Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Unityinstall AD privillage

Hi,

I have Unity 5.0, when I remove the unityinstall (which is the Unity administration account) from the Domain Admin group and try to add a user i receive error message permission denied.

is there any way to remove the unityinstall account from the Domain admin and still able to add new subscibers.

Regards,

4 REPLIES
Hall of Fame Super Red

Re: Unityinstall AD privillage

Hi Mohammad,

You have the excellent opportunity right now to ask this question directly to Cisco Unity Engineer Christopher in this Unified Communications Applications: ASK THE EXPERT - UNITY 7.X Event

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=Unified%20Communications%20Applications&topicID=.ee835d2&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd2fdfe

My understanding of this is that if the unityinstall account is removed it must be replaced with a new account with the proper permissions :)

Installation Account

The Permissions wizard grants the installation account the permissions listed in this section.

Note: If you are concerned about the installation account being available after the Cisco Unity installation is complete, you can disable the account in Active Directory Users and Computers. We recommend that you not delete it because when you upgrade to a later version of Cisco Unity you will again need an installation account with the same permissions. If you delete the current account, you will have to create another, re-run the Cisco Unity Permissions wizard to set the required permissions, and re-delegate Exchange Administrator control.

http://www.ciscounitytools.com/HelpFiles/PW501/PWHelpPermissionsSet_ENU.htm#Exchange

Securing the Account That Was Used to Install Cisco Unity

Cisco Unity Setup creates a variety of objects in Active Directory (if the Cisco Unity server is a member server or domain controller in an Active Directory domain) or in Windows NT (if the Cisco Unity server is a member server in a Windows NT domain), and also creates mailboxes in Exchange. As a result, the account that is used to install Cisco Unity requires a broad range of user rights, group memberships, and Active Directory or Windows NT permissions. If you are concerned that an account with so many permissions will be available after the Cisco Unity installation is complete, you can disable the account in Active Directory Users and Computers (for an Active Directory account) or in User Manager for Domains (for a Windows NT account).

We recommend that you not delete the account because when you upgrade to a later version of Cisco Unity you will again need an installation account with the same permissions. If you delete the current account, you will have to create another, re-run the Cisco Unity Permissions wizard to set the required permissions, and manually give the account Exchange Administrator permission (if the partner server is running Exchange 2003 or Exchange 2000) or Services Account Administration permission (if the partner Exchange server is running Exchange 5.5).

http://www.cisco.com/en/US/docs/voice_ip_comm/unity/42/security/guide/ex/usg005.html#wp1115586

Hope this helps!

Rob

Community Member

Re: Unityinstall AD privillage

Rob,

I have a new Unity 5.0(1a) install and when trying to add new subscribers I am getting an error stating that Adding Subscribers to the selected Exchange Server is not currently supported. Add the subscriber to Exchange and them import them to Unity. I am running win2k3, Exchange2k3 and Unity 5.0(1a). could this be related to a permissions issue? I am using the Unity Admin account.

Community Member

Re: Unityinstall AD privillage

I don't remember if it was part of the permissions wizard or the install but there is a part of one of them that asks what level of authority you want to have. This sounds more like a permissions wizard thing. Run through it on a scheduled outage and see what it gives you.

Community Member

Re: Unityinstall AD privillage

It actually was a step that was not in the permissions wizard or the install guide. In the install guide it tells you to set the unitydirsvc account to exchange administrator during the delegate control step on the mailstore. This account actually needs to be an exchange full administrator in order for you to create the mailboxes from the sa page. Opened a tac case. Thanks for the reply.

434
Views
0
Helpful
4
Replies
CreatePlease to create content