I am currently using AD groups to manage roles and access to Dynamics AX 2012. So for example I have and AD group called GG_AX_SalesRepresentative and it is used to allow everyone in the group to log on to Dynamics AX and to receive the corresponding role in Ax.

So this is working and users that log on to Dynamics Ax and are member of the group will automatically be created within Dynamics AX and receive a $CA2D like userId. They have no role assignments because AX knows that they came from the AD group and the roles are defined on the group itself. Thus management of users through groups is ok and working.

But now I need to provide a Custom service to a third party that returns all of the legal entities where a role assignment for a given user is active. Fe: I want to pass a UserId to the service and it must check if that user is service desk user and if zo, check in what legal entities…..

User data can be found in the UserInfo table.
User role assignments can be found in the SecurityUserRole table.

It seems I would have the data I need, except for the fact that the User Role assignments are done on the group! How can I find which groups this user is linked to within Dynamics???

So what I want to know : I have user $CA2D, he is member of the helpdesk role since he was a member of that group and thus he has the roles linked to that AD group.

Any ideas would be welcome 🙂