Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies To: Dynamics CRM 2013
This section describes the supported network, domain, and server configurations for Microsoft Dynamics CRM, which supports multiple domains in either a native- or interim-mode environment.
Active Directory requirements
The Active Directory requirements are as follows:
- The computers that run Microsoft Dynamics CRM Server 2013 roles and the computer that runs SQL Server, where the Microsoft Dynamics CRM databases are located, must be in the same Active Directory domain. 
- The Active Directory domain where a Microsoft Dynamics CRM Server 2013 role is located must run in a domain mode listed in the Active Directory modes topic. 
- The user account that is used to run a Microsoft Dynamics CRM service must be in the same domain as the computer that is running the Microsoft Dynamics CRM Server 2013 role. 
- The Microsoft Dynamics CRM security groups (PrivUserGroup, SQLAccessGroup, ReportingGroup, and PrivReportingGroup) must be in the same domain as the computer that is running Microsoft Dynamics CRM. These security groups can be located in the same organizational unit (OU) or in different OUs. To use security groups that are located in different OUs, you must install Microsoft Dynamics CRM Server 2013 by using an XML configuration file and specify the correct distinguished name for each pre-existing security group within the <Groups> element. More information: Sample server XML configuration file for installing with pre-created groups - Warning - Direct user account membership in the Microsoft Dynamics CRM privusergroup security group is required and group membership nesting under privusergroup currently is not supported. Granting membership to privusergroup through another security group can cause system-wide failures in the CRM web application and reporting features. For example, if you add a security group named mycrmprivgroupusers to privusergroup, members of mycrmprivgroupusers will not resolve as privusergroup members. This includes the CRMAppPool or the SQL Server Reporting Services service identities. 
- For users who access Microsoft Dynamics CRM from another domain and are not using claims-based authentication, a one-way trust must exist in which the domain where the Microsoft Dynamics CRM Server 2013 is located trusts the domain where the users are located. - Important - To add users to Microsoft Dynamics CRM that are not authenticated by using claims-based authentication, a two-way forest trust is required. 
Single-server deployment
For small user bases, a Microsoft Dynamics CRM Server (any edition) can be deployed in a single-server configuration, with Microsoft Dynamics CRM Server 2013, SQL Server, Microsoft SQL Server Reporting Services, and optionally Microsoft Exchange Server installed and running on the same computer.
Single-server deployments are not recommended for best experience in application performance and disaster recovery.
There is one limitation to single-server deployments: the server where Microsoft Dynamics CRM Server 2013 is installed cannot also function as a domain controller. If the computer is a member server (not functioning as a domain controller), you can deploy the Microsoft Dynamics CRM Server 2013 Full Server server role on a single Windows Server that is also running the additional required products.
Important
Running Microsoft Dynamics CRM Server 2013 in a production environment on an Active Directory domain controller is not supported.
Tip
To reduce IT administration overhead, consider running Microsoft Dynamics CRM in the cloud. More information: Microsoft Dynamics
See Also
Planning Deployment of Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM multiple-server deployment
© 2016 Microsoft Corporation. All rights reserved. Copyright