How-to: connection
Diagnose the active connection — reachability, identity, and a layered probe of a broken link. See the CLI reference for every flag.
Profile setup moved to crm profile
Creating, switching, and storing credentials for profiles now lives under
crm profile — see How-to: profile. The connection group is
diagnostics only (whoami, test, doctor, status).
Confirm reachability and identity
crm --json connection whoami
OrganizationId by hand:
| field | meaning |
|---|---|
UserId |
the calling user's GUID |
BusinessUnitId |
the user's business unit GUID |
OrganizationId |
the org GUID |
profile |
the resolved profile name (reflects any --profile override) |
url |
the resolved Web API base URL, e.g. https://host/org/api/data/v9.1/ |
org_name |
friendly org name from the organizations table (null on read failure) |
The success envelope also carries meta.profile and meta.url (as for every
backend-connected --json command — see "Connection identity" in CONTEXT.md).
A non-zero exit (e.g. 401) means the credentials are wrong — for NTLM the
DOMAIN\username / password, for OAuth (online) the app-registration client id /
secret / tenant, or a missing application user with a security role in Dynamics.
There is no automatic retry.
Reachability check with the API base
crm --json connection test
WhoAmI and reports the resolved API base — a quick smoke check that the
active profile reaches the server.
Inspect the active session and profile
crm --json connection status
active_profile with its publisher_prefix. It makes no network
call — use it to confirm which target the next command will hit. Profiles no
longer carry a default_solution — every customization-write command requires
an explicit --solution of its own (#636).
Diagnose a broken connection
crm connection doctor # or the alias: crm doctor
crm --json connection doctor
dns_tcp, tls,
version (the configured api_version), auth, and an informational rate_limit —
so a failing layer is pinpointed (DNS vs TCP vs TLS vs wrong api_version vs
401/403) with an actionable hint rather than collapsed into one generic error. It
is read-only: it never negotiates or mutates the profile, and the raw GETs run
regardless of --dry-run. Under --json it emits
{ok, data:{checks:[{check,ok,detail,hint}]}}; the overall ok (and exit code) is
the AND of the four diagnostic checks — rate_limit is informational and never fails
the command.