, , , ,

Hello Everyone,

As a CRM Administrator for On-Premise, we all have come across this error once : “You are attempting to create a user with a domain logon that is already used by another user…

Generally, this error occurs when we are trying to create a user which already exists in the Organization i.e. in Backend, adding user with same AD-SID (Security IDentifier) under MSCRM_Config table.

There is a very nice blog which explains in detail about the different scenarios of this error and their solution: https://celedonpartners.com/blog/reconnect-active-directory-accounts-dynamics-crm/

However, I came across another different rare scenario which I would discuss here. I have a D365 multi-organization environment setup with a list of existing CRM users. For one of the Org-B, we added the user and hours later for some unspecified reasons (bad Integration data affecting multiple core tables :/ ) we had to do a quick DB Restore. After the DB restore, neither that recently added User was not able to login nor I wasn’t able to add the same user again; faced the similar error –  You are attempting to create a user with a domain logon that is already used by another user…


So when we added the user to this Org-B, a new SystemUser record was created under the OrgB_MSCRM DB. And a related record was created for SystemUserOrganizations under MSCRM_Config DB referencing to the Organization-B and the UserID based on the AD-SID.

But after the Organization-B was restored, the new user record for SystemUser under OrgB_MSCRM went missing but the related record with Org-B and User-ID still exists in the MSCRM_Config DB. Due to this reference, I couldn’t add the same user again in Org-B and kept giving me the below error:

When the user try to logon to the CRM, the following error prompted:

Error Logging to CRM Org-B


The only easier way I could think of was deleting that additional reference from the SystemUserOrganizations under MSCRM_Config DB. Please note this approach is not recommended and highly unsupported and always keep a backup of the DB’s and the encryption keys before performing any such action with the DB directly.

With few relational queries I figured out the User-ID and the reference record which I needed to delete for Org-B. Under MSCRM_Config DB, I ran the below query one last time to confirm I was pointing to the correct record:

Select* from SystemUser

where Id = 'A6797AA8-4857-E911-9C2D-00155D00AB0C'

Select* from SystemUserAuthentication

where UserId = 'A6797AA8-4857-E911-9C2D-00155D00AB0C'

Select * from SystemUserOrganizations

where UserId = 'A6797AA8-4857-E911-9C2D-00155D00AB0C'

--and OrganizationId = '386CEC94-7CD6-E811-9C2B-00155D00AB0C'

After I ran the select query , you can notice the additional reference record to Org-B in the results.

I finally ran the query below and deleted the reference record under MSCRM_Config DB.


Delete SystemUserOrganizations

where UserId = 'A6797AA8-4857-E911-9C2D-00155D00AB0C'

and OrganizationId = '386CEC94-7CD6-E811-9C2B-00155D00AB0C'


Everything went well and I was able to create the user record again in Org-B.

Hopefully this will be helpful to someone who got caught in a rare situation like this.

Thanks! 🙂