11-10-2009 11:01 AM - edited 03-18-2019 11:58 PM
After importing a user into Unity 7.02 if I change the subscribers extension, the subscriber account changes from a full subscriber account with voicemail to a internet subscriber account without voice mail. I logged onto the Unity server using the Unitydirsvc account and ran the DAD tool on the account I imported. Not all of the properties show that they have read/write access. My question is do ALL of the properties reported on by DAD have to have Read and Write access? My assumption is that they do, but I've not found any precise information yet that states this. Thanks-
11-16-2009 07:15 AM
Here's the results of running the Unity Directory Access Diagnostics tool. Although I'm having no problems importing accounts into Unity. I am having problems modifying those accounts once imported into Unity. I suspect the issues are a result of the unity directory services account not having the correct Read/Write access. Should the Unity Directory Services account have Read/Write access to ALL of the properties listed in the table below?
Property Name Read Write
ciscoEcsbuAlternateDTMFIds No No
ciscoEcsbuAlternateDTMFIdsOrder No No
ciscoEcsbuAmisDisableOutBound No No
ciscoEcsbuDTMFId No No
ciscoEcsbuListInUMDirectory No No
ciscoEcsbuObjectType No No
ciscoEcsbuTransferID No No
ciscoEcsbuUMLocationObjectId No No
ciscoEcsbuUndeleteable No No
displayName Yes No
facsimile TelephoneNumber Yes No
givenName Yes No
homeMDB Yes No
homeMTA Yes No
legacyExchangeDn Yes No
mail Yes No
mailNickname Yes No
mDBOverHardQuotaLimit Yes No
mDBOverQuotaLimit Yes No
mDBStorageQuota Yes No
mDBUseDefaults Yes No
msExchHideFromAddress Yes No
msExchRecordedName Yes No
name Yes No
objectGuid Yes No
objectSid Yes No
otherMailbox No No
sidHistory Yes No
sn Yes No
targetAddress No No
telephoneNumber No No
unsChanged Yes No
whenCreated No No
11-30-2009 08:05 AM
This is just a bump to my previous post above? Can someone please confirm whether or not ALL properties listed when running the Unity DAD tool must have both read and write privileges?
Thanks
11-30-2009 11:48 AM
The rights you have depend on a combination of a few items (e.g., whether Unity can create or import objects and whether you allow Unity to administer AD). In your case, if you can import from AD - but not change objects - did you select YES or NO to "Allow Cisco Unity to Administer Active Directory"? My guess would be NO. If not, you can rerun the Perm Wizard and just add that option.
11-30-2009 12:36 PM
Hi,
I did select for Unity to be able to admin Active Directory when I ran the permissions wizard and I have no problems importing accounts into Unity but for some reason if I modify the subscribers extension after they have been sucessfully imported into Unity and save the change, the subscriber account is changed to an "internet subscriber" account. This problem is what led me to run the DAD tool and notice that Read/write access was not being granted for the CiscoEcsbu properties.
What I'm hoping to confirm is that in ALL cases the Unity Directory services account should have read/write access to the ciscoEcsbu properties so that I could check with the customers AD/Exchange admins and see if they have not set the proper priviledges for the Unity Directory Services account.
11-30-2009 12:42 PM
OK. Well, like I said - what you should see for rights is outlined in the Permissions Wizard Help Guide. It is based on
a few criteria including what I said earlier - create vs. import of objects, administer AD, etc. There is a chart that will tell you what rights you should have set. It's not always read/write for every attribute. Have you tried importing the objects using the Bulk Import Tool and specifying the DTMF ID in that file? That will override what is in AD (or should)...otherwise, it will use what is in AD by default.
11-30-2009 12:56 PM
I have not tried the Bulk import but have used the COBRAs utility to modify the extension prior to importing and that works fine. But then if I modify the extension again after it is in Unity the subscriber account changes to an "internet subscriber". So even though I can get all of the accounts imported into Unity with the correct extensions, my worry is that the customer will need to change an extension later and will run into this problem. Seems like a permissions issue to me but when I run permissions check everything comes back clean. The DAD tool was the only thing that looked off to me.
Thanks for your replies.
11-30-2009 02:13 PM
No problem. Trying to eliminate the obvious first. You may well have a permissions issue. The Cisco-specific schema extensions should be pretty open to Unity (IMO). The odd part to me here is the Subscriber vs. Internet subscriber because this is usually determined within the Subscriber template when the user is created - not by any one field such as extension. However, I have a few lab systems of different version (5, 7, etc). I'll run DAD against them tonight and see what the typical outcome is.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide