AX 2012 - Using Active Directory Groups for Security
I wanted to spend a little time in this post, to focus in on somthing that I don't think has had a lot of coverage, but is somthing worth while to note. You have seen me post, in the past about security for AX 2012, with the following.:
- AX 2012 - Security Development Tool (Beta)
- Microsoft Dynamics AX 2012 and the use of Claims Based Security
- Microsoft Dynamics AX 2012 - Security Architecture Overview
- AX 2012 and the use of the new Extensible Data Security Framework
- AX 2012 - Security Model Design Considerations
- Ax 2012 and the impact of Design with the new Security Model
- AX 2012 - Hiding a form control withut code
- AX 2012 - Security Tools Review
Well today, I wanted to spend time on this topic again, and focus back on the fact that you can make use of Active Directory Groups when creating user accounts inside Dynamics AX 2012. I'm not talking about the import process by AD Group, which is possible and speeds things up a bit. No, I'm talking about assigning a User Account Type of Active Directory Group.
We start by going to the System Administration module, Common, users, Users form. In doing this, we need to click on the new user button that you see in the image below.:
In doing this, we should see a screen similar to what you see below, which is from the Public Sector, demo image for AX 2012.
Now that we have this form openned, we are ready to add our AD group, user account type. It's important to point out, that you must start with changing the account type on the form to Active Directory group as shown below.
Now that we have this, and have selected the desired starting legal entity, we can move to setting the user id, which is the internal user id used in AX 2012 that is assiocated to every transaction done by someone within this group from Active Directory.
Filling this out, next we want to enter in the Network Domain, and finally the Alias that is used within AD to identify the group. Since we are using the Demo image, we will make use of a group from Contoso.com. I'm going to make the choice of CSHelpDesk, in this case. In doing this, and filling out the form, you should see something similar to the below.
Notice, that the user id for this AD Group is set, along with I've assgined a Security Role to this AD Group. This Security Role not is applied to all users within the Active Directory Group. Further, what needs to be understood, is that user options as well as Role Center profile assoication is now tied to the AD Group vs. specific AD users.
With this, we can see how an Active Directory Group can be assigned security rights within AX 2012. However as you can see from the above, things like internal user id for AX, user options & Role Center profiles are not actually AD user specific in this setup. Further, user relations as it relates to employee information, becomes disconnected and not possible. So you have some considerations to keep in mind when you make the choice of using Account Type of Active Directory group vs. Active Directory user.
Well that's all for now, check back soon as more to come. Till Next Time!
Top 100 Update: I did want to take this time, at this end of this post and say I'm Honored to have been listed again in the DynamicsWorld.co.uk Top 100 most influential people in the world for Microsoft Dynamics. This year I was ranked 19! Congrats to everyone on the list and it's my honor to be listed among such great people. The work that everyone does to build this community, always encourages me! A direct link to the ranking can be found here.: Top 100 - Brandon George - 19
Visit Hillstar Business Intelligence (www.HillstarBI.com) in order to truly unlock your data trapped in your Microsoft Dynamics investment. With our value driven business intelligence strategy Hillstar help you transform into a data informed company.
Labels: Active Directory Groups, AX 2012, Dynamics AX, Group Security, Microsoft, Profiles, Security, Security Modeling, Top 100 List, User Relations
3 Comments:
Good article to know that we can add an AD group as a user but can please share what is the application of this?
This is very nifty! I think this is what my customers are doing, but AX assigns them meaningless user ID's. Is there a way to make it pull the name from AD, or must this be done manually? Thank you!
@janeteblake you can just click the import button and follow the step.
Post a Comment
<< Home