top of page
Search

How-To: Creating a Windows user with SUPER rights in Dynamics NAV / Business Central OnPrem

Daniel Gorski
23 hours ago2 min read

Who hasn't experienced this? When a copy of a customer database is created, access may not be allowed due to a lack of access rights. In the past, we had to delete the user-related tables via SQL Server Management Studio so that NAV would grant us access when we logged in for the first time.

DELETE
FROM [dbo].[User]
DELETE
FROM [dbo].[Access Control]
DELETE
FROM [dbo].[User Property]
DELETE
FROM [dbo].[Page Data Personalization]
DELETE
FROM [dbo].[User Default Style Sheet]
DELETE
FROM [dbo].[User Metadata]
DELETE
FROM [dbo].[User Personalization]

Alternatively, you can easily add your own user "$(whoami)" using Powershell.


Note : This article is about the on-premises installation of Business Central or Dynamics NAV and you need local administrator rights! Start the Powershell ISE application as administrator and replace "navversion" and "instance" as desired. Here "90" for Dynamics NAV 2016.

$navversion = "90"
$instance = "dynamicsnav90"
Import-Module "C:\Program Files (x86)\Microsoft Dynamics NAV\$NAVVersion\RoleTailored Client\Microsoft.Dynamics.Nav.Management.dll"

New-NAVServerUser $instance -WindowsAccount $(whoami)
New-NAVServerUserPermissionSet $instance -WindowsAccount $(whoami) -PermissionSetId SUPER

For Business Central 14 the path is:

Import-Module "C:\Program Files (x86)\Microsoft Dynamics 365 Business Central\140\RoleTailored Client\Microsoft.Dynamics.Nav.Management.dll"

If you do not have administrator rights, the following error message appears:

New-NAVServerUser : Access is denied. You need to be a member of the local Administrators group on the NAV Server to run this cmdlet
In Zeile:2 Zeichen:1
+ New-NAVServerUser dynamicsnav90 -WindowsAccount $(whoami)

Of course, this Windows user must also exist ;-)

New-NAVServerUser : The windows account could not be mapped to a valid security identifier (SID).
In Zeile:5 Zeichen:1
+ New-NAVServerUser $instance -WindowsAccount "test2"

Or you can create them all at once:

$users = Get-LocalUser | Select *
foreach ($user in $users) {
    $enabled = "$($user.Enabled)"
    if ($enabled -ieq "true") {
        $name = "$($user.Name)"
        New-NAVServerUser $instance -WindowsAccount $name
        New-NAVServerUserPermissionSet $instance -WindowsAccount $name -PermissionSetId SUPER
    }
}

 
 
 

Recent Posts

See All

Comments

bottom of page