Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Unity 405 to 421 cannot add users

Done a Unity 405 UM to 421 - used to be able to add users aswell as import but now can only import. Adding a user fails, used dad tool to test dir service account to add a user that failed and propmted me to check the directoryaccessdiagnostic.log in temp directory but I couldn't find that anywhere on the box. Nothing in event viewer either. ran latest perm wiz but still cannot add users. Checked registry for key 'disablenew exchsub' that was set to 0(I think that's right - if it was 1 then that would imply that I wouldn't be able to add). Any advise appreciated..TIA Jeff

10 REPLIES
Gold

Re: Unity 405 to 421 cannot add users

- Do you see the right DC/GC listed when using DCGC Reconnect Tool ??

- Check windows services and confirm all the AD services are starting using the Dir Srv Account

New Member

Re: Unity 405 to 421 cannot add users

Mahesh, thanks for the quick reply. The Unity services avdsad and avdsglobalcatalog are both started with the Dir service account.

the DCGC reconnect tool reports the correct information.

Jeff

Gold

Re: Unity 405 to 421 cannot add users

Can u try to add the user again and get the log file. The file should be located at c:\documents and settings\\Temp folder.

New Member

Re: Unity 405 to 421 cannot add users

Mahesh, still can't see the log file - even in the directory you state, searched the whole box!

this is the error we get on the screen if it helps.

Thanks again..Jeff

Gold

Re: Unity 405 to 421 cannot add users

Looks like Permissions Issue to me. Couple of things that you need to check.

1. If you are trying to add the user from Unity, ensure that Dir Svc Account should have Exchange Admin rights on the server which Unity is Integrated to. Also, this user needs to be a part of the Local Administrators on Exchange and a member of Administrators group in AD Users and Computer.

2. For users you are not able to import, ensure that Inherit Permissions is selected for the user.

New Member

Re: Unity 405 to 421 cannot add users

Yes thanks I have checked it against the permissions doc and all seems ok. Permissions are being inherited, just strange that it worker before the upgrade and not now.

Gold

Re: Unity 405 to 421 cannot add users

Can u enable avdsad traces, try to add user and attach it here.

Or open a TAC case

Re: Unity 405 to 421 cannot add users

Hi - a few things I would check:

1. Check for inheritance on the specific user. Check the Security tab, Advanced tab for the user account and make sure the check box is checked. If this is unchecked, the unitydirsvc and unitymsgstoresvc accounts do not get permission. The typical error is what you are seeing when attempting to add a user in Unity SA. Check the effective permissions on the user's account to see if the user is a member of a group that gets explicitly denied.

2. When you ran the Unity permissions wizard for the 4.2 upgrade, there is a check box that specifies whether or not Unity will have permission to ADD subscribers or IMPORT subscribers. I would also rerun the permissions wizard and REPORT on the permissions to ensure all is OK here.

Plus the other post recommendations are excellent, avdsad trace would give you more detail on the specific error.

Regards, Ginger

New Member

Re: Unity 405 to 421 cannot add users

thanks for your replies guys. The OU where I'm trying to create new users in the directory account has inherited create rights for users.I ran latest perm wiz and selected to add subscribers. adsad tool does not allow me to create users and the attached trace shows I do not have rights. No gpo's blocking inheritance here and theres only one gc/dc that unity is using. I know its an inheritance issue but can't see the problem to fix...thanks,Jeff

New Member

Re: Unity 405 to 421 cannot add users

I ran the report of privileges from perm wizard for dir account. It gave the following error:

ACCESS DENIED because there is no Allow ACE.

How can I fix that?..cheers jeff

153
Views
3
Helpful
10
Replies
CreatePlease to create content