Update 26 March 2023 Link to heading

I’ve recently found out that there is a simpler way to achieve this using d365fo.tools PowerShell module. Here is my article about it.

Original article Link to heading

Before platform update 29, every dev box came with a tool called AdminUserProvisioning which could be found at K:\AOSService\PackagesLocalDirectory\bin\AdminUserProvisioning.exe. It was very useful to quickly make your account an Admin, especially after a database restore. The tool has since been removed and replaced with a dll Microsoft.Dynamics.AdminUserProvisioningLib.dll, which does not provide a GUI.

Add new user Link to heading

What to do if you need to create/import a user and assign the System administrator role to it but can’t access the environment? Visual Studio comes to the rescue. When you right-click on any table in the AOT and click Open table browser, the browser window opens and you are automatically logged into the environment as an Admin. Simply remove everything that comes after .com in the URL and you are in.

Change environment tenant Link to heading

The AdminUserProvisioning tool did more than simply change the Admin account email. It also silently updated the environment tenant to that of the Admin user’s organization. The environment tenant is especially important for the licenses. Imagine you are a partner and your customer uses a lot of third-party ISV solutions. They are most likely licensed to that specific customer tenant and work fine as long as you are working on customer-deployed development environments. However, when you need to have a copy in a dev box deployed under a different tenant, all ISV solutions are no longer visible in the menu. Requesting separate licenses is not feasible and often impossible, so the solution is to (temporarily) change the environment tenant to the customer’s one.

To do that, open a configuration file at K:\AosService\WebRoot\web.config (don’t forget to make a backup first!) and change the following lines:

<add key="Aad.AADTenantId" value="<CUSTOMER TENANT URL>" />
...
<add key="Aad.TenantDomainGUID" value="<CUSTOMER TENANT GUID>" />

The URL is the same that comes after @ of the Admin user email. The GUID can be found:

  • In the Active Directory entry at Azure Portal;
  • By opening any license file made for the customer with a text editor and looking for a value named serial number;
  • By going to the https://login.windows.net/<CUSTOMER TENANT URL>/.well-known/openid-configuration and looking for the token_endpoint value.

Restart the IIS and all the licenses should be valid again.

Disclaimer: I only did this once and am not sure if there are any negative implications, so do it at your own risk.