SETUP PEOPLE PICKER TO ASSIGN PERMISSION TO THE SHAREPOINT SITE

Download the People picker form this link – https://yvand.github.io/AzureCP/

  • -Download AzureCP.wsp.
  • -Install and deploy the solution:
    Open Sharepoint management shell and run below command
    Add-SPSolution -LiteralPath "F:\Data\Dev\AzureCP.wsp"Install-SPSolution -Identity “AzureCP.wsp” -GACDeployment
  • Associate AzureCP with a SPTrustedIdentityTokenIssuer:
    $trust = Get-SPTrustedIdentityTokenIssuer "AzureAD"$trust.ClaimProviderName = “AzureCP”
    $trust.Update()
  • Visit central administration > System Settings > Manage farm solutions: Wait until solution status shows “Deployed”.
  • Update assembly manually on SharePoint servers that do not run the service “Microsoft SharePoint Foundation Web Application” (see below for more details).
  • Restart IIS service and SharePoint timer service on each SharePoint server.
    5.1 ADD AN APPLICATION IN YOUR AZURE AD TENANT TO ALLOW AZURECP TO QUERY IT.

    Sign in to the Azure portal and browse to your Azure Active Directory tenant

    Go to “App Registrations” > “New registration” > Type the following information:

    Name: e.g. AzureCP
    Supported account types: “Accounts in this organizational directory only (TenantName)”

    Click on “Register”

    Note: Copy the “Application (client) ID”: it is required by AzureCP to add a tenant.

    Click on “API permissions” and remove the permission added by default.

    Click on “Add a permission” > Select “Microsoft Graph” > “Application permissions” > Directory > Directory.Read.All > click “Add permissions”

    Click on “Grant admin consent for TenantName” > Yes

    Note: “After this operation, you should have only the Microsoft Graph > Directory.Read.All permission, of type “Application”, with admin consent granted.

    Click on “Certificates & secrets” > “New client secret”: Type a description, choose a duration and validate.

    Note: Copy the client secret value: it is required by AzureCP to add a tenant.

  • Configure AzureCP for your environment.
    Go to SharePoint Central administration and select AzureCP
security

Click to Global Configuration and fill the below detail-
Azure Tenant Name – tenant.onmicrosoft.com
Application ID –  Which is copied at the time of App registration
Application Secret – Which is copied at the time of App registration

Global Configuration and fill the below detail
5.2 GRANT ACCESS TO THE AZURE ACTIVE DIRECTORY USER

The user or group must be granted access to the application in SharePoint on-premises. Use the following steps to set the permissions to access the web application.
        Note-*  For the group, we have to update the manifest file of registered SharePoint-On-premises application, In the manifest file update the below the property.
        Modify groupMembershipClaimsNULL, To groupMembershipClaimsSecurityGroup. Then, click on Save

GRANT ACCESS TO THE AZURE ACTIVE DIRECTORY USER

Now lest assign the permission- In Central Administration, click on Application Management, Manage web applications, then select the web application to activate the ribbon and click on User Policy.

Application Management, Manage web applications

Under Policy for Web Application, click on Add Users, then select the zone, click on Next. Click on the Address Book.

Under Policy for Web Application

Then, search for and add the Azure Active Directory Security Group and click on OK.

Azure Active Directory Security

See under Policy for Web Application, the Azure Active Directory Group is added. The group claim shows the Azure Active Directory Security Group Object ID for the User Name.

Azure Active Directory Group

See under Policy for Web Application, the Azure Active Directory Group is added. The group claim shows the Azure Active Directory Security Group Object ID for the User Name.

Azure Active Directory Group is added

Browse to the SharePoint site collection and add the Group or user there, as well. Click on Site Settings, then click Site permissions and Grant Permissions. Search for the Group Role claim, assign the permission level and click Share.

Site permissions
S-6. TEST THE SINGLE-SIGN-ON

Before the test, the single-sign-on, Let’s configure the seamless authentication setting so that internal users can auto-login to the SharePoint site with their windows logged-in account(Machine should be domain joined )
Here I will only show you the Group policy part, reaming AAD connector configuration you can do by following this article – https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

GROUP POLICY” OPTION – DETAILED STEPS
  1. Open the Group Policy Management Editor tool.
  2. Edit the group policy that’s applied to some or all your users. This example uses the Default Domain Policy.
  3. Browse to User Configuration > Policy > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page. Then select Site to Zone Assignment List.
GROUP POLICY OPTION
4. Enable the policy, and then enter the following values in the dialog box:
  • Value name: The Azure AD URL where the Kerberos tickets are forwarded.
  • Value (Data): 1 indicates the Intranet zone.The result looks like this:Value name: https://autologon.microsoftazuread-sso.comValue (Data): 1
Enable the policy
5. Browse to User Configuration > Policy > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Intranet Zone. Then select Allow updates to the status bar via script.
Allow updates to the status bar via script

6. Enable the policy setting, and then select OK.

Enable the policy setting, and then select OK
TEST THE FEATURE

To test the feature for a specific user, ensure that all the following conditions are in place:

  • The user signs in on a corporate device.
  • The device is joined to your Active Directory domain. The device doesn’t need to be Azure AD Joined.
  • The device has a direct connection to your domain controller (DC), either on the corporate wired or wireless network or via a remote access connection, such as a VPN connection.
  • You have rolled out the feature to this user through Group Policy.

To test the scenario where the user enters only the username, but not the password:

  • Sign in to https://myapps.microsoft.com/ in a new private browser session.

To test the scenario where the user doesn’t have to enter the username or the password, use one of these steps:

  • Sign in to https://myapps.microsoft.com/contoso.onmicrosoft.com in a new private browser session. Replace contoso with your tenant’s name.
  • Sign in to https://myapps.microsoft.com/contoso.com in a new private browser session. Replace contoso.com with a verified domain (not a federated domain) on your tenant.

 

 

Thank You

 

Reference link – https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/sharepoint-on-premises-tutorial
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

Graphical bar of company

VM-Automation(VMWare)

Reading Time: 4 minutes

VM AUTOMATION TOOL

OVERVIEW

VM Automation is the process of the creation and configuring of the virtual machine on VMWare vSphere center using an easy custom SharePoint portal.

It’s majorly developed to facilitate IT Admins to provide them an easy portal from where they can create & configure the VMs without going to the VCenter portal and in less time.

This is not just a VM automation tool its a complete process of (creation, configuration, IP set, domain join, apply security policies, etc).

By reading this article you will find more interesting this.. so let’s move on.

GOALS

The main goal of developing the VM Automation tool is to make life easier for the admins.
Here are the following goals:

  1. Create and configure Virtual machines with automated processes using a simple GUI portal.
  2. Server hardening to set several server policies at one click.
  3. Enhanced portal security and easy access for company users.
  4. Generate a complete report of VMs, it’s helpful to keep as documentation and future purpose.

TECHNOLOGY USED

SharePoint(In our case) – it can be any custom portal

Windows Powershell ISE

VMware Vcenter

WINRM Service

LETS START WITH THE REAL STEPS…..
STEP- 1 WRITE YOUR BACK-END CODE IN POWERSHELL

In this step, we will only show few functions which can helps you to develop the whole script.

Well explained document with 4 step
STEP-2 HOST THIS POWERSHELL SCRIPT USING WINDOWS HTTPS LISTENER SERVICE TO CALL IT FROM EXTERNALLY LIKE AN API.

Prepare the HTTPS Listener service- Buy the SSL certificate and install it at the certificate store.

To install or view certificate for the local computer:

Click on Start and then Run (or using keyboard combination press Windows-key+R)

  1. Type MMC and then press Enter.
  2. Select File from menu options and then click on Add or Remove Snap-ins
  3. Select Certificates and click Add.
  4. Go through the wizard selecting Computer account.  

Install or view the certificates under:

 Certificates (Local computer)–>  Personal–> Certificates

console1 window

Once the certificate is installed, we will configure WINRM to listen on HTTPS:

Configure WinRM for HTTPS 

Configuring for HTTPS involves following steps.

  • Check whether the WinRM service is running
    WinRM is installed by default in all supported Windows machines. Ensure that service is in running state in services.
windows remote Management

Create HTTPS listener
By default when you run winrm quickconfig command WinRM is only configured for HTTP (port 5985). You can check already registered listeners by running the following command
WinRM e
winrm/config/listenerYou will see output like below.

Administrator window

Copy the thumbprint of the imported certificate to clipboard and run the following command. This command will register the HTTPS listener in WinRM

winrm create window

winrm create winrm/config/Listener?Address=*+Transport=HTTPS ‘@{Hostname=”VMwareautomation.contoso.com”; CertificateThumbprint=”‎bb 9d a3 ee 72 96 9c 10 7b 71 fb fb 44 30 e7 18 73 3f 86 13}’Validate HTTPS listenerYou can verify listener you added by running the same command you used above – WinRM e winrm/config/listener.
This will show the new HTTP listener now along with HTTPS service.

Administrator : Windows PowerShell

Now, add below HttpListener code to your powershell back-end script.

A well explained document

Example- After adding whole script will look like this-

  • Add firewall exception – Allow port from the firewall
  • Verify you can connect to the machine via HTTPS

Step-3 Create a Custom portal- In our case we are using the SharePoint.

There are five steps(Pages) you have to develop in your portal.

1. Connect to VCenter

Connect to vcenter window

2. Build VM
Every function or field on the page connected through the individual’s APIs which get the data from the VMWare and perform the actions.

Build VM Window

3. VM Customization

This page is generally used to customize the VM after creating on the Vmware.

Customization Like – Setting up VmName/ComputerName, Set local administrator password, Setting up IP Address, Add VM to “contoso.com” domain, etc.

This whole process using the Vmware profiles which are already created with a basic setup like- domain name, run Sysprep, Use Computer name same as Vmname, Timezone, Static IP mode.

4. Server Hardening

Server hardening: The server hardening is the another most important feature implemented in this portal from where you can set the multiple security policies of a server at one place without going into the manually.

To set the policies user must have to select properties of the hardening using this page and click on the start hardening button. 

Server Hardening

5. Reports

VM information window

Thank you

installation process of Dynamics 365 CRM

Dynamics 365 CRM 2016 Installation

Reading Time: 15 minutes

Overview

This document shows the installation process of Dynamics 365 CRM 2016 installation and configuration with reporting services extension.

Prerequisite

  1. Prepare vms for SQL and Dynamic 365 Server
  2. Create and assign permission to service account (SQL & CRM)
  3. Installation Media files for installing the sql and dynamics crm

System requirement for 8.2 & 9.0

  • Software requirements
  • Hardware requirements

Note*- Refer this document for recommended software and hardware requirements

Installation Steps

  1. Create an Organizational Unit in active directory to stores all service account
  2. Create Service accounts and assign permissions
  3. Install and configure SQL server
  4. Install and configure Dynamic CRM 2016

Note* Installation steps will be the same for both types of CRM versions, With this installation, we are assuming the Active Directory domain controller setup is already.

Software requirements for 8.2

Windows Server

This version of Microsoft Dynamics 365 Server can be installed only on Windows Server 64-bit-based computers. The specific versions and editions of Windows Server that are supported for installing and running this version of Microsoft Dynamics 365 Server are listed in the following sections

Supported Windows Server editions

  • Windows Server 2012 Datacenter
  • Windows Server 2012 Standard
  • Windows Server 2012 R2 Datacenter
  • Windows Server 2012 R2 Standard
  • Windows Server 2016 Standard
  • Windows Server 2016 Datacenter

Important*

The following Windows Server versions are not supported for installing and running this version of Microsoft Dynamics 365 Server:

  • Windows Server 2016 Essentials
  • Windows Server 2012 Foundation
  • Windows Server 2012 Essentials
  • Microsoft Windows Small Business Server editions
  • The Windows Server 2008 family of operating systems

SQL Server

Supported SQL Server Editions

The following SQL Server Editions are supported with the recommendation that the latest Windows updates are applied.

  • Microsoft SQL Server 2012 Enterprise SP1 (x64)
  • Microsoft SQL Server 2012 Business Intelligence SP1 (x64)
  • Microsoft SQL Server 2012 Standard SP1 (x64)
  • Microsoft SQL Server 2012 Developer SP1 (x64)(for non-production use only)
  • Microsoft SQL Server 2014 Enterprise with Service Pack 2 (x64)
  • Microsoft SQL Server 2014 Business Intelligence with Service Pack 2 (x64)
  • Microsoft SQL Server 2014 Standard with Service Pack 2 (x64)
  • Microsoft SQL Server 2014 Developer with Service Pack 2 (x64) (for non-production use only)
  • Microsoft SQL Server 2016, Developer, with Cumulative Update 2 (CU2) (for non-production use only) Must have updates installed from Update Catalog
  • Microsoft SQL Server 2016, Standard with Cumulative Update 2 (CU2) Must have updates installed from Update Catalog
  • Microsoft SQL Server 2016, Enterprise with Cumulative Update 2 (CU2) Must have updates installed from Update Catalog

Important*

  • *For recommendations that help improve performance when you use SQL Server 2016 with Microsoft Dynamics 365, see Improve performance when you use Microsoft Dynamics 365 with SQL Server 2016.
  • 32-bit versions of Microsoft SQL Server database engine are not supported for this version of Microsoft Dynamics 365.
  • SQL Server Compact or Microsoft SQL Server Express editions are not supported for use with this version of Microsoft Dynamics 365 Server.
  • Microsoft SQL Server 2008 versions are not supported for use with this version of Microsoft Dynamics 365 Server.

