Share This Post

Set Up and Deploy D365 On-premises Environments

This article applies only to deploying D365 On-premises Environments on Platform updates 8 and 11. It explains how to set up the infrastructure, plan your deployment and deploy D365 for Finance and Operations, Enterprise edition (on-premises), for the platform updates 8 and 11.

With this deployment option, Microsoft SQL Server database and the application servers will run in the customers data center. When you choose an on-premises deployment type, the system requirements, hardware sizing and functionality differ from a cloud deployment.

D365 On-premises Environments Components

The Finance and Operations application consists of three main components:

  • Application Object Server (AOS)
  • Business Intelligence (BI)
  • Financial Reporting/Management Reporter

These components depend on the following system software:

  • Microsoft Windows Server 2016
  • Microsoft SQL Server 2016 SP1, which has the following features:
    • Full-text index search is enabled.
    • SQL Server Reporting Services (SSRS) – This is deployed on BI virtual machines.
    • SQL Server Integration Services (SSIS) – This is deployed on AOS virtual machines.
  • SQL Server Management Studio
  • Standalone Microsoft Azure Service Fabric
  • Microsoft Windows PowerShell 5.0 or later
  • Active Directory Federation Services (AD FS) on Windows Server 2016
  • Domain controller

Set Up and Deploy D365 On-premises Environments Using Life Cycle Services

Finance and Operations bits are distributed through Microsoft Dynamics Life Cycle Services (LCS). Before deploying, you must purchase the license keys through the Enterprise Agreements channel and set up an on-premises project in LCS. Deployments can be initiated only through LCS.


The on-premises application works with AD FS. To interact with LCS, you must also configure Azure Active Directory (AAD). And, to complete the deployment and configure the LCS Local agent, you will need AAD.

Standalone Service Fabric

Finance and Operations uses standalone Service Fabric. Setup of D365 F&O will deploy a set of applications inside Service Fabric (SF). Throughout the deployment, each node in the cluster will be defined via configuration to have one of the following node types:

  • AOSNodeType: Hosts the application object server (business logic).
  • OrchestratorType: Functions as Service Fabric primary nodes, and hosts deployment- and servicing logic.
  • ReportServerType: Hosts SSRS and reporting logic.
  • MRType: Hosts management reporting logic.


Finance and Operations is designed to work on a Hyper-V virtualized environment that is based on Windows Servers. The hardware configuration includes the following components:

  • Standalone Service Fabric cluster that is based on Windows Server 2016 virtual machines (VMs)
  • Microsoft SQL Server (both Clustered SQL and Always-On are supported)
  • AD FS for authentication
  • Server Message Block (SMB) version 3 file share for storage
  • Optional: Microsoft Office Server 2017

Hardware Layout

Plan your infrastructure and Service Fabric cluster based on the recommended sizing in Hardware sizing for on-premises environments.



Before you start the setup, the following prerequisites must be in place. The setup of these prerequisites is out of scope for this document.

  • Active Directory Domain Services (AD DS) must be installed and configured in your network.
  • AD FS must be deployed.
  • SQL Server 2016 SP1 must be installed on the SSRS machines.
  • SQL Server Reporting Services 2016 must be installed in Native mode on the SSRS machines.

Set Up and Deploy D365 On-premises Environments Steps

1. Plan your Domain Name and DNS Zones

It is recommended that you use a publicly registered domain name for your production installation of AOS. In that way, the installation can be accessed outside the network, if outside access is required.

2. Plan and Acquire your Certificates

Secure Sockets Layer (SSL) certificates are required in order to secure a Service Fabric cluster and all the applications that are deployed.

3. Plan your Users and Service Accounts

You must create several user or service accounts for D365 Finance and Operations (on-premises) to work. You must create a combination of group managed service accounts (gMSAs), domain accounts, and SQL accounts.

4. Create DNS Zones and Add A Records

DNS is integrated with AD DS, and lets you organize, manage, and find resources in a network. Create a DNS forward lookup zone and A records for the AOS host name and the Service Fabric cluster.

5. Join VMs to the Domain

After the VMs are joined to the domain, add the AOS Service Accounts, Contoso\svc-AXSF$ and Contoso\AXServiceUser to the local administrators group.

6. Download Setup Scripts from LCS

  • Sign in to LCS.
  • On the dashboard, select the Shared asset library tile.
  • On the Model tab, in the grid, select the Dynamics 365 for Operations on-premises – Deployment scripts – Latest row.
  • Select the Versions button and then select Version 1.
  • Right click the zip file, and then select Properties. In the dialog box, select the Unblock check box.
  • Copy the zip file to the machine that will be used to execute the scripts.
  • Unzip the files into a folder that is named infrastructure.

7. Describe your Configuration

Infrastructure setup scripts utilize the following configuration files to drive the setup.

  • infrastructure\ConfigTemplate.xml
  • Service Node type, infrastructure\D365FO-OP\NodeTopologyDefintion.xml
  • Database, \D365FO-OP\DatabaseTopologyDefintion.xml

infrastructure\ConfigTemplate.xml describes:

  • Service Accounts that are needed for the application to operate
  • Certificates necessary for securing communications
  • Database configuration
  • Service Fabric cluster configuration

For each Service Fabric Node type, infrastructure\D365FO-OP\NodeTopologyDefinition.xml describes:

  • The mapping between each node type and the application, domain and service accounts, and certificates.
  • Whether to enable the UAC
  • Prerequisites for Windows features and system software
  • Whether strong name validation should be enabled
  • List of firewall ports to be opened

For each database, infrastructure\D365FO-OP\DatabaseTopologyDefinition.xml describes:

8. Configure Certificates

  • Navigate to the machine that has the infrastructure folder.
  • If you must generate self-signed certificates, run the following command. The script will create the certificates, put them in the CurrentUser\My certificate store on the machine, and update the thumbprints in the XML file.

# Create self-signed certs
.\New-SelfSignedCertificates.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

  • If you’re using SSL certificates that were already generated, skip the Certificate generation and update the thumbprints in the configTemplate.xml file.
  • Specify a semi-colon separated list of users or groups in the ProtectTo tag for each certificate.
  • Export the certificates into .pfx files.

    # Exports Pfx files into a directory VMs\<VMName>, all the certs will be written to infrastructure\Certs folder.
    .\Export-PfxFiles.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

9. Setup VMs

  • Export the scripts that must be run on each VM.
     # Exports the script files to be execute on each VM into a directory VMs\<VMName>.
.\Export-Scripts.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

Follow these steps for each VM

  • Copy the contents of each infrastructure\VMs<VMName> folder into the corresponding VM and then execute the following scripts.
    # Install pre-req software on the VMs.
.\Configure-PreReqs.ps1 -MSIFilePath <path of the MSIs>
  • Run the following scripts, if they exist, in order to complete the VM setup.
  • Run the following script to validate the VM setup.
.\Test-D365FOConfiguration.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

10. Configure LCS Connectivity for the Tenant

Deployment and servicing of Finance and Operations is orchestrated through LCS by using an D365 On-premises Environments local agent.

To establish connectivity from LCS to the Finance and Operations tenant, you must configure a certificate that enables the local agent to act on behalf on your Azure AD tenant (for example,

For more information on how to Set Up and Deploy D365 On-premises Environments, please contact us. For the continuation of this article, please refer :

Share This Post

Leave a Reply

Notify of
Skip to toolbar