After a quick search I found this article
https://blogs.msdn.microsoft.com/ukdynsupport/2009/07/16/authentication-when-you-are-adding-a-new-user-to-crm-or-a-user-to-a-new-organization-in-crm/
So the key was the user record was in the MSCRM_CONFIG database still, as we had done a restore and org import on an earlier backup.
To identify this was actually the cause I had to find the SID for the user, without access to the AD tools, I found an article on using powershell, the following commands got me the SID
PS> $objUser = New-Object System.Security.Principal.NTAccount("{domain name}")With the returned SID I could identify the record
PS> $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
PS> $strSID.Value
S-1-5-21-1004336348-1715567821-725345543-40705
SELECT * FROM SystemUserAuthentication WHERE AuthInfo LIKE '%S-1-5-21-1004336348-1715567821-725345543-40705'I decided to update the record SID to one that will never exist rather than delete, as there could be a spider web of relationships that get really stuffed up.
UPDATE SystemUserAuthentication
SET AuthInfo = 'W:S-1-5-21-1004336348-1715567822-725345543-40705'
WHERE Id = 'CF775160-6BE6-E511-80CF-005056BD0631'After this update I was able to create the user record.
No comments:
Post a Comment