Tip #545: Create non-interactive user like a boss

I won’t name any names in this post. You know who you are.

Actually a super-duper developer #1: One of the follow up questions I got from an attendee at Extreme CRM was around the complexity of setting up a non-interactive service account today. I have to agree with them it seems overly tedious if you truly want to use it as a non-interactive without burning a full CRM Online license. Are there any plans to make it easier to setup and use non-interactive service accounts in CRM Online?

The discussion followed, pointing to interactive instructions.

Actually a super-duper developer #2: I do not think this can be scripted because some of the changes are in Office 365 (ie: licensing and adding the user), and some are in CRM. I don’t think some of this is scriptable at this time.

Challenge accepted

What you need:

You need to be an O365 admin and CRM system admin to run this script

Add-PSSnapin Microsoft.Xrm.Tooling.Connector
Import-Module MSOnline
Import-Module Microsoft.Xrm.Data.Powershell

# login interactively
$cred = Get-Credential
Connect-MsolService -Credential $cred

$upn = 'crm.ni.service@contoso.onmicrosoft.com'
$role = 'System Administrator'

# create O365 user
New-MsolUser `
  -DisplayName "CRM Non-interactive Service" `
  -UserPrincipalName $upn `
  -Password 'pass@word1' `
  -UsageLocation US `
  -LicenseAssignment contoso:CRMSTANDARD

# get connection to CRM
$global:conn = Get-CrmConnection `
  -Credential $cred `
  -ServerUrl https://contoso.crm.dynamics.com `
  -OrganizationName contoso

# get the user (note: you may want 
# to insert a wait or a waiting loop here)
$users = Get-CrmRecords `
   -EntityLogicalName systemuser `
   -FilterAttribute domainname `
   -FilterOperator eq `
   -FilterValue $upn `
   -Fields systemuserid, fullname

$user = $users.CrmRecords[0]

# add role to the user
Add-CrmSecurityRoleToUser `
   -UserId $user.systemuserid `
   -SecurityRoleName $role

# set access mode to non-interactive
Set-CrmRecord -conn $conn `
   -EntityLogicalName systemuser `
   -Id $User.systemuserid `
   -Fields @{"accessmode" = `
     New-CrmOptionSetValue -Value 4}

# remove the license
Set-MsolUserLicense `
   -UserPrincipalName $upn `
   -RemoveLicenses contoso:CRMSTANDARD

Like a boss meme

Tweet about this on TwitterShare on Facebook3Share on Google+1

4 thoughts on “Tip #545: Create non-interactive user like a boss

  1. Cyrus Cempron says:

    That’s solid George. Another must have skill set on my repertoire!

  2. Stephanus Natawardaja says:

    Thanks George, this is really useful. How would you insert a wait in between license assignment and appearing in CRM user list?

    • Thanks, Stephanus. Waiting in PowerShell is easy, something along the lines

      $userfound = $false
      do {
         Start-Sleep -s 5
         # check for user here and set $userfound
      } while ($userfound -eq $false)

Leave a Reply

Your email address will not be published. Required fields are marked *