Cisco Support Community
Community Member


do you have a file explaining the security problems with creating users on Unity instead of creating them in active directory and importing the user?<br><br>

Community Member

Re: security

Since you are talking about Active Directory, I assume that you are inetersted in Unity 3.0.

The first release of the product Unity 3.0(1) requires that the Unity install and service account be given the Enterprise admin rights. This is being changed for the first patch release , Unity 3.0(2), which is in works and should be out soon.

With Unity 3.0(2) to be able to create subscribers in AD and then import them into Unity, the following permissions are required for the person using the SA -
Log on as a service, Act as a part of the operating system, Local Administrators group permissions, View Only Exchange Administrator at the Org Level, Read, Write and Modify permissions for any object Unity needs to write to as a subscriber. Unity will need to read from a DCGC, which means it will need at the minimum Read permissions at the domain level IF the DCGC isn’t in the domain where it is installed. These checks will be done by the Unity 3.0(2) syscheck.

To be able to create accounts through the SA, you will need more permissions. We are not done fully documenting these as we are still working on the 3.0(2) patch.

Once 3.0(2) is out there on CCO, the release notes accompanying it should help clarify some of these issues.

There is also a securities document being worked on. We shall post a link to that as soon as that is available.

CreatePlease to create content