Hardware requirements

Dynamics crm 2016 Server Hardware Requirements

Component *Minimum *Recommended
Processor x64 architecture or compatible dual-core 1.5 GHz processor Quad-core x64 architecture 2 GHz CPU or higher such as AMD Opteron or Intel Xeon systems
Memory 4 GB RAM 8 GB RAM or more
Hard disk 10 GB of available hard disk space 40 GB or more of available hard disk space

* Actual requirements and product functionality may vary based on your system configuration and operating system.

Note*

Running Dynamics 365 for Customer Engagement on a computer that has less than the recommended requirements may result in inadequate performance.

Computers with more than 16 GB of RAM will require more disk space for paging, hibernation, and dump files.

The minimum and recommended requirements are based on 320-user load simulation tests.

Microsoft SQL Server hardware requirements

Component *Minimum *Recommended
Processor x64 architecture or compatible dual-core 1.5 GHz processor Quad-core x64 architecture 2 GHz CPU or higher such as AMD Opteron or Intel Xeon systems
Memory 4 GB RAM 16 GB RAM or more
Hard disk SAS RAID 5 or RAID 10 hard disk array SAS RAID 5 or RAID 10 hard disk array

 

*Actual requirements and product functionality might vary based on your system configuration and operating system.

Maintaining Dynamics 365 for Customer Engagement databases on a computer that has less than the recommended requirements may result in inadequate performance.

The minimum and recommended requirements are based on 320-user load simulation tests.

Software requirements for 9.0

Windows Server

This version of Dynamics 365 Server can be installed only on Windows Server 64-bit-based computers. The specific versions and editions of Windows Server that are supported for installing and running this version of Dynamics 365 Server are listed in the following sections.

Supported Windows Server 2016 editions

The following editions of the Windows Server 2016 operating systems are supported for installing and running Dynamics 365 Server:

  • Windows Server 2016 Standard
  • Windows Server 2016 Datacenter

Important*

The following Windows Server versions are not supported for installing and running this version of Dynamics 365 Server:

  • Windows Server 2016 Essentials
  • Windows Server 2012 family of operating systems
  • Windows Server 2012 R2 family of operating systems
  • The Windows Server 2008 family of operating systems

SQL Server

SQL Server editions

Any one of the following SQL Server editions is required, running, and available for Dynamics 365 for Customer Engagement:

  • Microsoft SQL Server 2017 Enterprise1
  • Microsoft SQL Server 2017 Standard1
  • Microsoft SQL Server 2017 Developer (for non-production use only)1
  • Microsoft SQL Server 2016 Enterprise, with Service Pack 2
  • Microsoft SQL Server 2016 Standard, with Service Pack 2
  • Microsoft SQL Server 2016 Developer, with Service Pack 2 (for non-production use only)

Important*

Hardware requirements

Dynamics 365 Server Hardware Requirements

Component *Minimum *Recommended
Processor x64 architecture or compatible dual-core 1.5 GHz processor Quad-core x64 architecture 2 GHz CPU or higher such as AMD Opteron or Intel Xeon systems
Memory 4 GB RAM 8 GB RAM or more
Hard disk 10 GB of available hard disk space 40 GB or more of available hard disk space

 

* Actual requirements and product functionality may vary based on your system configuration and operating system.

Note*

Running Dynamics 365 for Customer Engagement on a computer that has less than the recommended requirements may result in inadequate performance.

Computers with more than 16 GB of RAM will require more disk space for paging, hibernation, and dump files.

The minimum and recommended requirements are based on 320-user load simulation tests.

Microsoft SQL Server hardware requirements

Component *Minimum *Recommended
Processor x64 architecture or compatible dual-core 1.5 GHz processor Quad-core x64 architecture 2 GHz CPU or higher such as AMD Opteron or Intel Xeon systems
Memory 4 GB RAM 16 GB RAM or more
Hard disk SAS RAID 5 or RAID 10 hard disk array SAS RAID 5 or RAID 10 hard disk array

 

Installation Steps

1. Create an Organizational Unit in active directory to stores all service account

Go to Active directory, right click on the domain, select Organizational Unit from the menu to create new OU for CRM2016.

