As I said in the title we have to migrate MS Dynamics CRM 4.0 Server and database from our local network, to an external datacenter. This datacenter has different domain and active directory. The first issue we have to solve is AD authentication for users. The ideas we have are:
- Make a new AD at the datacenter and trust domains.
- Use ADAM (technet libraries say that CRM does not work with this)
- Make a copy of the existing AD and move it to the new place.
I would be grateful to everyone who could give any idea.
If you are the only user of the MS Dynamics CRM server why does it need to be a part of the providers AD domain?
I would join it to the local domain. But setup a read-only domain controller in the remote datacenter and only copy the users that need access to the CRM.
And I assume you got a vpn connection setup between your offices and the datacenter?
If using a trust, ensure that you do not trust your provider's domain but that they trust yours.
You don't mention what Windows server OS you are using nor the current level of your local forest or domain so this is just a suggestion based on MSFT best practice.
Setting up a trust requires that the external domain (at the data center) trusts you, like someone above mentioned they will probably not want to do that.
Take a look at Active Directory Federation Services (AD FS) Wiki Link. It was designed to allow two organizations to handle authentication without having to establish physical domain trusts to share user details. This is probably your best bet. Pickup one of the Windows Server 2008 or R2 reference books by William Stanek, its got some good background and instructions on getting it up and running.
Brent