Active Directory and network requirements for Microsoft Dynamics CRM 2013
Applies To: Dynamics CRM 2013
Active Directory Domain Services (AD DS) is a feature of the Windows Server operating systems. AD DS provides a directory and security structure for network applications such as Microsoft Dynamics CRM.
As with most applications that rely on a directory service, Microsoft Dynamics CRM has dependencies that are important for operation, such as use of AD DS to store user and group information and to create application security.
Microsoft Dynamics CRM should only be installed on a Windows Server that is a domain member. The domain where the server is located must be running in one of the Active Directory domain modes listed in the Active Directory modes topic.
Federation and claims-based authentication support
When you configure Microsoft Dynamics CRM for Internet-facing access it requires federated services that support claims-based authentication. We recommend Active Directory Federation Services (AD FS) in Windows Server 2008 or Windows Server 2012.
Active Directory Federation Services
Active Directory Federation Services (AD FS) is a highly secure, highly extensible, and Internet-scalable identity access solution that allows organizations to authenticate users from partner organizations. Using AD FS in Microsoft Windows Server, you can simply and very securely grant external users access to your organization’s domain resources. AD FS can also simplify integration between untrusted resources and domain resources within your own organization.
AD FS is available as a server role in Windows Server 2012 and Windows Server 2008 R2. In earlier versions of Windows Server 2008, AD FS can be downloaded and installed (see the Active Directory Federation Services 2.0 RTW download link in the table).
Digital Certificates
Active Directory Federation Services (AD FS) requires two types of digital certificates:
Claims encryption. claims-based authentication requires identities to provide an encryption certificate for authentication. This certificate should be trusted by the computer where you are installing Microsoft Dynamics CRM Server 2013 so it must be located in the local Personal store where the Configure Claims-Based Authentication Wizard is running.
SSL (HTTPS) encryption. The certificates for SSL encryption should be valid for host names similar to org.contoso.com, auth.contoso.com, and dev.contoso.com. To satisfy this requirement you can use a single wildcard certificate (*.contoso.com), a certificate that supports subject alternative names, or individual certificates for each name. Individual certificates for each host name are only valid if you use different servers for each web server role. Multiple IIS bindings, such as a website with two HTTPS or two HTTP bindings, isn’t supported for running Microsoft Dynamics CRM. For more information about the options that are available to you, contact your certification authority service company or your certification authority administrator.
To meet these requirements, your organization should have a public key infrastructure or a contract with a digital certificate provider such as VeriSign, GoDaddy, or Comodo.
For more information about Active Directory, see the resources in the following table.
Topic |
Link |
|---|---|
Active Directory Domain Services |
|
Understanding AD DS Design |
|
Designing the Site Topology for Windows Server 2008 AD DS |
|
Domain Controller Role Deploment |
FSMO placement and optimization on Active Directory domain controllers |
Active Directory Federation Services (AD FS) |
|
Active Directory Federation Services 2.0AD FS 2.0 RTW Download |
|
Digital certificates overview |
IPv6 Support
Microsoft Dynamics CRM 2013 works with IPv6 either alone or together with IPv4 within environments that have networks where IPv6 is supported.
See Also
Prerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013
Software requirements
SQL Server installation and configuration
© 2016 Microsoft Corporation. All rights reserved. Copyright