Microsoft CRM 2011 IFD vs Windows Auth - windows-authentication

Can someone explain to me why one would use IFD (Internet Facing Deployment) to access Microsoft CRM vs. just using Windows Authentication? They seem equivalent to me in their features. Not sure of the benefits of IFD over Windows auth however.
Thanks!

Take a look at this previous answer for some discussion on this topic: Exposed onsite vs IFD deployments for MS Dynamics CRM
I would say from my standpoint the biggest issue with using Windows Auth over the internet for CRM is the issue of Outlook integration. The second point I would make is that Windows Auth can present issues to people accessing CRM from a non-domain computer when outside the domain - i.e., their home computer. Not always but I have seen issues pop-up (not very often) that are avoided in a forms based configuration.
As a reminder in 2011 the IFD feature has been changed signficantly so that you must use Active Directory Federation Service which is claims-based. I recommend reading over http://blogs.msdn.com/b/crm/archive/2011/01/13/configuring-ifd-with-microsoft-dynamics-crm-2011.aspx and watching the video at http://www.youtube.com/watch?v=ZD5qaa-G99E.
You can certainly go with Windows Auth but if you are willing to put in the extra work go with the Internet Facing setups for a more robust and better supported install.

I want to add to privious answer.
Integrating Outlook client from outside the domain can be done by reseting windows credential in the control panel from time to time.
another complication is SharePoint integration which can't be used outside the domain with SSO.
If you do use IFD, I recommand on this blog:
http://dynamics.co.il/configuring-crm-2011-ifd

Related

Dependent objects for New-Object -ComObject Word.Application

We created multiple powershell scripts that read from word document and extract required information.
Locally on laptop all works fine, but when we deployed on production server.... they dont work.
We run powershell scripts through asp.net web app... that's where any powershell scripts that refers to WORD.APPLICATION are not working
Components we deployed on production server:
operating system: Windows Server 2012
Powershell: Version 5
MsOffice 2010 installed
Asp.net 4.5 all components installed
We have created web application in ASP.NET 4.5 Core where user upload documents and based on certain criteria documents will be searched for specific keyterms. if keyterms found, values will be displayed.
Asp.net invokes powershell script which has all document library code to search through. Everything gets executed in PS script, except where WORD-APPLICATION code is referred.
Has anyone faced any issues while deploying them on server?
Required reading:
https://support.microsoft.com/en-us/help/257757/considerations-for-server-side-automation-of-office
All current versions of Microsoft Office were designed, tested, and configured to run as end-user products on a client workstation. They assume an interactive desktop and user profile. They do not provide the level of reentrancy or security that is necessary to meet the needs of server-side components that are designed to run unattended.
...
Besides the technical problems, you must also consider licensing issues. Current licensing guidelines prevent Office applications from being used on a server to service client requests, unless those clients themselves have licensed copies of Office. Using server-side Automation to provide Office functionality to unlicensed workstations is not covered by the End User License Agreement (EULA).
As you can see, the scenario you're trying is officially unsupported, and license wise very expensive, as you officially require an Office license for each user invoking your functionality or for whom you're invoking the functionality.
There is an official Open XML SDK, which will allow server-side processing of the XML-based office documents:
https://learn.microsoft.com/en-us/office/open-xml/word-processing
If that isn't enough, there are a number of 3rd party libraries that provide server-side execution and don't require office licensing, some commercial, some open source:
Aspose: https://www.aspose.com/
NPIO: https://github.com/dotnetcore/NPOI
There are ways to get your code working on the server from an ASP.NET Application. They are officially unsupported, they open up your server to a number of extra security issues, they are very expensive from a licensing perspective and there is no guarantee they will remain working.

Oracle IAM/WNA protocol fallback to form-based logon page fails when Microsoft Online Services Sign-In Assistant is installed

First post here. Facing a problem where on Windows 10 an Oracle Identity Access Management (IAM) Windows Native Authentication (WNA) protocol fallback to a form-based logon page always fails whenever the Microsoft Online Services Sign-In Assistant (SIA) is installed. Whenever we remove the SIA, the WNA fallback to a form-based logon page always succeeds. This error is reproducible 100% of the time. We have not tested on Windows 8 or Windows 7. I've researched it, and there is not much out there to read about the SIA; it does not look to be configurable on the client end. Really want to avoid changing up code on the IAM WNA side.
Anyone out there seen this before? This is a large enterprise network, using all Windows 10 computers, which has both Oracle IAM running for some applications as well as Microsoft Windows 2008 R2 Active Directory, to which all the Windows 10 computers are joined. We are also standardized with Office 2016 with all back-end servers supporting Office apps such as Outlook, Lync, etc. in the cloud (Office 365).
Please let me know if I need to show the Oracle IAM/WNA SSO fallback code.
The Microsoft Online Services Sign-In Assistant is not configurable. But, if all your computers are running Office 2016 you do not need it anyway and it can be safely uninstalled, which as you said will make the fallback to form-based logon page work. If you were running Office 2013 you would need it however. Office 2016 apps such as Outlook and Lync can go direct with ADFS whereas previous versions could not do this. I don't have a URL reference for you, this is based on my experience.

CRM 2016 On premise - Can not connect to CRM with Plugin Registration In IFD Mode

I have Microsoft Dynamics CRM 2016 On Premise and IFD Enabled On it.
In this situation I can not connect plugin Registration to CRM. Even I can not connect with XRMtoolbox.
My problem is what is Home Realm URL?
Unable to Login to Dynamics CRM
An Error occurred while processing the login request.
Try removing all your 3rd party plugins except the plugging registration tool.
Also there is a plugin registration tool from Microsoft in the CRM SDK download that you can use as well.
Do yourself a favor and download the CRM 2011 SDK. In the bin folder is the plug-in registration tool. The new version released in 2013+ is complete garbage with bugs that Microsoft Support is not interested in fixing.
That said, I don't think you can "Use Default Credentials" with IFD. For the server you should just put organizationName.domainname.tld. For user name use your UPN or domain\username. Don't use both the domain and user name fields unless you're using integrated authentication.
The Problem is In adfs Endpoints. After you Install IFD on CRM You want a Important Endpoint That Named "Mex".
For Solve The Problem First go to ADFS Management and go to endpoints and Click on adfs/services/trust/Mex and click on Enable and Enable on proxy for this Endpoint. after that reset the iis and adfs service.
Then You can Browse that enpoint with https://service.contoso.com/adfs/services/trust/mex.
if you See the Metadata Xml Document Now You Can Connect With Any Tool Like Portal, Plugin Registration, Xrmtoolbox, etc.
but If you Don't see this metadata use this Command in Power shell to Change The Adfs Port.
Set-ADFSProperties –nettcpport: 809
i Choose 809 for My Port And You Can choose any port you want Except 443 or 80 or 90, Then like before Restart The IIS and Restart ADFS Service and then you Can see metadata And You Can Connect With Any Application to CRM 2016 On Premise IFD Mode.
At The End Of this Answer You can See My Metadata Page And My Connected Plugin Registration Tool Pictures.
If You Have Any Question You Can Ask it From Me.

TFS configurations to support distributed teams

We are investigating using TFS for a small development group. All the developers are remote to the office. VPN is an option but not preferred, as we have to change vpn connections several times daily to support other functions in the business.
So I'm trying to figure out the different options that TFS can be configured with to support that model. I've read about setting up Proxy Servers but that was using an older version of TFS so I'm not sure that still is/was the best option.
I haven't been able to locate good current documentation about the best/different ways to configure TFS to support this model.
I don't need comments about using Mercuial, GIT or something else. I'm aware of them and including them in my overall evaluation but right now I'm trying to see what solutions TFS does or does not offer. All developers have MSDN licenses and so TFS is free to the group.
You have 2 options (without VPN)
1) Like Martin suggested, look at VSO (Visual Studio Online, http://www.visualstudio.com) this is the cloud based version of TFS it's free for up to 5 developers.
2) Setup TFS internally inside your organization and make that instance available on the internet through your firewall. You can secure it with certificates so only you team can connect in. There is a lot of information on MSDN on how to secure it using SSL and certificate.
Cheers,
ET

How to programmatically import a CRM Organization?

Is there any way via powershell or some api that I can't seem to find in the CRM 4.0 SDK, that would allow us to automate the refresh from our production CRM 4.0 environment to a Staging CRM server? Obviously the db backup / restore we can script but I cannot find a way to kick off a CRM Import Organization without using the MMC snap-in.
there is a Deployment SDK for Dynamics CRM 4 available. However the interesting part for you is not part of the public api.
The documentation mentions the ImportOrganizationRequest which should be used by the Deployment Manager. Unfortunately, it is marked for internal use. However, there should be no changes to this API as Dynamics CRM 2011 is just around the corner and therefore I would give it a try.
You could use this post in the msdn forums as a starting point.
btw: Dynamics CRM 2011 comes with a set of PowerShell CmdLets which makes the adminstration much more scriptable. Especially Import-CrmOrganization would be the CmdLet which you could use. See my blog post for further information.