To add an additional layer of security to your computing environment, Microsoft Dynamics AX requires that all users be listed in Active Directory directory services on your domain controller before they can be enabled on the Microsoft Dynamics AX form. If users are not enabled on this form, they cannot access Microsoft Dynamics AX.

Active Directory for Microsoft Windows catalogs information about all the objects on a network, including people, computers, and printers, and distributes that information throughout the network. Security is integrated with Active Directory through logon authentication and access control. Active Directory is a feature of Microsoft Windows Server 2003 and Microsoft Windows Server 2000. For more information, see Windows Server 2003 Active Directoryor Windows Server 2000 Active Directory. For more information about how to implement Active Directory with Microsoft Dynamics AX, see Working with users from Active Directory.

Note Note

Existing Active Directory structures do not require modifications to be used to support Microsoft Dynamics AX users within the domain. If your customer has a site with Active Directory domains, and all the domains in the forest are set up with two-way trust, the application will recognize all the users in the domain as soon as they have been imported.

After a user is listed in Active Directory, you can add that user to Microsoft Dynamics AX manually (for instructions, see Create new users) or you can import multiple Active Directory users into Microsoft Dynamics AX using the procedure included in this topic.

Administrator permissions

There is no requirement for the Microsoft Dynamics AX administrator to be a Windows domain administrator to import users from Active Directory.

When a domain administrator in Active Directory is logged in to Microsoft Dynamics AX as a Microsoft Dynamics AX administrator and tries to import Active Directory users, the administrator can see all users in Active Directory and can import them into Microsoft Dynamics AX successfully.

If a Microsoft Dynamics AX administrator who is not a domain administrator in Active Directory tries to import Active Directory users, only a subset of the users in Active Directory will appear. This occurs because of security functionality in the Active Directory Group Policy Objects (GPO).

To allow Microsoft Dynamics AX administrators rights to Active Directory, you must grant Authenticated userssecurity group membership to the Microsoft Dynamics AX administrators. They can then see the complete list of Active Directory users during import.

Import users from Active Directory

  1. From a Microsoft Dynamics AX client, click > .

  2. On the tab, click to access the .

  3. Complete the wizard.

Alias ID duplicates

When you import users from Active Directory into Microsoft Dynamics AX, the wizard tries to create Microsoft Dynamics AX users by creating Microsoft Dynamics AX user IDs from the Active Directory aliases. But, Microsoft Dynamics AX user IDs are limited to five characters, whereas the Active Directory alias can be up to 255 characters. If the first five characters of the Active Directory alias are the same for more than one user, then the wizard then generates alternative Microsoft Dynamics AX user IDs for these users and displays them.

When generating alternative user IDs, if the user alias has more than five characters, then the first four characters from the first name and a single character from the last name are used. If there are still duplicates, then the first three characters of the first name and two characters from the last name are used.

You can change any of the user IDs.

When you approve the new user IDs, the users are created in Microsoft Dynamics AX.

See Also