Installing MSCRM calls for a new OU for the application to create AD security groups.
PrivReportingGroup This group provides Privileged Microsoft Dynamics CRM user group for reporting functions. This group is created during Microsoft Dynamics CRM Server Setup and configured during Microsoft Dynamics CRM Reporting Extensions Setup.
PrivUserGroup This group provides Privileged Microsoft Dynamics CRM user group for special administrative functions; including CRMAppPool identity (domain user or NetworkService). The users who configure Microsoft Dynamics CRM Server must be added to this group.
SQLAccessGroup As tje name implies,All server processes/service accounts that require access to SQL Server; including CRMAppPool identity (domain user or NetworkService). Members of this group have db_owner permission on the Microsoft Dynamics CRM databases
ReportingGroup This group pertains to SSRS security with some special features. All Microsoft Dynamics CRM users are included in this group. This group is updated automatically as users are added and removed from Microsoft Dynamics CRM. By default, all Microsoft Dynamics CRM Reporting Services reports grant Browse permission to this group. Microsoft Dynamics CRM users that are not members of this group cannot use the reporting feature in the application.
With these groups in mind one can see how a healthy AD and Kerberos functionality will insure that the CRM application server, SQL server and SSRS servers are going to work.
Curt Spanburgh Microsoft Certified Business Solution Specialist. Dynamics CRM MVP Contributing Editor, Windows IT Pro
He that is walking with wise persons will become wise, but he that is having dealings with the stupid ones will fare badly. Proverbs 13:20