How to – Use RetrieveAttributeChangeHistoryRequest to get audit data for an attribute (Dataverse/ Dynamics 365/ CRM)

We can use RetrieveAttributeChangeHistoryRequest to get the change history of a particular field / attribute of a record.

We need to set the Target and the AttributeLogicalName property of the request.

AuditDetails records of the RetrieveAttributeChangeHistoryResponse contains the detail of the audit records.

The Audit History records in CRM- 

AttributeAuditDetail contains the details of the changes made on the field’s value. It contains property like – objectid, userid, operation etc. as well as new value and the old value as shown below.

Sample Code (C#) 

 string ConnectionString = "AuthType = OAuth; " +
                  "AppId=51f81489-12ee-4a9e-aaae-a2591f45987d; " +
                  "; " +
                  "Password=*******; " +
                  "RedirectUri=app://58145B91-0C36-4500-8554-080854F2AC97;" +
                  "Url =;";

            CrmServiceClient svc = new CrmServiceClient(ConnectionString);

            if (svc.IsReady)

                var attributeChangeHistoryReq = new RetrieveAttributeChangeHistoryRequest();

                attributeChangeHistoryReq.Target =
                    new EntityReference("incident", new Guid("0a9f62a8-90df-e311-9565-a45d36fc5fe8"));
                attributeChangeHistoryReq.AttributeLogicalName = "prioritycode";

                var attrChangeResponse = (RetrieveAttributeChangeHistoryResponse)svc.Execute(attributeChangeHistoryReq);
                var auditDetailCollection = attrChangeResponse.AuditDetailCollection;

                foreach (var auditDetails in auditDetailCollection.AuditDetails)
                    // Type =  AttributeAuditDetail, AuditDetail, 
                    var type = auditDetails.GetType();

                    if (type == typeof(AttributeAuditDetail))
                        var attributeDetail = (AttributeAuditDetail)auditDetails;

                        var userName = attributeDetail.AuditRecord.GetAttributeValue<EntityReference>("userid").Name;
                        var operation = attributeDetail.AuditRecord.FormattedValues["operation"];
                        var action = attributeDetail.AuditRecord.FormattedValues["action"];
                        var createdOn = attributeDetail.AuditRecord.GetAttributeValue<DateTime>("createdon");
                        var newValue = attributeDetail.NewValue.FormattedValues["prioritycode"];
                        var oldValue = attributeDetail.OldValue?.FormattedValues["prioritycode"];


Check other posts on Audit

Hope it helps..


How to – manage who can create environments in Power Platform

Through the Power Platform admin center, the administrator can control who can create an environment in the Power Platform.

Click on Gear Icon >> Power Platform settings

There we can specify who can create production and sandbox environments & trial environments.

Let us set it as Only specific admins and save the settings.

With this particular setting now only the following admins will be able to create environments.

Global admin, Dynamics 365 Admin, and Power Platform admins.

The non-admin user will get the below error

Your tenant’s administrators have disabled trial environment creation for non-admin users. You need permission to create a trial environment in your tenant

In case of Everyone, the below license determines who can create environments.

Hope it helps..


How to – change user’s business unit without removing the security roles in Dynamics 365 / PowerApps (EnableOwnershipAcrossBusinessUnits setting)

When we change the user’s business unit, all the current security roles of the users are removed and we need to assign the roles again to the user. This has always been the default behavior. 

Also check – Modernize Business Units –

For E.g. below user User 2 belongs to Business Unit – BU 1 and has the following security roles assigned.

Now changing the user’s business unit to BU 2

will remove all his security roles assigned.

We can now override this behavior by updating the new option /setting added

EnableOwnershipAcrossBusinessUnits (this property determines if roles are removed when the principal changes business units) through the
Organization Settings Editor tool

After we have installed the managed solution, we can update the setting and set it as true

Let us assign the security roles to User 2 in BU 2.

Let us now change the BU of user 2 back to BU 1.

As expected after updating that setting – DoNotRemoveRolesOnChangeBusinessUnit– as true – we can see the security roles still intact, even on the change of Business Unit for the user.

What happens if user 2 is assigned a security role – BU2 Security Role, which is created in BU 2 Business unit and is not available in BU 1.

Let us change the business unit to BU 1.

As expected BU2 security role is not available in BU 1, so that role is not assigned, only the common security role coming from parent BU remains intact.

Hope it helps..


Collaborate using Comments (preview) in Modern App Designer – Power Apps / Dynamics 365

A new comments (preview) feature has been added recently in the Modern App Designer

Modern App Designer

To see it in action, open an existing app or create a new app using the Modern App Designer.

We can see the Comments (preview) options in the toolbar.

Comments allow us to add notes, discuss with colleagues using mention etc.

We can add multiple comments and it shows the count.

The comments can be edited, deleted, and resolved.

This is how the resolved comment look like – disabled 

We can add comments to the page of type  – view, form, dashboard, and custom page.

We can add comment also within the Navigation bar.

Currently, mention is not listing any suggestions –

Check here for more such features added –

Hope it helps..


The trick to force / trigger user sync – Power Platform / Dynamics 365

Sometimes it takes a long time for the users to appear in Dynamics 365, even though users have the appropriate licenses.

E.g. here we have added user6 in Microsoft 365 Admin Center.

Back in CRM, we do not see user 6 added.

One way to add the user is through Force Sync User action of Power Platform Management connector.

or the other option is to ask the user to log in to the Power Apps.

As soon as the user logs in we can see his account added/synced to the enabled users in CRM.

Thanks to Emre Gulcan for this trick

Hope it helps..


Using Force Sync User to sync PowerApp / CRM users – Power Platform / Dynamics 365

Recently in one of our trial environments, some of the users were not showing up in the Enabled Users view in Dynamics 365, although the users were having appropriate licenses assigned to them. (was more than 24 hours)

In such a scenario we can use Force Sync user action of Power Platform Management Connector.

For Force Sync users, we will be passing the object id of the user and selecting the appropriate environment.

Run the flow manually.

It asks for the Object Id of user.

Inside Azure Portal >> Azure Active Directory >> Users, get the Object Id of the user

Currently, we have below 3 users in CRM

Let us run the flow.

Wait for the flow to complete.

After successful execution of the flow, back in CRM, we can see user 5 added to the list of enabled users.

In case we are using a security group for the environment we can make use of the below Power Automate Template, it takes the security group’s object id as input and loops through each of the members and applies Force Sync user action.

We can also make use of PowerShell cmdlets to achieve the same

Force Sync Azure Active Directory Group members to specified CDS instance

Hope it helps..

%d bloggers like this: