02-05-2003 07:48 PM - edited 03-12-2019 10:34 PM
I need to install Unity 4.0 at a client that wants Unity to have little to no AD rights. Is it true that permissions wizard assigns the bare minimum rights required or can fewer rights be assigned manually and still have Unity function properly?
Thanks,
Dave
Solved! Go to Solution.
02-06-2003 06:50 AM
The Permissions wizard has a couple options in it when you run it allowing you to restrict the ability to create new users, create contacts and the like - taking these options is about as stripped down as we'll support. You can review the rights it is actually adding in AD from the help file in the Permissions wizard itself - The installation account needs creation rights for making the location objects and default DLs and the like during installation but the account actually associated with the directory facing services in Unity don't really need that much... we need the ability to update user and distribution list objects for some properties and, of course, read access all over - you can dictate which OU container and below we can update user/DL objects in (i.e. which containers we can import users and DLs from) so you have a reasonable amount of control.
Getting down to individual property rights is going to bring you to grief and we wont support you - too many issues can and will come up with the installation - when those things come up we will ask you to run permissions wizard to clear them and/or run the Directory Access Diagnostics tool (both this and the latest Permissions Wizard tool can be found on www.CiscoUnityTools.com) which checks all the rights for importing specific users and/or creating new users in a specific container.
Both the DAD and PW tools have decent help files that go into some detail about which permissions are being checked and set - you'll want to start there with your customer - but short story is we'll need to extend the AD schema and we'll need the set of minimum permissions set by PW to operate properly.
02-06-2003 06:50 AM
The Permissions wizard has a couple options in it when you run it allowing you to restrict the ability to create new users, create contacts and the like - taking these options is about as stripped down as we'll support. You can review the rights it is actually adding in AD from the help file in the Permissions wizard itself - The installation account needs creation rights for making the location objects and default DLs and the like during installation but the account actually associated with the directory facing services in Unity don't really need that much... we need the ability to update user and distribution list objects for some properties and, of course, read access all over - you can dictate which OU container and below we can update user/DL objects in (i.e. which containers we can import users and DLs from) so you have a reasonable amount of control.
Getting down to individual property rights is going to bring you to grief and we wont support you - too many issues can and will come up with the installation - when those things come up we will ask you to run permissions wizard to clear them and/or run the Directory Access Diagnostics tool (both this and the latest Permissions Wizard tool can be found on www.CiscoUnityTools.com) which checks all the rights for importing specific users and/or creating new users in a specific container.
Both the DAD and PW tools have decent help files that go into some detail about which permissions are being checked and set - you'll want to start there with your customer - but short story is we'll need to extend the AD schema and we'll need the set of minimum permissions set by PW to operate properly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide