Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Minimum Rights

I need to install Unity 4.0 at a client that wants Unity to have little to no AD rights. Is it true that permissions wizard assigns the bare minimum rights required or can fewer rights be assigned manually and still have Unity function properly?

Thanks,

Dave

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Minimum Rights

The Permissions wizard has a couple options in it when you run it allowing you to restrict the ability to create new users, create contacts and the like - taking these options is about as stripped down as we'll support. You can review the rights it is actually adding in AD from the help file in the Permissions wizard itself - The installation account needs creation rights for making the location objects and default DLs and the like during installation but the account actually associated with the directory facing services in Unity don't really need that much... we need the ability to update user and distribution list objects for some properties and, of course, read access all over - you can dictate which OU container and below we can update user/DL objects in (i.e. which containers we can import users and DLs from) so you have a reasonable amount of control.

Getting down to individual property rights is going to bring you to grief and we wont support you - too many issues can and will come up with the installation - when those things come up we will ask you to run permissions wizard to clear them and/or run the Directory Access Diagnostics tool (both this and the latest Permissions Wizard tool can be found on www.CiscoUnityTools.com) which checks all the rights for importing specific users and/or creating new users in a specific container.

Both the DAD and PW tools have decent help files that go into some detail about which permissions are being checked and set - you'll want to start there with your customer - but short story is we'll need to extend the AD schema and we'll need the set of minimum permissions set by PW to operate properly.

1 REPLY
Cisco Employee

Re: Minimum Rights

The Permissions wizard has a couple options in it when you run it allowing you to restrict the ability to create new users, create contacts and the like - taking these options is about as stripped down as we'll support. You can review the rights it is actually adding in AD from the help file in the Permissions wizard itself - The installation account needs creation rights for making the location objects and default DLs and the like during installation but the account actually associated with the directory facing services in Unity don't really need that much... we need the ability to update user and distribution list objects for some properties and, of course, read access all over - you can dictate which OU container and below we can update user/DL objects in (i.e. which containers we can import users and DLs from) so you have a reasonable amount of control.

Getting down to individual property rights is going to bring you to grief and we wont support you - too many issues can and will come up with the installation - when those things come up we will ask you to run permissions wizard to clear them and/or run the Directory Access Diagnostics tool (both this and the latest Permissions Wizard tool can be found on www.CiscoUnityTools.com) which checks all the rights for importing specific users and/or creating new users in a specific container.

Both the DAD and PW tools have decent help files that go into some detail about which permissions are being checked and set - you'll want to start there with your customer - but short story is we'll need to extend the AD schema and we'll need the set of minimum permissions set by PW to operate properly.

86
Views
0
Helpful
1
Replies