Logging into Active Assistant with Windows 2000 domain account

cmitche4 · ‎08-26-2002

I have a unity install that I just took over. Unity was installed in a separate Windows 2000 Domain. Users need to log in to Active Assistant, but they can't with their normal Win2k ID and password they use on their corporate Domain (not associate with subscriber). Is there any way to "fix" that? I know in Unity 2.6 running on Exchange 5.5 I could get around that by granting the Corporate Account permissions to the Exchange mailbox.

lindborg · ‎08-26-2002

You have a couple of options for dealing with wanting to open the AA while logged into the domain as an account other than the one associated with your Unity account.

The first option is pretty straight forward and is what TAC normally reccomends for this type of thing. Setup their IE interfaces such that they are prompted to authenticate when they attach to the AA... They'll get a dialog asking for their name, domain and password which will be the login name for the domain Unity is installed in and they should get in. Yeah, this is a little annoying and they'll have to know a separate login name and PW but it works and is how this issue is documented for work around.

The second option is a little hairier but might be more to the customer's liking (but more work for you). You can create associations between their domain account (the one they log into the domain with) and their voice mail account you created. You can use the GrantUnityAccess tool to do this... You pass in the Domain\Alias for the login account and then the alias of the subscriber you want that domain account associated with in Unity. It's a command line tool and can be scripted, you can find it in the \commserver root directory and if you run it it'll spit out all the options for it. For instance I created a JLINDBORG account in CORPDOMAIN and a VM-JLINDBORG account in UNITYDOMAIN. I made the VM-JLINDBORG account a subscriber in Unity and then logged into the CORPDOMAIN domain as JLINDBORG. Attempting to open the web page fails as expected. Then on the local Unity server (in UNITYDOMAIN) run:

"GrantUnityAccess -u CORPDOMAIN\jlindborg -s vm-jlindborg"

and you should be able to get into the AA for that user without having to manually authenticate.

This is intended for help desk type applications that require a single account to have SA admin access to many Unity boxes on the same network but would work for this as well.

cmitche4 · ‎08-26-2002

Is the windows password in the Unity domain the same as the voicemail password?

lindborg · ‎08-26-2002

no, those two passwords are not related. In this case it wont matter since you're making an association between the SID of the domain account the user is authenticating in and a local subscriber they will "proxy in" as on the local Unity server. It wont matter if their domain names, login names and/or passwords match or not.

mciarochi · ‎08-27-2002

I have the exact issue, and understand the two solutions. I have a question about the first solution, where the customer just logs in to Active Assistant with the separate Unity username/password combo.

How do you change the Unity password? AA only prompts for the phone password. I can get in with the default pwd assigned to the account, but can't change it, which means every account has the same password. I tried using the ctrl-alt-del and specifying the Unity server domain, but I get "...cannot change your password because the domain <> is not available."

It appears that this server is using local-only logins, because it doesn't matter what you type for the domain, as long as you get the userID/pwd correct.