Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
5
Replies

Unity creating new AD objects :Unity 4.2.1 E2k3 UM

maratimer_2
Level 1
Level 1

‎02-11-2008 08:40 AM - edited ‎03-18-2019 08:26 PM

I realize that the correct order to remove accounts is to delete the Unity account first, and then delete the associated AD/Exchange account after. That said, should the unity application have the capability to re-create deleted AD accounts when it syncronizes from SQL to AD? - is there a way to stop this behavior other than to delete the unity account first, before the AD object?

Labels:
0 Helpful
5 Replies 5

ranpierce
Level 6
Level 6

‎02-11-2008 12:32 PM

yes when you run/ran permissions wizard you could have not given the directory account permissions in AD.

I am not possitive but I think PW only gives

permissions and not takes away so if the account already has permissions then you need to plan. (make different accounts maybe)

Jeff am I right?

rlp

0 Helpful

maratimer_2
Level 1
Level 1
In response to ranpierce

‎02-11-2008 01:09 PM

we only gave the accounts permissions as required/documented - and selected only "import unity accounts, not create"....

Not sure exactly what you are referring to.

0 Helpful

ranpierce
Level 6
Level 6
In response to maratimer_2

‎02-11-2008 01:48 PM

That is exactly what I was referring to. Unity should not be able to create in AD as far as I understand it.

rlp

0 Helpful

maratimer_2
Level 1
Level 1
In response to ranpierce

‎02-12-2008 11:30 AM

Well this is exactly what they are doing whenever we reboot a server and it does a full synch (assuming the AD account has already been deleted and the unity account has not), the AD object is recreated in the Unity OU in the customer's AD

Jeff - is this behavior normal or should I open a TAC ticket? Is there a way to manually remove this permission from the Unity accounts (and which one - unitydirsvc?).

Thanks.

0 Helpful

maratimer_2
Level 1
Level 1
In response to maratimer_2

‎02-25-2008 07:54 AM

Question to Cisco engineers- are there any permissions which can be removed so that Unity can not create AD accounts when doing a resynch if the AD account has already been deleted, but the unity account still exists in the UnityDB. Should I open a TAC ticket for this or is this expected behavior?

We only configure Unity to "import existing users" although I can not guarantee that someone at some point did not select the "create existing accounts" at one point in time when running the wizard....

Thank you.

0 Helpful
Customers Also Viewed These Support Documents