Unity 5 "Deleted Objects" AD permission

Unanswered Question
Feb 12th, 2008

Hi,

I installed Unity5 in a child domain. When running the permissions wizard it applied 2 permissions to the Deleted Objects OU (hidden in AD) at the child domain level, but showed a failure when it attempted to apply the same permissions to the parent domain Deleted Objects.

This makes sense since our install account only had local domain admin rights.

Does this permission matter since we are only dealing with objects in the child domain and no other Unity servers or users exist in other parts of AD?

All other permissions went ok and server is operational with no errors. Unity is importing AD accounts only and has no AD admin rights

Thanks,

Scott

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ginger Dillon Wed, 02/13/2008 - 09:13

Hi Scott -

The unitydirsvc account is given "Read properties" and "List contents" permissions for the Deleted Objects OU - Applied onto child objects in every domain that contains Cisco Unity subscribers or groups. I have had a similar experience with running the permissions wizard and the only failure was the ability to set permissions on the Deleted Objects OU. We also only import AD accounts into Unity and this has not impacted our users or Unity application.

Ginger

ranpierce Wed, 02/13/2008 - 10:46

I too have had this error. Same thing as Ginger no impact on subscibers or accounts.

I think the reason is that PW had been run succussfully before. I also think that PW only gives and not takes away permissions. With that said, even though it had failed it still had the permissions from a successful run before. Just an idea of mine. :-)

jimmy-dotson Sun, 02/24/2008 - 19:39

Scott,

What version of PW did you use? We're having the same issues with PW version 2.2.0.39 from ciscounitytools.com, but we don't show any issues with our Parent Site running PW 2.2.0.36 (shipped on media).

We're going to run the upgrade again tomorrow in the Lab to see what happens (more or less to verify the above once more).

thx,

Jimmy

sposte Mon, 02/25/2008 - 05:44

I ran the PW from the Unity 5.0 DVD.

It was run in the child domain under a child domain Admin account, therefore permissions in the Parent domain could not be applied.

jimmy-dotson Mon, 02/25/2008 - 06:33

Scott,

Thx for the prompt reply... Much to my dismay (we thought the .36 on the media was clean) we have the same issue with both versions (.36 and .39).

What did TAC say? just curious...

thx,

Jimmy

sposte Mon, 02/25/2008 - 06:50

I opened a Partner Helpdesk ticket. They said that the permission for the Deleted Objects in the Parent Domain is only necessary if you are creating Unity users or objects in the Parent.

In our case Unity is only installed in the child domain so it's not needed. Otherwise you would run PW wizard under a Parent domain Admin account.

jimmy-dotson Mon, 02/25/2008 - 07:48

Excellent info.

Scott, any idea of the Case number? It sure would be good if we could steer our TAC engineer to some info that might help them understand what we are saying to them...

This is great news!!

thx!

Jimmy

Actions

This Discussion