Enter name for OU example – CRM2016

2.Create below Service accounts and assign permissions

Service Accounts Purpose
CrmSandbox   Microsoft Dynamics 365 Sandbox Processing

service account

CrmAsynchronous   Microsoft Dynamics 365 Asynchronous Processing

Service and

  Asynchronous Processing Service (maintenance)

services account

CrmMonitoring   Microsoft Dynamics 365 Monitoring service

account

CrmVss   Microsoft Dynamics 365 VSS Writer service

account

CrmDeployment   Microsoft Dynamics 365 Deployment Web Service

account

CrmAppPool   Microsoft Dynamics 365 Application Service

account

CrmAdmin Microsoft SQL 2016 Service account (same admin account)
CrmDbAgent Microsoft SQL 2016 Agent Service account
CrmDbReporting Microsoft SQL 2016 Reporting Service

Note*- Depending on the installation type we can choose to create and use the single or multiple service accounts for SQL and CRM, basically in the multi-server farm, the best recommendation to use the separate service account. But in the test or single server farm environment, we can create two accounts one for SQL service and another for CRM service instead of creating a separate one for each service. 

Let’s look at an example to create a service account

Go to Active directory & expand it, Right click on the OU(CRM2016), click on New and select User from the listed option

Enter the details of the service account, here we are creating a test svc account for example

Select Next and enter and confirm the password for this service account

Note*- follow the same steps for the rest of the service account

2.1 Assign permission to service account

Add the user account of the user who is installing Microsoft Dynamics CRM as a member of the local administrators group. To do this, follow these steps on the Microsoft Dynamics CRM server and on the computer that is running Microsoft SQL Server:

  1. Log on to the server as a user who has local administrator permissions.
  2. Click Start, point to Administrative Tools, and then click Computer Management.
  3. Expand System Tools.
  4. Expand Local Users and Groups.
  5. Click Groups.
  6. Right-click Administrators, and then click Properties.
  7. To add the account of the user who is installing Microsoft Dynamics CRM, click Add.

CRMADMIN :In our case, the crm Admin account is performing the installation of Dynamic CRM and SQL server, so we have added the crmadmin in the local administrator group by following above steps.

 

Delegate permission: For the ”CRM Admin” user who is installing Microsoft Dynamics CRM, add the following permissions to the organizational unit (CRM2016) in the Active Directory directory service. You must do this step for the OU to which you select to install during the installation of Microsoft Dynamics CRM i.e CRM2016.

Permissions

  • Read
  • Create All Child Objects

Permissions: To add the delegate permissions, follow these steps:

  1. Log on to the domain controller server as a user who has domain administrator permissions.
  2. Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
  3. On the View menu, click Advanced Features.
  4. In the navigation pane, find the CRM2016 OU that we are using for the Microsoft Dynamics CRM installation.
  5. Right-click the OU, click Delegate permission, and then click on the Add button and search for CRMAdmin
  1. Once user is able to search, Add it and click on the Next for assign permission.
  2. Select “Create a custom task to delegate” and click Next
  3. Keep the default option and hit Next again
  1. In the below option, click to select the check box for the Create All Child Objects permission and click Next.

Note* By default, the Allow check box is selected for the Read permission.

Advanced permissions

  • Read Permissions
  • Modify Permissions
  • Read Members
  • Write Members
    To add the delegate permissions, follow these steps:
  1. Log on to the domain controller server as a user who has domain administrator permissions.
  2. Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
  3. On the View menu, click Advanced Features.
  4. In the navigation pane, find the CRM2016 OU that we are using for the Microsoft Dynamics CRM installation.
  5. Right-click the OU, click Delegate permission, and then click on the Add button and search for CRMAdmin user.
  1. Once user is able to search, Add it and click on the Next for assign permission.
  1. Select “Delegate the following common task” and check “Modify the group membership of a group” and click Next.
  2. Click finish

2.3 Performance counter permissions

Follow these steps on the Microsoft Dynamics CRM server and on the computer that is running Microsoft SQL Server:

  1. Log on to the server as a user who has local administrator permissions.
  2. Click Start, point to Administrative Tools, and then click Computer Management.
  3. Expand System Tools.
  4. Expand Local Users and Groups.
  5. Click Groups.
  6. Right-click on Performance log user, and then click Properties.
  7. To add the accounts of the users who will run the Microsoft Dynamics CRM services, click Add.
    Service accounts : CrmApp pool, CrmAsynchronous, CrmSandbox, CrmVss

Note*- By completing above steps you have completed the permission part. Now lets move to the installation part.

