This is a rehash of several posts by other people.
A user in CRM has a default organisation. This is the first organisation where the user was created. Use the SQL script below to identify the default organisation for a user:
select a.domainname, a.systemuserid, d.DatabaseName, d.uniquename from <Org Name>_MSCRM.dbo.systemuserbase a WITH (NOLOCK) inner join MSCRM_CONFIG.dbo.SystemUserOrganizations b WITH (NOLOCK) on a.SystemUserId = b.CRMUserId inner join MSCRM_CONFIG.dbo.SystemUser c WITH (NOLOCK) on b.UserId = c.id inner join MSCRM_CONFIG.dbo.Organization d WITH (NOLOCK) on c.DefaultOrganizationId = d.id where a.domainname ='DomainUsername'
The script above was posted by Susan in the comment section of this post: https://blogs.msdn.microsoft.com/arpita/2013/01/23/how-to-find-default-organization-for-any-user-in-multiple-organization-crm-deployment/, which describes how the underlying data hang together to determine the default organisation for a user.
When does this might come in handy?
When a user runs a report in CRM, CRM appears to check for the user against their default organisation. The report will not be rendered correctly if this organisation is disabled. I found this information at this post: https://crmbrewer.wordpress.com/2016/05/05/crm-reports-error-error-sys-is-undefined/.
In our particular case, we found the below stack trace in the Event Viewer. My guess is that this is a MS bug that may one day be addressed. This was observed on CRM 2016 on-prem.
Exception type: CrmException
Exception message: The CRM organization you are attempting to access is currently disabled. Please contact your system administrator
at Microsoft.Crm.BusinessEntities.SecurityLibrary.ValidateOrganizationState(IOrganizationContext context, LocatorServiceContext locatorServiceContext)
at Microsoft.Crm.BusinessEntities.SecurityLibrary.CheckDisabledStatus(IUser user, IOrganizationContext context)
at Microsoft.Crm.BusinessEntities.SecurityLibrary.ValidateUserEnabled(Guid userId, Guid organizationId)
at Microsoft.Crm.Authentication.Claims.AuthenticationProvider.Authenticate(HttpApplication application)
at Microsoft.Crm.Authentication.AuthenticationStep.Authenticate(HttpApplication application)
at Microsoft.Crm.Authentication.AuthenticationPipeline.Authenticate(HttpApplication application)
at Microsoft.Crm.Authentication.AuthenticationEngine.Execute(Object sender, EventArgs e)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)