Cisco Support Community
Community Member

Active Assistant

A customer of mine has a POV installation of Unity because they are a Notes shop so they originally did not want the Unity server integrated into their environment. The Unity server is 2.4.6 on W2K in its own Active Directory enabled domain. Quick Question: Can a trust relationship be used to pass their login credentials (to their existing NT 4.0 domain) with the appropriate acls of course on the W2K domain so that they don't have to login twice when trying to open Active Assistant?<br><br>Thanks for your help<br><br>


Re: Active Assistant

Ok… I think I understand what you want to do, but let me recap. You have NT accounts created in the Unity server’s domain and separate NT account created in their main domain where user’s are authenticating, right? It sounds like the Unity server is an “island install” where we’re in our own domain and our own Exchange org/site, right? I’m assuming you created these voice mail users on Unity via the SA and we turned around and created Exchange accounts and local NT accounts for them on our box.

If that’s the case, a trust relationship alone isn’t going to do it for you. Even if the NT login name and password are the same in both domains, NT Challenge and Response isn’t going to work for you here… each NT account has a SID associated with it and when an account hits our web server we pass that SID through and look to see if there’s an Exchange account that matches that NT account that’s also a subscriber. Since these users will be coming from another domain with different NT account, the SID will not match anything in our Exchange server.

What you’d need to do is create a trust such that the Unity domain trusts your main domain. Then you need to rip through in Exchange and associated each mailbox with it’s corresponding NT account in the main domain (they will be associated with accounts in the Unity domain already). Once you do that they should be able to hit the AA page without being asked to authenticate again.

If I totally missed your pitch, let me know and I’ll take another swing.

Jeff Lindborg
Unity Product Architect/Answer Monkey
Cisco Systems (new page for Unity support tools and scripts)


Re: Active Assistant

You understood it perfectly; that was exactly what I figured I needed to do, but I wanted to make sure there wasn't anything above setting up the Trust and associating the Exchange Account (I didn't write that originally, but nonetheless thought about that)with the login on their other NT domain. Thanks as always. I will get them all set up.

CreatePlease to create content