  1. Install and configure the SQL server

For Dynamic CRM 8.2, We will use SQL server 2014 (See supported sql versions above)

  1. To install SQL, log in SQL server using CRM Admin account which is already permitted by adding in the local administrator group.
  2. Mount Sql server media and run the setup file
  3. Click to New SQL server stand-alon installation or add features to an existing installation.
  4. System check, Should be passed before continue
  5. Enter the SQL server key
  6. Accept the licence terms and click to Next
  7. Select SQL server feature Installation
  8. Check the following features under multiple selection and click next.
  • Database Engine Services
  • Full-Text and Semantic Extraction for Search
  • Reporting Services – Native
  • Client Tools Connectivity
  • Integration Services
  • Client Tools Backwards Compatibility
  • Client Tools SDK
  • Management studio tool

Note*- As we are using the SQl server 2014 for 8.2 version, here above listed features available to select, but when you will use SQl 2017 for Dynamics 9.0 you will need to install the management studio and reporting services features externally by running the setup individually.

  1. Provide the name of the SQL Instance
  2. Enter the service account for respected services(Ex: contoso\serviceaccount)
  3.  Select Authentication mode, here we are selecting Mixed mode authentication which means users can logon to the SQL server using both method Windows & SQL auth.
  4. Add user account for sql server administrators and click to Next
    We have added current user which is Crm Admin, Domain Administrator account and local administrator in case of any Disaster recovery.
  5.  Again click Next with default selection “Install and configure”
  6. Review the features and click to install and wait until the features are not installed with the success message, finally click finish.
  7.  After installation is finished. Search for the SQL management studio in windows search and hit to open it. Then click on connect and select database engine service.
  8.  You will see a window like the one below then click on Connect.
    As we have configured mixed mode authentication at the time of installation, you can connect with both methods(Windows & SQL server auth ), Sql server auth requires to enter the username (sa) and password(which is set with mixed mode). Restart the server.
  1. Install and configure CRM 2016
    The installation steps will be the same for both versions of the CRM 8.2 and 9.0. Please make sure Server’s Automatic update should be enabled before running the CRM setup.
    – To check it open cmdlet using key Wind+R –>Type ‘cmd’
    – Once cmd open type “sconfig”, it will open a new cmd window like below, here at number 5 you can see Windows update settings: You can change the current setting by selecting this option by entering 5 and enter. Type A for automatic and done.
    Note*- Once installation has been done you can revert back this setting to default by following the same process. The default setting is “Download only
    You can download the CRM server setup and can find trial key by clicking on the details tab from microsoft’s official site
    Microsoft Dynamics CRM Server 2016 8.0
    https://www.microsoft.com/en-us/download/details.aspx?id=50372
    Dynamics 365 Server, version 9.0
    https://www.microsoft.com/en-us/download/details.aspx?id=57478

Now let’s start the installation part –

  1. To Install the CRM setup , login to the CRM server using Crm Admin account.
  2. Mount the CRM media and run the setup ‘Setupserver.exe’
    Run Microsoft Dynamics CRM Server Setup by navigating to the directory. It is recommended to do it with Run as Administrator
  3. Welcome to Microsoft Dynamics CRM Server Setup page,On this page, we recommend that you click Get updates for Microsoft Dynamics CRM, to make sure that Set Up has the most recent installation files. Click Next.If there is no update needed you can proceed with the setup by clicking Next.
  4. Product Key Information : The next step is to enter the product key. You may insert a valid commercial product key or can use trial key.
  5. License Agreement page ,On the License Agreement page, review the information and, if you accept the license agreement, click I accept this license agreement, and then click I Accept.
  6. Install Required Components If Setup detects that components are missing, the Install Required Components page appears.- If you have already installed the required components, this page will not appear.
    – If you have not installed the required components listed, you can install them now. ClickInstall. When the components are installed, the status column will change from Not Installed to Installed, and you can click Next to continue.

Note: If you are prompted to restart the computer, do so, and then start Setup again.

