Synchronized users in Microsoft Dynamics 365 (online) and Office 365

 

Updated: November 29, 2016

Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online

Microsoft Dynamics 365 integration with Microsoft Office 365 adds a new dimension to the concept of a user. User records are stored in both systems’ databases, and are synchronized. In addition, different types of users may exist to handle the situation where a user exists in one system but not the other. This topic describes these types of users, the data that is synchronized, and how to create, update, and delete a synchronized user. This applies to customers who access Microsoft Dynamics 365 (online) through the Microsoft Online Services environment.

If you have set up directory synchronization between your local on-premises Active Directory and Microsoft Azure Active Directory, see this KB article: List of attributes that are synchronized to Office 365 and attributes that are written back to the on-premises Active Directory Domain Services.

The system user (user) entity stores user records for both Microsoft Dynamics 365 and Office 365. For more information about this entity, see User and team entities.

The following definitions describe the user types that are available through Microsoft Online Services.

Full user

A user who is licensed for full use of Microsoft Dynamics 365 (online), and is synchronized with Office 365. For more information, see Data synchronization with Microsoft Office 365.

Non-interactive user

A user who is synchronized with Office 365 but can only access Microsoft Dynamics 365 (online) using the web services.

Synchronized user

A user who is not licensed to use Microsoft Dynamics 365 (online) but who exists in, and is synchronized with, Office 365. For more information, see Data synchronization with Microsoft Office 365. This user appears as a regular user to other users of Microsoft Dynamics 365 (online), and can own and share records and is similar to a disabled user. This type of user can be created through the Office 365 admin portal or by assigning the user a license through the Admin page. If desired, the license can be removed after the user is synchronized to Microsoft Dynamics 365 (online).

Stub user

A user record that has been created as a placeholder. For example, records have been imported that refer to this user but the user does not exist in Microsoft Dynamics 365 (online). This user cannot log in, cannot be enabled, and cannot be synchronized to Office 365. This type of user can only be created using the Create method or the CreateRequest message, or through data import. Data import always creates stub users.

The following table describes the different types of users for Microsoft Dynamics 365 (online) and how they interact with the Microsoft Dynamics 365 application, web services, and with the Office 365 admin portal.

User type

Attribute values

Visible in Office 365 admin portal

Has Org ID

Has Dynamics 365 License

Enabled in Dynamics 365

Can Access Dynamics 365 UI

Can Access Dynamics 365 Web Services

Can be Created using UI

Can be created through bulk import

Can be created using web service (Create)

Full

SystemUser.accessmode = Full

SystemUser.IsLicensed = true

SystemUser.IsSyncWithDirectory = true

Yes

Yes

Yes

Yes

Yes

Yes

No (only in MOP)

Yes

Yes

Non-Interactive

SystemUser.accessmode = Non-interactive

SystemUser.IsLicensed = true or false

SystemUser.IsSyncWithDirectory = true

Yes

Yes

Yes or No

Yes

No

Yes

Yes (using MOP & Dynamics 365 UI)

No

Yes

Synchronized

SystemUser.accessmode = Full

SystemUser.IsLicensed = false

SystemUser.IsSyncWithDirectory = true

Yes

Yes

No

No

No

No

No

No

Yes

Stub user record

SystemUser.accessmode = any value

SystemUser.IsLicensed = false

SystemUser.IsSyncWithDirectory = false

No

No

No

No

No

No

No

Yes

Yes

For full users and synchronized users, data is synchronized with the Office 365 directory. When a synchronized user is created or updated, the values in these attributes are ignored if there is existing data in the Office 365 database. For synchronized users, any Microsoft Dynamics 365 web service call that modifies the synchronized data returns the following warning: “Some data for this record is controlled by the directory and will not be processed.”

If you have set up directory synchronization between your local on-premises Active Directory and Azure Active Directory, see the following knowledge base article to understand which attributes are synchronized from the local Active Directory to the Azure Active Directory. For more information, see List of attributes that are synchronized to Office 365.

The following table lists the attributes that are synchronized with the Office 365 directory.

Display name (Office)

Dynamics 365 attribute name

First name

FirstName

Last name

LastName

Display name

Not synchronized

User name

WindowsLiveID1
InternalEmailAddress2
Domain

Job Title

Title

User name

Primary email address

Office Phone

Address1_Telephone1

Mobile Phone

MobilePhone

Fax Phone

Address1_Fax

Street Address

Address1_Line1

City

Address1_City

State or province

Address1_StateOrProvince

ZIP or postal code

Address1_PostalCode

Country or region

Address1_Country

1 The User Name property is synchronized to all three Microsoft Dynamics 365 (online) attributes.

2 If the InternalEmailAddress attribute value is updated in Microsoft Dynamics 365 (online), it will no longer be synchronized.

You can use the Create method or CreateRequest message to create all types of users. You can also create some types of users through the web application or through a data import operation.

To create a synchronized user, set the attribute value for SystemUser.IsSyncWithDirectory to true. To create a stub user, set the value to false. After this user is created, this attribute value cannot be updated.

When you create a synchronized user, the email address specified in the systemuser entity instance is verified in the Office 365 directory. If a user with that email address does not exist in the directory, an error is thrown.

When you create a sync user, if a Microsoft Dynamics 365 user exists with the same WindowsLiveID, the existing user’s WindowsliveID attribute is updated as follows: _crm<#>_<WindowsLiveID>@<Domain>, where # is replaced with a number to make the value unique. To find users with conflicting IDs in the web application, you can add WindowsLiveID to the view and sort by this attribute to group all the conflicts together.

If you attempt to create a stub user with the same WindowsLiveID as an existing synchronized user, an error is thrown.

You can use the Update method or UpdateRequest message to update all types of users. However, all fields that are synchronized with Office 365 cannot be updated. If you provide values for these attributes they will be ignored. For more information, see Data synchronization with Microsoft Office 365.

To disable a user, set the SystemUser.IsDisabled attribute value to true, and set the SystemUser.DisabledReason value to one of the option set values and call the Update method or UpdateRequest message.

You cannot disable a synchronized user, a non-interactive user, or a support user.

Microsoft Dynamics 365

© 2016 Microsoft. All rights reserved. Copyright

Community Additions

ADD
Show: