Running Unity DAD tool

Unanswered Question
Nov 10th, 2009
User Badges:

After importing a user into Unity 7.02 if I change the subscribers extension, the subscriber account changes from a full subscriber account with voicemail to a internet subscriber account without voice mail. I logged onto the Unity server using the Unitydirsvc account and ran the DAD tool on the account I imported. Not all of the properties show that they have read/write access. My question is do ALL of the properties reported on by DAD have to have Read and Write access? My assumption is that they do, but I've not found any precise information yet that states this. Thanks-

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ahopkins Mon, 11/16/2009 - 07:15
User Badges:

Here's the results of running the Unity Directory Access Diagnostics tool. Although I'm having no problems importing accounts into Unity. I am having problems modifying those accounts once imported into Unity. I suspect the issues are a result of the unity directory services account not having the correct Read/Write access. Should the Unity Directory Services account have Read/Write access to ALL of the properties listed in the table below?

Property Name Read Write

ciscoEcsbuAlternateDTMFIds No No

ciscoEcsbuAlternateDTMFIdsOrder No No

ciscoEcsbuAmisDisableOutBound No No

ciscoEcsbuDTMFId No No

ciscoEcsbuListInUMDirectory No No

ciscoEcsbuObjectType No No

ciscoEcsbuTransferID No No

ciscoEcsbuUMLocationObjectId No No

ciscoEcsbuUndeleteable No No

displayName Yes No

facsimile TelephoneNumber Yes No

givenName Yes No

homeMDB Yes No

homeMTA Yes No

legacyExchangeDn Yes No

mail Yes No

mailNickname Yes No

mDBOverHardQuotaLimit Yes No

mDBOverQuotaLimit Yes No

mDBStorageQuota Yes No

mDBUseDefaults Yes No

msExchHideFromAddress Yes No

msExchRecordedName Yes No

name Yes No

objectGuid Yes No

objectSid Yes No

otherMailbox No No

sidHistory Yes No

sn Yes No

targetAddress No No

telephoneNumber No No

unsChanged Yes No

whenCreated No No

ahopkins Mon, 11/30/2009 - 08:05
User Badges:

This is just a bump to my previous post above?  Can someone please confirm whether or not ALL properties listed when running the Unity DAD tool must have both read and write privileges?


David Hailey Mon, 11/30/2009 - 11:48
User Badges:
  • Purple, 4500 points or more

The rights you have depend on a combination of a few items (e.g., whether Unity can create or import objects and whether you allow Unity to administer AD).  In your case, if you can import from AD - but not change objects - did you select YES or NO to "Allow Cisco Unity to Administer Active Directory"?  My guess would be NO.  If not, you can rerun the Perm Wizard and just add that option.

ahopkins Mon, 11/30/2009 - 12:36
User Badges:


I did select for Unity to be able to admin Active Directory when I ran the permissions wizard and I have no problems importing accounts into Unity but for some reason if I modify the subscribers extension after they have been sucessfully imported into Unity and save the change, the subscriber account is changed to an "internet subscriber" account.  This problem is what led me to run the DAD tool and notice that Read/write access was not being granted for the CiscoEcsbu properties.

What I'm hoping to confirm is that in ALL cases the Unity Directory services account should have read/write access to the ciscoEcsbu properties so that I could check with the customers AD/Exchange admins and see if they have not set the proper priviledges for the Unity Directory Services account.

David Hailey Mon, 11/30/2009 - 12:42
User Badges:
  • Purple, 4500 points or more

OK.  Well, like I said - what you should see for rights is outlined in the Permissions Wizard Help Guide.  It is based on

a few criteria including what I said earlier - create vs. import of objects, administer AD, etc.  There is a chart that will tell you what rights you should have set.  It's not always read/write for every attribute.  Have you tried importing the objects using the Bulk Import Tool and specifying the DTMF ID in that file?  That will override what is in AD (or should)...otherwise, it will use what is in AD by default.

ahopkins Mon, 11/30/2009 - 12:56
User Badges:

I have not tried the Bulk import but have used the COBRAs utility to modify the extension prior to importing and that works fine.  But then if I modify the extension again after it is in Unity the subscriber account changes to an "internet subscriber".  So even though I can get all of the accounts imported into Unity with the correct extensions, my worry is that the customer will need to change an extension later and will run into this problem.  Seems like a permissions issue to me but when I run permissions check everything comes back clean.  The DAD tool was the only thing that looked off to me.

Thanks for your replies.

David Hailey Mon, 11/30/2009 - 14:13
User Badges:
  • Purple, 4500 points or more

No problem.  Trying to eliminate the obvious first.  You may well have a permissions issue.  The Cisco-specific schema extensions should be pretty open to Unity (IMO).  The odd part to me here is the Subscriber vs. Internet subscriber because this is usually determined within the Subscriber template when the user is created - not by any one field such as extension.  However, I have a few lab systems of different version (5, 7, etc).  I'll run DAD against them tonight and see what the typical outcome is.


This Discussion