I am reading through documentation regarding Unity Permission Wizard and what actions it is supposed to take:
We run Unity 4.2(1) in UM mode with Exchange 2003 as Message Store. Over the past 2 years we had some Windows Admin play around with account permissions on both Domain and Exchange level and now we plan to sort this mess out.
Looking at individual recepients' mailboxes i see UnityMsgStoreSVC, UnityDirSvc and Unity_<servername> account having permission on each subscriber mailbox. I don't see why UnityDirSvc or Unity_<servername> should have such permissions on the mailboxes. UnityMsgStoreSvc is another story cause this account is really accessing the mainboxes.
Reading document at the link I had specified above I see only references about Attributes and not much about what Group membership on Domain or Exchange level will Permissions Wizard actually modify.
Can anyone maybe point me to the document like that?
I am affraid that if those service accounts had been manually assigned group memebership, then Permissions Wizard will not fully repair it. Will it really clean everything up and return the permissions state (and group membership) to a prestine state?