cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
472
Views
0
Helpful
5
Replies

Unity account permissions

joemccann
Level 1
Level 1

I am looking for a document that will outline and explain the various Unity accounts and what permissions they should have. In addition, what access do they need within an Exchange 2000 server. The more detail about this the better...

5 Replies 5

lindborg
Cisco Employee
Cisco Employee

The first place to start is the help for the Unity 4.0 permissions wizard which you can find here:

http://www.ciscounitytools.com/HelpFiles/PWHelpPermissionsSet.htm

This gives a laundry list of the rights/permissions granted by the Permissions Wizard on the two accounts needed for installing Unity 4.0. The 4.0 version is still applicable to the 3.x Unity - we've just changed to requiring two accounts (one for directory rights, one for messaging rights in Exchange) because of all the explicit deny patches Microsoft is releasing with respect to send as/recieve as rights on the mailstore.

There's one more right being added that's not in the permissions wizard yet (will be out there this week) - the directory facing account needs access to the AD deleted items folder such that we get notification when an object has been deleted. This has been at the root of a couple sites where they delete users in AD and Unity doesn't notice this and doesn't automatically remove their data from SQL as it should.

Does this include the permissions for the account that is created by Unity during the installation, the Unity_ account?

Think of the Unity_ account/mailbox as any other subscriber of Unity. Unity uses this mailbox to send messages from outside callers to other subscriber mailboxes. As such, the Unity_ account doesn't need any sort of permissions unless a Unity service is going to run with it.

Hope that helps,

Keith

The Exchange 2000 server is in a cluster, so the Unity_ account is being used to start AvCsGateway, AvCsMgr, AvMsgStoreMonitor, AvGaenSvr, AvRepDirSvrSvc and AvUMRSyncSvr. Does the account need any special permissions for Unity to work properly?

OK yeah it will. Your Unity_ account will be the 'Message Store Services Account'. It will need these permissions:

http://www.ciscounitytools.com/HelpFiles/PWHelpPermissionsSet.htm#_Toc21735120

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: