03-22-2004 08:03 AM - edited 03-18-2019 02:44 PM
I have a question that hopefully someone can help me with. I have about 400-500 Unity 3.1(3) subscribers who are voice mail only. There are also about a dozen unified messaging subscribers but I think they aren't involved in this. The problem is that Unity creates a Windows account (which are in our organization's Active Directory -- we have prefixed each of them with "zz" to differentiate them) and assigns it the default password. From what I can tell, that is the last time that Unity touches them since after looking at a number of these accounts I have found that their passwords are unchanged (we enforce periodic voice mail password changes).
Obviously, having all these accounts hanging around with rather simple passwords is a security risk so I'm wondering if I can simply disable the lot of them. I've tried it on a test account and its voice mail appears to continue to work without problems. However, looking into the event logs on our Unity server, I also noticed that the test user that I had disabled was causing this error to be reported:
Event Type: Error
Event Source: MSExchangeIS Mailbox Store
Event Category: Logons
Event ID: 1022
Date: 3/22/2004
Time: 4:05:35 AM
User: N/A
Computer: UNITY
Description:
Logon Failure on database "First Storage Group\Private Information Store (UNITY)" - Windows 2000 account TOWNE_CENTER\unity_us; mailbox /o=Ligand Pharmaceuticals/ou=TOWNE_CENTER/cn=Recipients/cn=zzDoeAaron.
Error: -2147221231
Before I do anything so sweeping as to disable all those "zz" accounts I would like to get some feedback on this. Will this work? Will Unity continue to work for these folks? Is there perhaps an easier way to secure these accounts? If disabling all of the accounts will multiply this error by a factor of 400-500, that would not be desirable. Any help would be greatly appreciated.
03-22-2004 11:28 AM
Hi,
Going by the error you received when you deleted the test account, I would not recommend deleting those accounts, those accounts appear to be the accounts that are associated with the mailboxes that Unity uses for their message store. It makes since that you do not have duplicate accounts for the Unified users, since they would use the same account and mailbox, but for the VM only users, they need two different accounts and mailboxes.
The password setting, if done in AD does not take effect for Unity, only if they would use that account to log onto your network.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide