Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Disabling Windows accounts created by Unity

I have a question that hopefully someone can help me with. I have about 400-500 Unity 3.1(3) subscribers who are voice mail only. There are also about a dozen unified messaging subscribers but I think they aren't involved in this. The problem is that Unity creates a Windows account (which are in our organization's Active Directory -- we have prefixed each of them with "zz" to differentiate them) and assigns it the default password. From what I can tell, that is the last time that Unity touches them since after looking at a number of these accounts I have found that their passwords are unchanged (we enforce periodic voice mail password changes).

Obviously, having all these accounts hanging around with rather simple passwords is a security risk so I'm wondering if I can simply disable the lot of them. I've tried it on a test account and its voice mail appears to continue to work without problems. However, looking into the event logs on our Unity server, I also noticed that the test user that I had disabled was causing this error to be reported:

Event Type: Error

Event Source: MSExchangeIS Mailbox Store

Event Category: Logons

Event ID: 1022

Date: 3/22/2004

Time: 4:05:35 AM

User: N/A

Computer: UNITY

Description:

Logon Failure on database "First Storage Group\Private Information Store (UNITY)" - Windows 2000 account TOWNE_CENTER\unity_us; mailbox /o=Ligand Pharmaceuticals/ou=TOWNE_CENTER/cn=Recipients/cn=zzDoeAaron.

Error: -2147221231

Before I do anything so sweeping as to disable all those "zz" accounts I would like to get some feedback on this. Will this work? Will Unity continue to work for these folks? Is there perhaps an easier way to secure these accounts? If disabling all of the accounts will multiply this error by a factor of 400-500, that would not be desirable. Any help would be greatly appreciated.

1 REPLY
New Member

Re: Disabling Windows accounts created by Unity

Hi,

Going by the error you received when you deleted the test account, I would not recommend deleting those accounts, those accounts appear to be the accounts that are associated with the mailboxes that Unity uses for their message store. It makes since that you do not have duplicate accounts for the Unified users, since they would use the same account and mailbox, but for the VM only users, they need two different accounts and mailboxes.

The password setting, if done in AD does not take effect for Unity, only if they would use that account to log onto your network.

Mike

288
Views
0
Helpful
1
Replies
CreatePlease to create content