Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
665
Views
0
Helpful
1
Replies

Disabling Windows accounts created by Unity

kpolan
Level 1
Level 1

‎03-22-2004 08:03 AM - edited ‎03-18-2019 02:44 PM

I have a question that hopefully someone can help me with. I have about 400-500 Unity 3.1(3) subscribers who are voice mail only. There are also about a dozen unified messaging subscribers but I think they aren't involved in this. The problem is that Unity creates a Windows account (which are in our organization's Active Directory -- we have prefixed each of them with "zz" to differentiate them) and assigns it the default password. From what I can tell, that is the last time that Unity touches them since after looking at a number of these accounts I have found that their passwords are unchanged (we enforce periodic voice mail password changes).

Obviously, having all these accounts hanging around with rather simple passwords is a security risk so I'm wondering if I can simply disable the lot of them. I've tried it on a test account and its voice mail appears to continue to work without problems. However, looking into the event logs on our Unity server, I also noticed that the test user that I had disabled was causing this error to be reported:

Event Type: Error

Event Source: MSExchangeIS Mailbox Store

Event Category: Logons

Event ID: 1022

Date: 3/22/2004

Time: 4:05:35 AM

User: N/A

Computer: UNITY

Description:

Logon Failure on database "First Storage Group\Private Information Store (UNITY)" - Windows 2000 account TOWNE_CENTER\unity_us; mailbox /o=Ligand Pharmaceuticals/ou=TOWNE_CENTER/cn=Recipients/cn=zzDoeAaron.

Error: -2147221231

Before I do anything so sweeping as to disable all those "zz" accounts I would like to get some feedback on this. Will this work? Will Unity continue to work for these folks? Is there perhaps an easier way to secure these accounts? If disabling all of the accounts will multiply this error by a factor of 400-500, that would not be desirable. Any help would be greatly appreciated.

Labels:
0 Helpful
1 Reply 1

milucero
Level 1
Level 1

‎03-22-2004 11:28 AM

Hi,

Going by the error you received when you deleted the test account, I would not recommend deleting those accounts, those accounts appear to be the accounts that are associated with the mailboxes that Unity uses for their message store. It makes since that you do not have duplicate accounts for the Unified users, since they would use the same account and mailbox, but for the VM only users, they need two different accounts and mailboxes.

The password setting, if done in AD does not take effect for Unity, only if they would use that account to log onto your network.

Mike

0 Helpful
Customers Also Viewed These Support Documents