Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Unity creating new AD objects :Unity 4.2.1 E2k3 UM

I realize that the correct order to remove accounts is to delete the Unity account first, and then delete the associated AD/Exchange account after. That said, should the unity application have the capability to re-create deleted AD accounts when it syncronizes from SQL to AD? - is there a way to stop this behavior other than to delete the unity account first, before the AD object?

5 REPLIES
Silver

Re: Unity creating new AD objects :Unity 4.2.1 E2k3 UM

yes when you run/ran permissions wizard you could have not given the directory account permissions in AD.

I am not possitive but I think PW only gives

permissions and not takes away so if the account already has permissions then you need to plan. (make different accounts maybe)

Jeff am I right?

rlp

New Member

Re: Unity creating new AD objects :Unity 4.2.1 E2k3 UM

we only gave the accounts permissions as required/documented - and selected only "import unity accounts, not create"....

Not sure exactly what you are referring to.

Silver

Re: Unity creating new AD objects :Unity 4.2.1 E2k3 UM

That is exactly what I was referring to. Unity should not be able to create in AD as far as I understand it.

rlp

New Member

Re: Unity creating new AD objects :Unity 4.2.1 E2k3 UM

Well this is exactly what they are doing whenever we reboot a server and it does a full synch (assuming the AD account has already been deleted and the unity account has not), the AD object is recreated in the Unity OU in the customer's AD

Jeff - is this behavior normal or should I open a TAC ticket? Is there a way to manually remove this permission from the Unity accounts (and which one - unitydirsvc?).

Thanks.

New Member

Re: Unity creating new AD objects :Unity 4.2.1 E2k3 UM

Question to Cisco engineers- are there any permissions which can be removed so that Unity can not create AD accounts when doing a resynch if the AD account has already been deleted, but the unity account still exists in the UnityDB. Should I open a TAC ticket for this or is this expected behavior?

We only configure Unity to "import existing users" although I can not guarantee that someone at some point did not select the "create existing accounts" at one point in time when running the wizard....

Thank you.

93
Views
0
Helpful
5
Replies