I’m excited today to release something I’ve been working on, the D365FO Admin Toolkit. The idea of this solution is that toolkit created for the Dynamics 365 FinOps community by the community itself. It is my hope and goal that this will be a platform that myself and others can add to going forward to help with some of the tasks normally faced by D365FO administrators.
Links
Link to the deployable package
Current Features
- Assign / Revoke SysAdmin Access without needing elevated permissions
- (Optional) Require a reason be provided for assigning / revoking SysAdmin
- SysAdmin role assignment / revoke reporting
- Configuration page
Features in Development
- Export all role access to CSV
- Auto disable D365FO users when AAD/Entra user is disabled
Potential Future Features
- Compare role access between D365FO environments
- Firefighter functionality and reporting for SysAdmin users
References
How to Test Role Access Without a Test Account in D365FO
Add Logging to SysAdmin Role Assignments in D365FO
Feedback & Questions
Feel free to reach out with feedback, feature suggestions, or questions either on this blog post or to d365fotoolkit@outlook.com.
Hello Alex, when I try to access the documentation (https://github.com/ameyer505/D365FOAdminToolkit/blob/ce90db19a033116adb4dd4cf6f6e80ad4f11f8df/D365FO%20Admin%20Toolkit%20Overview.pdf), I get an error message saying “Error rendering embedded code – Invalid PDF”. Is it a problem only on my side or do you also get the same error when trying to open the documentation? Thank you!
Pontus,
I have verified the link you shared works on Firefox, Chrome, and Edge. You can also navigate to the GitHub project page (https://github.com/ameyer505/D365FOAdminToolkit/) and download the PDF from there.
Hi Alex
Thank you for putting this tool together for D365FO Sys admin communication. It will be useful when extracting D365 users with their assigned roles and security priviledge. As I am not sure if there is any standard report for this in D365FO. I know this is an issue in AX 2012. I would like to deploy the package in my Dev environment to explore the features but just wanted to ask if there would be an impact when applying Microsoft update in that environment .
Would the feature still be available after applying Microsoft update or the package would need to be deployed again.
Fade,
Applying newer D365FO updates should not have any impact on the Admin Toolkit, as this would act the same way as other custom code you currently have within your D365FO environment.
Thank you Alex, this looks really good! One question regarding the features in development: do you have any sort of time schedule for when you think these might be done? The one about “Auto disable D365FO users when AAD/Entra user is disabled” looks particularly interesting.
Two other comments/future suggestions for work to be done within the System administration module would be:
1) Being able to select multiple roles on the user form when you want to remove them, instead of having to go one-by-one. This has been brought up as a suggestion to Microsoft but unfortunately it lacks the votes necessary for them to bother: https://experience.dynamics.com/ideas/idea/?ideaid=e1ac6e26-d290-e811-8c6e-0003ff68cb47
2) Being able to quickly see the last login date for a user in the application itself. The user log is there (as you have mentioned yourself https://alexdmeyer.com/2017/12/15/auditing-user-logins-for-dynamics-365-enterprise-in-pu11/) but it is not as user-friendly as a simple “Last login button”.
I know it is not up to you to do this but hey, who knows? Perhaps you have some sugesstions on these two topics or perhaps you know of a way to be able to fix this with some new code. It is worth a shot as I am not a developer and am not able to access the AOT.
Anatoly,
Thanks for reaching out and I appreciate the feedback and new feature suggestions.
Unfortunately I cannot give a firm date on any future development as this is a ‘passion project’ and is being done outside of my normal work time, but I will try and get to features added as soon as possible.
I also want to implement a way to track and categorize feature requests like the ones above, that way everyone can see the prioritization and potential timeline.
The other part to this is I have to be somewhat careful about not encroaching on features I have already created at my previous employer.
In any case, I think something like adding a ‘last login’ column on the User Info form would be fairly straight forward.
As far as the selecting multiple roles option on the User Role form, I will have to look into it further to see the level of effort.
Feel free to reach out to d365fotoolkit@outlook.com with any further suggestions or questions.
Hi Alex,
Thanks for this tool, it is really nice and will help us a lot with the system admin permission management. I have one small question/suggestion, would be possible to set the Change reason mandatory? With this, we would like to force the user that is conceding the system admin role to specify the reason and not left it in blank.
Kind regards and thanks for your time
Javi,
Thanks for the feedback! I can add this as a feature request and see where it would best fit to add it in.