05-12-2009 03:49 AM - edited 03-15-2019 05:58 PM
Hi,
I have Unity 5.0, when I remove the unityinstall (which is the Unity administration account) from the Domain Admin group and try to add a user i receive error message permission denied.
is there any way to remove the unityinstall account from the Domain admin and still able to add new subscibers.
Regards,
05-13-2009 05:46 AM
Hi Mohammad,
You have the excellent opportunity right now to ask this question directly to Cisco Unity Engineer Christopher in this Unified Communications Applications: ASK THE EXPERT - UNITY 7.X Event
My understanding of this is that if the unityinstall account is removed it must be replaced with a new account with the proper permissions :)
Installation Account
The Permissions wizard grants the installation account the permissions listed in this section.
Note: If you are concerned about the installation account being available after the Cisco Unity installation is complete, you can disable the account in Active Directory Users and Computers. We recommend that you not delete it because when you upgrade to a later version of Cisco Unity you will again need an installation account with the same permissions. If you delete the current account, you will have to create another, re-run the Cisco Unity Permissions wizard to set the required permissions, and re-delegate Exchange Administrator control.
http://www.ciscounitytools.com/HelpFiles/PW501/PWHelpPermissionsSet_ENU.htm#Exchange
Securing the Account That Was Used to Install Cisco Unity
Cisco Unity Setup creates a variety of objects in Active Directory (if the Cisco Unity server is a member server or domain controller in an Active Directory domain) or in Windows NT (if the Cisco Unity server is a member server in a Windows NT domain), and also creates mailboxes in Exchange. As a result, the account that is used to install Cisco Unity requires a broad range of user rights, group memberships, and Active Directory or Windows NT permissions. If you are concerned that an account with so many permissions will be available after the Cisco Unity installation is complete, you can disable the account in Active Directory Users and Computers (for an Active Directory account) or in User Manager for Domains (for a Windows NT account).
We recommend that you not delete the account because when you upgrade to a later version of Cisco Unity you will again need an installation account with the same permissions. If you delete the current account, you will have to create another, re-run the Cisco Unity Permissions wizard to set the required permissions, and manually give the account Exchange Administrator permission (if the partner server is running Exchange 2003 or Exchange 2000) or Services Account Administration permission (if the partner Exchange server is running Exchange 5.5).
http://www.cisco.com/en/US/docs/voice_ip_comm/unity/42/security/guide/ex/usg005.html#wp1115586
Hope this helps!
Rob
07-02-2009 11:20 AM
Rob,
I have a new Unity 5.0(1a) install and when trying to add new subscribers I am getting an error stating that Adding Subscribers to the selected Exchange Server is not currently supported. Add the subscriber to Exchange and them import them to Unity. I am running win2k3, Exchange2k3 and Unity 5.0(1a). could this be related to a permissions issue? I am using the Unity Admin account.
07-02-2009 05:12 PM
I don't remember if it was part of the permissions wizard or the install but there is a part of one of them that asks what level of authority you want to have. This sounds more like a permissions wizard thing. Run through it on a scheduled outage and see what it gives you.
07-06-2009 08:39 AM
It actually was a step that was not in the permissions wizard or the install guide. In the install guide it tells you to set the unitydirsvc account to exchange administrator during the delegate control step on the mailstore. This account actually needs to be an exchange full administrator in order for you to create the mailboxes from the sa page. Opened a tac case. Thanks for the reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide