Skip to main content

Setup Non-Interactive User with Non-Expiring Password

When we need to connect CRM to another system it is important that the connection remain working so data can flow easily between the systems.  One common issue that can arise in the integration is the user account we use to create the connection, password can expire.  When this happens it could be minutes to days before the issue is found and that can lead to data synchronization between the systems getting messed.  To migrate this risk we can easily setup a user with a non-expiring password.  The user type for this in CRM is "Non-Interactive".  Non-Interactive users can't log into CRM via the front end.  If you try you will see this error message:

The other benefit of using a non-interactive user account is it doesn't require a CRM license to work.  You will only need to assign a license to the account for about 5 minutes to setup the account for the first time.  After that you can remove it and it will remain active in CRM.  You are allowed to have 5 non-interactive users.

No lets get to the instructions of how to set this up.  You will need to have an admin account for CRM and Office 365.  You will also need PowerShell Installed.

Setup Non-Interactive User:
  1. Create a user in the Office 365 admin center.  Be sure to assign a Dynamics 365 (online) license to the account.
  2. Go to Dynamics 365 (online).
  3. Go to Settings > Security.
  4. Choose Users > Enabled Users, and then click a user’s full name.
  5. In the user form, scroll down under Administration to the Client Access License (CAL) Information section and select Non-interactive for Access Mode.  You then need to remove the Dynamics 365 (online) license from the account.
  6. Go to the Office 365 admin center.
  7. Click Users > Active Users.
  8. Choose the non-interactive user account and under Product licenses, click Edit.
  9. Turn off the Dynamics 365 (online) license, and then click Save > Close multiple times.
  10. Go back to Dynamics 365 (online) and confirm that the non-interactive user account Access Mode is still set for Non-interactive.
  11. In CRM assign a role to the user account.
Setup Non-Expiring Password:
Important Links:
Download Azure PowerShell Version 1 (File at bottom of page)
Steps:
Initial Setup: (For installs always use the x64 version) – This only needs done once
  1. Install Microsoft Online Services Sign-In Assistant for IT Professionals RTW
  2. Install Microsoft Azure Active Directory Module for Windows PowerShell.  I did run into an issue here and needed to also install Azure AD PowerShell Version 1.
In PowerShell (run the following commands) – replace red text with user name of account you want to set the non-expiring password on:
 1.       Import-Module MSOnline
        2.       Connect-MsolService
      a.       You will get a pop-up and need to login with a global admin account
        3.       Set-MsolUser -UserPrincipalName serviceaccount@contoso.com -PasswordNeverExpires $true
        4.       Confirm the process worked by running the following command:
     a.       Get-MSOLUser -UserPrincipalName user ID | Select PasswordNeverExpires
     b.       If successful you will see this:

    Troubleshooting:
    Not Digitally Signed Error: Run this script in PowerShell –
    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypas

        Labels:

        Comments

        Post a Comment

        Popular posts from this blog

        Validating User Input In CRM Portals With JavaScript

        When we are setting up CRM Portals to allow customers to update their information, open cases, fill out an applications, etc. We want to make sure that we are validating their input before it is committed to CRM.  This way we ensure that our data is clean and meaningful to us and the customer. CRM Portals already has a lot validation checks built into it. But, on occasion we need to add our own.  To do this we will use JavaScript to run the validation and also to output a message to the user to tell them there is an issue they need to fix. Before we can do any JavaScript, we need to check and see if we are using JavaScript on an Entity Form or Web Page.  This is because the JavaScript, while similar, will be different.  First, we will go over the JavaScript for Entity Forms.  Then, we will go over the JavaScript for Web Pages.  Finally, we will look at the notification JavaScript. Entity Form: if (window.jQuery) { (function ($) { if ...
        22 comments
        Read more

        Power Pages Update Last Successful Login Using JavaScript and Power Pages API

         Recently while working on a Power Pages implementation for a client, I had the requirement to show the last time a user logged in on their profile page.  I thought this would be easy to do as there is already a field on the contact record for "Last Successful Login" (      adx_identity_lastsuccessfullogin).  This use to update when a user logged in, but it appears Microsoft has removed that automation. While searching I came across a few different ways of achieving this task.  One used application insights in Azure and another one used an HTTP endpoint setup in Power Automate.  I thought, this needs to be simpler.  What I came up with is to use Liquid with JavaScript to tell if a user is logged in or not.  Then use the new Power Pages api to update the logged in users contact record to mark the last time they logged in. Here is the approach I setup: 1) Make sure you turn on the api for contact in Site Settings. 1) Link to Microsoft Do...
        94 comments
        Read more

        Reusable Method To Get Record By Id

        I have a handful of reusable code that I use when creating plugins or external process (i.e. Azure Functions) for working with DataVerse. The first one I am providing is Getting a Record By Id: 1: private static Entity GetFullRecord(string entityName, string primaryKey, Guid recordId, IOrganizationService service) 2: { 3: using (OrganizationServiceContext context = new OrganizationServiceContext(service)) 4: { 5: return (from e in context.CreateQuery(entityName) 6: where (Guid)e[primaryKey] == recordId 7: select e).Single(); 8: } 9: } entityName = The logical name of the entity primaryKey = The primary key field for the entity. If using late binding you can create this dynamically by doing: $"{target.LogicalName}id" recordId = Guid of the record to get service = Service to interact with DataVerse
        7 comments
        Read more