Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
0
Helpful
12
Replies

Migrate Subscriber doesn't work for Domain Admins

CCampbell_2
Level 1
Level 1

‎06-11-2003 09:16 AM - edited ‎03-13-2019 12:16 AM

Recently, I upgraded from 2.4.6 to 4.0.2/Exchange2k and all went well except for the reimport of 5 of my 325 users, who all happen to be Domain Admins. TACs solution was to go into the SQL DB and juryrig the fields so that they were set right, this worked and they asserted it would be a problem no more.

Well, today I have a user who I would like to migrate from his VM account in my VM OU to his real account in a different OU. This just worked for about 100 of my subscribers, but for this one person who is a domain admin, again it doesn't work. Migrate Subscriber doesn't even show the user in the Mail Users window.

When Permissions Wizard was run, I ran it at the top of the domain, so I know I don't have any problems there.

I know the problems are with my AD rights somewhere, and with Domain Admins, but after that I have no idea.

I don't want to open a TAC case because of their unwillingness to listen, so I present it here.

Anyone else have problems with Domain Admins and what did you do to fix it?

Thanks

Labels:
0 Helpful
12 Replies 12

lindborg
Cisco Employee
Cisco Employee

‎06-11-2003 10:31 AM

I'm not entirely sure what TAC did here in SQL - I'd need to know a little more about what failed on the import/synch from 2.4.6 for these guys and what TAC did to fix it to venture more than just a wild guess here.

That said, if the user you are trying to move information _to_ is already tagged as a Unity subscriber, it wont show up in the mail user list - you can try cleaning that account (assuming it's not a subscriber on another Unity box in the directory) using GSM itself or the Remove Subscriber Properties tool.

0 Helpful

CCampbell_2
Level 1
Level 1
In response to lindborg

‎06-11-2003 11:14 AM

Hi Jeff,

The problem with the initial import (from memory bear with me) was that the ch_username handler did not have the RECEPIENT_ID for the Subscriber. DB_Import.txt showed no errors on those particular users. TAC copied the ID field from the Subscriber and pasted in the relevant field in the handler record.

The user I am trying to move to is not already a subscriber. He was a previously existing, untouched by Unity, AD user. I created an Exchange mailbox for the user and then attempted to migrate the subscriber data onto that user, just like the ~100 non-domain admin users I did before getting to this, and the 20 I did after skipping this guy.

Hope you can help,

Cliff

0 Helpful

oliviers
Cisco Employee
Cisco Employee

‎06-11-2003 10:33 AM

I don't know if it's a permissions thing, but if it were, it could be caused by the fact that this particular user doesn't have the "allow inheritable permissions from parent to propigate to this user" checkbox on the "security" tab of the users properties selected. The permissions wizard sets at the top level and assumes objects are inheriting.

On my test system here, if I create a user that checkbox is enabled. Sometime after I added this user to DomainAdmins (Enterprise Admins, too), the check box was auto-magically disabled.

0 Helpful

smilliga
Level 1
Level 1
In response to oliviers

‎06-11-2003 11:56 AM

Is this user available for import via the SA? The SA uses a different method to get a list of available users so if he is available for import from the SA then it probably isn't a permissions problem. The SA goes straight to AD for its list but the MSD uses the Import Directory Connector (IDC).

0 Helpful

CCampbell_2
Level 1
Level 1
In response to smilliga

‎06-11-2003 11:59 AM

He's not available from the sa web page either. I can see other accounts that are not Unity subscribers but do have Exchange Mailboxes in there, but not his.

Thanks

cliff

0 Helpful

CCampbell_2
Level 1
Level 1
In response to oliviers

‎06-11-2003 11:57 AM

I'll assume your talking about the Security tab under the Mailbox Store Properties. That user isn't explicitly list in there. I have my userid (Domain and Schema Admin) to install Exchange, run PermWiz, etc.., Domain Admins, Enterprise Admins, Everyone, Exchange Domain Servers, the standard UnityDirSvc, Install and MsgStore Accounts. All of which have the "Allow inheritable perms..." Should I add this guys account? Which rights should I mimic.

Thanks

Cliff

0 Helpful

oliviers
Cisco Employee
Cisco Employee
In response to CCampbell_2

‎06-11-2003 12:20 PM

I was actually referring to the security tab on the AD user object itself--that AD account that won't show up.

0 Helpful

smilliga
Level 1
Level 1
In response to oliviers

‎06-11-2003 01:01 PM

Give DAD a try. Go to www.ciscounitytools.com and download the latest Directory Access Diagnostics (DAD) and run it under the same account as AvDSAD. See the help file for details.

0 Helpful

CCampbell_2
Level 1
Level 1
In response to smilliga

‎06-11-2003 01:33 PM

It passed accross the board. Logged in as mydomain\UnityDirSvc which is what the AvDSAD account logs in as. But I still can't see the user in either saweb or Migrate Subscriber Tools.

Thanks

Cliff

0 Helpful

CCampbell_2
Level 1
Level 1
In response to oliviers

‎06-11-2003 01:34 PM

I had to find someone with the Security tab. Doesn't show up on my Unity box or my workstation. The box was unchecked as you suspected but checking the box and waiting ~1 hr has not changed anything. Any other thoughts?

Thanks

Cliff

0 Helpful

oliviers
Cisco Employee
Cisco Employee
In response to CCampbell_2

‎06-11-2003 02:13 PM

Since that box is now checked, I guess you could try the perm-wiz again. Without being able to see things, it's kinda hard to come up with any other ideas.

0 Helpful

CCampbell_2
Level 1
Level 1
In response to oliviers

‎06-12-2003 07:39 AM

No luck on PermWiz either. I guess he's just going to have two accounts. I'd just like to say thanks to you and Jeff. Unity really is an awesome product.

Cliff

0 Helpful
Customers Also Viewed These Support Documents