02-12-2008 09:28 PM - edited 03-18-2019 08:27 PM
Hi,
I installed Unity5 in a child domain. When running the permissions wizard it applied 2 permissions to the Deleted Objects OU (hidden in AD) at the child domain level, but showed a failure when it attempted to apply the same permissions to the parent domain Deleted Objects.
This makes sense since our install account only had local domain admin rights.
Does this permission matter since we are only dealing with objects in the child domain and no other Unity servers or users exist in other parts of AD?
All other permissions went ok and server is operational with no errors. Unity is importing AD accounts only and has no AD admin rights
Thanks,
Scott
02-13-2008 09:13 AM
Hi Scott -
The unitydirsvc account is given "Read properties" and "List contents" permissions for the Deleted Objects OU - Applied onto child objects in every domain that contains Cisco Unity subscribers or groups. I have had a similar experience with running the permissions wizard and the only failure was the ability to set permissions on the Deleted Objects OU. We also only import AD accounts into Unity and this has not impacted our users or Unity application.
Ginger
02-13-2008 09:25 AM
Thanks Ginger,
02-13-2008 10:46 AM
I too have had this error. Same thing as Ginger no impact on subscibers or accounts.
I think the reason is that PW had been run succussfully before. I also think that PW only gives and not takes away permissions. With that said, even though it had failed it still had the permissions from a successful run before. Just an idea of mine. :-)
02-24-2008 07:39 PM
Scott,
What version of PW did you use? We're having the same issues with PW version 2.2.0.39 from ciscounitytools.com, but we don't show any issues with our Parent Site running PW 2.2.0.36 (shipped on media).
We're going to run the upgrade again tomorrow in the Lab to see what happens (more or less to verify the above once more).
thx,
Jimmy
02-25-2008 05:44 AM
I ran the PW from the Unity 5.0 DVD.
It was run in the child domain under a child domain Admin account, therefore permissions in the Parent domain could not be applied.
02-25-2008 06:33 AM
Scott,
Thx for the prompt reply... Much to my dismay (we thought the .36 on the media was clean) we have the same issue with both versions (.36 and .39).
What did TAC say? just curious...
thx,
Jimmy
02-25-2008 06:50 AM
I opened a Partner Helpdesk ticket. They said that the permission for the Deleted Objects in the Parent Domain is only necessary if you are creating Unity users or objects in the Parent.
In our case Unity is only installed in the child domain so it's not needed. Otherwise you would run PW wizard under a Parent domain Admin account.
02-25-2008 07:48 AM
Excellent info.
Scott, any idea of the Case number? It sure would be good if we could steer our TAC engineer to some info that might help them understand what we are saying to them...
This is great news!!
thx!
Jimmy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: