This is a rehash of several posts by other people.
A user in CRM has a default organisation. This is the first organisation where the user was created. Use the SQL script below to identify the default organisation for a user:
select a.domainname, a.systemuserid, d.DatabaseName, d.uniquename from <Org Name>_MSCRM.dbo.systemuserbase a WITH (NOLOCK) inner join MSCRM_CONFIG.dbo.SystemUserOrganizations b WITH (NOLOCK) on a.SystemUserId = b.CRMUserId inner join MSCRM_CONFIG.dbo.SystemUser c WITH (NOLOCK) on b.UserId = c.id inner join MSCRM_CONFIG.dbo.Organization d WITH (NOLOCK) on c.DefaultOrganizationId = d.id where a.domainname ='DomainUsername'
The script above was posted by Susan in the comment section of this post: https://blogs.msdn.microsoft.com/arpita/2013/01/23/how-to-find-default-organization-for-any-user-in-multiple-organization-crm-deployment/, which describes how the underlying data hang together to determine the default organisation for a user.
When does this might come in handy?
When a user runs a report in CRM, CRM appears to check for the user against their default organisation. The report will not be rendered correctly if this organisation is disabled. I found this information at this post: https://crmbrewer.wordpress.com/2016/05/05/crm-reports-error-error-sys-is-undefined/.
In our particular case, we found the below stack trace in the Event Viewer. My guess is that this is a MS bug that may one day be addressed. This was observed on CRM 2016 on-prem.
Exception type: CrmException
Exception message: The CRM organization you are attempting to access is currently disabled. Please contact your system administrator
at Microsoft.Crm.BusinessEntities.SecurityLibrary.ValidateOrganizationState(IOrganizationContext context, LocatorServiceContext locatorServiceContext)
at Microsoft.Crm.BusinessEntities.SecurityLibrary.CheckDisabledStatus(IUser user, IOrganizationContext context)
at Microsoft.Crm.BusinessEntities.SecurityLibrary.ValidateUserEnabled(Guid userId, Guid organizationId)
at Microsoft.Crm.Authentication.Claims.AuthenticationProvider.Authenticate(HttpApplication application)
at Microsoft.Crm.Authentication.AuthenticationStep.Authenticate(HttpApplication application)
at Microsoft.Crm.Authentication.AuthenticationPipeline.Authenticate(HttpApplication application)
at Microsoft.Crm.Authentication.AuthenticationEngine.Execute(Object sender, EventArgs e)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Thanks for the great post.
Has there been any development? We’re facing the issue that reports can be generated but cannot be saved in ProdORG when the user is deactivated in the TestORG, the TestORG being the Default Organization for users.
Activating the user is TestORG makes report saving in ProdORG work again.
The version is OP 126.96.36.199.
It does seem as a bug.