Since you are talking about Active Directory, I assume that you are inetersted in Unity 3.0.
The first release of the product Unity 3.0(1) requires that the Unity install and service account be given the Enterprise admin rights. This is being changed for the first patch release , Unity 3.0(2), which is in works and should be out soon.
With Unity 3.0(2) to be able to create subscribers in AD and then import them into Unity, the following permissions are required for the person using the SA - Log on as a service, Act as a part of the operating system, Local Administrators group permissions, View Only Exchange Administrator at the Org Level, Read, Write and Modify permissions for any object Unity needs to write to as a subscriber. Unity will need to read from a DCGC, which means it will need at the minimum Read permissions at the domain level IF the DCGC isnt in the domain where it is installed. These checks will be done by the Unity 3.0(2) syscheck.
To be able to create accounts through the SA, you will need more permissions. We are not done fully documenting these as we are still working on the 3.0(2) patch.
Once 3.0(2) is out there on CCO, the release notes accompanying it should help clarify some of these issues.
There is also a securities document being worked on. We shall post a link to that as soon as that is available.
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...
The below trick might come handy when you have to add a new node to a cluster but you don't have or is unsure of the security password for the publisher. This procedure has been around for ages.
1) Login into the CLI of the Publisher.