Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Blue

Unity 4.0(5) in parent domain, can't import users from child domains

Unity resides in company.com as well as exchangeserver1 (partner server). Users reside in company.com as well as state.company.com (child domain). I have used the latest permissions wizard and it complete successfully.

I can only import users from company.com. Also, during the permissions wizard I can see all the exchange servers and mailstores, however if I logon as UnityDirSvc and bring up the directory access tool and choose the test mailstores tab, I can't see any of them.

UnityInstall is Exchange Administrator, UnityDirSvc is Exchange View Only. Again, permissions wizard completes with no issues, Unity actually starts, and the Unity service accounts are in a protected OU so no chance for GP's to be applied to them.

Completely at a loss.

One other note. The directory access tool says the account is not set to inherit permissions from its parent, however the security tab for the users IS check to inherit permissions. Very strange.

TIA,

Andy

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Unity 4.0(5) in parent domain, can't import users from child

Do you see any error messages in the event logs? Turn on AvSaDbConn (10-15), AvDSAd and AvDsGlobalCatalog traces. Open Saweb and try to import. Collect AvCsMgr, AvDSAd, and AvDsGlobalCatalog logs and post them.

Did you try importing with Bulk Import tool?

Can you check the user security settings in ADUC to make sure that the UnityDirSvc account has inherited rights to the user?

4 REPLIES
Cisco Employee

Re: Unity 4.0(5) in parent domain, can't import users from child

Do you see any error messages in the event logs? Turn on AvSaDbConn (10-15), AvDSAd and AvDsGlobalCatalog traces. Open Saweb and try to import. Collect AvCsMgr, AvDSAd, and AvDsGlobalCatalog logs and post them.

Did you try importing with Bulk Import tool?

Can you check the user security settings in ADUC to make sure that the UnityDirSvc account has inherited rights to the user?

Blue

Re: Unity 4.0(5) in parent domain, can't import users from child

1. If I right click on properties of a user in the child domain and go to the securities tab. I do not see the unitydirsvc and unitymsgstrsvc accounts applied like I do in the parent domain users. However, the user DOES have the box checked to inherit permissions from its parent.

2. I am getting the logs now to post.

3. For an install where Unity is in the parent domain but users are in the child domains, does the UnityInstall account need more permissions that just the domain admin?

Blue

Re: Unity 4.0(5) in parent domain, can't import users from child

any way I could e-mail you these logs? You can e-mail me offline at cisco@dignans.com to keep your e-mail off the list.

Blue

Re: Unity 4.0(5) in parent domain, can't import users from child

Thanks hinho. Turned out the UnityInstall account needed Enterprise Admin rights (or run permissions wizard with an enterprise account in this type of topology and the UnityInstall account will get assigned the correct rights) and I needed to select the child domains in the "container" screen of the Permissions Wizard. I just selected the parent domain.

153
Views
0
Helpful
4
Replies