  1. Once successfully installing all the required components, press Next to continue with the setup.
  2. Select Installation Location On the Select Installation Location page, accept the default location or enter a different file installation location, and then click Next.
  3. Specify Server roles ,Here you can specify the server roles to install in the current server To take advantage of additional performance and scaling benefits in enterprise deployments, consider distributing specific server functionality, components, and services or server roles on different servers. Microsoft Dynamics CRM 2016 supports distribution and scaling of server roles across multiple servers.There are 2 new services as part of the Back End Server roles and the Deployment Administration Server roles. These are the Email integration Service and the VSS writer service.
Email Integration Service Handles sending and receiving of email messages by connecting to an external email server
VSS Writer Service This service provides an interface to backup and restore Dynamics CRM data by using the Windows Server Volume Shadow Copy Service (VSS) infrastructure
  1. Specify Deployment Options On the Specify Deployment Options page, select the name of the computer that is running SQL Server to use the deployment box, type or select the instance of Microsoft SQL Server that will be used to store the Dynamics CRM database (MSCRM_CONFIG) For a new installation of Dynamics CRM, we select the option Create a new deployment.
  2. Select the Organizational Unit On the Select the Organizational Unit page, click Browse to display your Active Directory structure. Select the location where you want the Microsoft Dynamics CRM organizational unit to be installed into, click OK, and then click Next. Microsoft Dynamics CRM security groups are     created in this organizational unit.
  3. Specify Service Accounts On the Specify Service Accounts page, select the security accounts for the Microsoft Dynamics CRM services, and then click Next.For each service, we strongly recommend that you select a low-privilege domain account that is dedicated to running these services and is not used for any other purpose.

Additionally, the user account that is used to run a Microsoft Dynamics CRM service cannot be a Microsoft Dynamics CRM user. This domain account must be a member of the Domain Users group.

Additionally, if the Asynchronous Service and Sandbox Processing Service roles are installed, such as in a Full Server or a Back End Server installation, the domain account must a member of the Performance Log Users security group.

There are a couple of new services in CRM 2016

Monitoring Service Monitors all Microsoft Dynamics CRM 2015 server roles that are installed on the local computer. This service is used to detect expired digital certificates that may affect Microsoft Dynamics CRM 2015 services that are running in the deployment.
VSS Writer service The Microsoft Dynamics CRM VSS Writer service provides an interface to backup and restore Dynamics CRM data by using the Windows Server Volume Shadow Copy Service (VSS) infrastructure.
In our case below service account will be used with this format domain\service ACCOUNT

contoso\CrmSandbox – Sandbox Processing service
contoso\CrmAsynchronous – Asynchronous Processing Service
contoso\CrmMonitoring – Monitoring services
contoso\CrmVss – VSS Writer service
contoso\CrmDeployment – Deployment Web Service
contoso\CrmAppPool – Application Service account

  1. Select a Web Site On the Select a Web Site page, click Create a new Web site or click Select a Web Site and select a website from the list. By default, Setup will use the default website.
    When you select the Create a new Web site option, Setup creates a new website for Microsoft Dynamics CRM. You can specify the following option:Port Number: Type the TCP port number that Microsoft Dynamics CRM clients will use to connect to the Microsoft Dynamics CRM Server 2016. The default port number is 5555. Click Next

Note*- We strongly recommend that you verify the status of the existing website before you specify Setup to use an existing website.If you select a network port other than a default port, ensure that the firewall does not block the port.

  1. Specify E-mail Router Settings On the Specify E-mail Router Settings page, in the Email Router server name box, type the name of the computer where the Email Router will be installed.This computer will route Microsoft Dynamics CRM email messages. If you will not install the Email Router you can leave this box blank. However, if you install the Email Router later you must add the computer where the Email Router service is running when you use Local System, or if you use a domain user account, the account, to the PrivUserGroup security group. Click Next

Note: If you want to use Server Side Synchronization or do not want to specify the email router name you can leave it blank and click Next

  1. Specify the Organization Settings, On the Specify the Organization Name page, specify the following information.
    – In theDisplay Name box, type the name of your organization.
    – In theUnique Database Name box, you can keep the name that is automatically generated or you can type a unique name that must be limited to 30 characters. Spaces and extended characters are not allowed.Important: After Setup is complete, you cannot change the database collation, base ISO currency code, or the organization unique name. However, you can change the base currency name and base currency symbol.
  2. Specify Reporting Services Server On the Specify Reporting Services Server page, type the Report Server URL. Make sure that you use the Report Server URL, not the Report Manager URL.To verify that you are using the correct URL, in a browser, type the Report Server URL as the address.Click Next
  3. Help us Improve the Customer ExperienceOn Help Us Improve the Customer Experience page, select whether you want to participate in the Customer Experience Improvement Program, and then click Next
  4. Select Microsoft Update Option page On the Select Microsoft Update Option page, you must select either of the following options.Use Microsoft Update when I check for updates (recommended) – By selecting this option, Microsoft Dynamics CRM Server will use the Microsoft Update settings on the computer. I don’t want to use Microsoft update- You should only select this option if the computer uses another method to install updates such as by using Microsoft Windows Server Update Services (WSUS).
  5. System Checks This page is a summary of all requirements and recommendations for a successful installation. Errors must be resolved before installation can continue. If no errors, or only warnings appear, you can continue with the installation. To do this, click Next
  6. Ready to Install Microsoft Dynamics CRM, Review the Ready to Install Microsoft Dynamics CRM page, and then click Back to correct any warnings. When you are ready to continue, click Install.
  7. The installation will take sometime, one installation is finished you will see a screen like below.

Dynamics CRM Installation is completed…….
Run this link on the server and give your credentials of CRM administrator

http://myservername (in case default site chosen at the time of installation at 13th step)

https://myservername:5555 (When we select the option to create new site at 13th step.)

Install Microsoft Dynamics CRM 2016 Reporting Extensions

You must complete Microsoft Dynamics CRM Server Setup before you run CRM Reporting Extensions Setup. You must run Microsoft Dynamics CRM Reporting Extensions Setup on a computer that has a supported version of Microsoft SQL Server Reporting Services installed

You can locate the setup file from ..\Server\amd64\SrsDataConnector folder, double click SetupSrsDataConnector.exe

  1. Welcome to Microsoft Dynamics CRM Reporting Extensions Setup Select whether you want to update Microsoft Dynamics CRM Server Setup. We recommend that, if updates are available, you let Setup download the latest version.To do this, click Get updates for Microsoft Dynamics CRM, wait until the update process is complete, and then click Next
  2. License Agreement Review the information and, if you accept the license agreement, click I accept this license agreement, and then click I Accept.
  3. Install Required Components If Setup detects that components are missing, the Install Required Components page appears.
    3.1  If you have already installed the required components, this page will not appear.
    3.2 If you have not installed the required components listed, you can install them now. ClickInstall. When the components are installed, the status column will change fromMissing to Installed, and you can click Next to continue.
  4. Specify Configuration Database Server If you are using the default instance of SQL Server, enter the name of the computer that is running SQL Server and contains the Microsoft Dynamics CRM configuration database that is named MSCRM_CONFIG, and then click Next.
    Note: If you are not using the default SQL Server instance, enter <machine-name>\<instance-name>
  5. Specify SSRS Instance Name Select a Microsoft SQL Server Reporting Services instance that will be used for Microsoft Dynamics CRM reporting, and then clickNext.
  6. Select Microsoft Update Option Select whether you want to use Microsoft Update for checking for updates for your Microsoft products, and click Next.We recommend that you use the Microsoft Update to check for updates because this keeps your computer up-to-date and secure.
  7. Select Installation Location Click Browse, and select a path where you want to install CRM Reporting Extensions, and then click Next.
  8. System Checks This page is a summary of the requirements for a successful CRM Reporting Extensions installation.
    – Errors must be corrected before installation can continue. All errors must be resolved.
    – If no errors or only warnings appear, you can continue with the installation.
    To do this, click Next.- You may get the below error id the Microsoft SQL Server 2014 Reporting Service was installed via default settings- then the service account is set to Report Server
  1. To resolve the issue, open the Reporting services configuration manager and update the Service Account to something else such as “NetworkService”Once you click on Apply, you will be prompted for the File Location and the password of the Back Encryption Key. Click Apply and Exit
  1. Ready to install Microsoft Dynamics CRM Reporting Extensions Review this page, and then click Back to correct any errors. When you are ready to continue, click Install.

Microsoft Dynamics CRM Reporting Extensions Setup Completed Click Finish Thanks…….

Reference links –
Compatibility with Microsoft Dynamics CRM 2016
https://support.microsoft.com/en-in/help/3124955/compatibility-with-microsoft-dynamics-crm-2016

Microsoft Dynamics 365 Server hardware requirements
https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/microsoft-dynamics-365-server-hardware-requirements

Software requirements for Microsoft Dynamics 365 Server
https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/software-requirements-for-microsoft-dynamics-365-server

Dynamics 365 Installation – Hardware and Software requirements
https://community.dynamics.com/365/b/mfasih365crm/posts/dynamics-365-installation-part-2-hardware-and-software-requirements

Microsoft Dynamics 365 system requirements and required technologies
https://www.inteltech.com/wp-content/uploads/2017/01/Dynamics-365-system-requirements.pdf

Microsoft Dynamics 365 On-Premises Cumulative Updates
https://support.microsoft.com/en-us/help/3142345/microsoft-dynamics-365-onpremise-cumulative-updates