Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
4
Replies

Unity 4.0(5) in parent domain, can't import users from child domains

Go to solution
adignan
Level 8
Level 8

‎11-22-2005 10:05 PM - edited ‎03-18-2019 05:20 PM

Unity resides in company.com as well as exchangeserver1 (partner server). Users reside in company.com as well as state.company.com (child domain). I have used the latest permissions wizard and it complete successfully.

I can only import users from company.com. Also, during the permissions wizard I can see all the exchange servers and mailstores, however if I logon as UnityDirSvc and bring up the directory access tool and choose the test mailstores tab, I can't see any of them.

UnityInstall is Exchange Administrator, UnityDirSvc is Exchange View Only. Again, permissions wizard completes with no issues, Unity actually starts, and the Unity service accounts are in a protected OU so no chance for GP's to be applied to them.

Completely at a loss.

One other note. The directory access tool says the account is not set to inherit permissions from its parent, however the security tab for the users IS check to inherit permissions. Very strange.

TIA,

Andy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Hin Lee
Cisco Employee
Cisco Employee

‎11-23-2005 02:04 PM

Do you see any error messages in the event logs? Turn on AvSaDbConn (10-15), AvDSAd and AvDsGlobalCatalog traces. Open Saweb and try to import. Collect AvCsMgr, AvDSAd, and AvDsGlobalCatalog logs and post them.

Did you try importing with Bulk Import tool?

Can you check the user security settings in ADUC to make sure that the UnityDirSvc account has inherited rights to the user?

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Hin Lee
Cisco Employee
Cisco Employee

‎11-23-2005 02:04 PM

Do you see any error messages in the event logs? Turn on AvSaDbConn (10-15), AvDSAd and AvDsGlobalCatalog traces. Open Saweb and try to import. Collect AvCsMgr, AvDSAd, and AvDsGlobalCatalog logs and post them.

Did you try importing with Bulk Import tool?

Can you check the user security settings in ADUC to make sure that the UnityDirSvc account has inherited rights to the user?

0 Helpful

Go to solution
adignan
Level 8
Level 8
In response to Hin Lee

‎11-23-2005 02:27 PM

1. If I right click on properties of a user in the child domain and go to the securities tab. I do not see the unitydirsvc and unitymsgstrsvc accounts applied like I do in the parent domain users. However, the user DOES have the box checked to inherit permissions from its parent.

2. I am getting the logs now to post.

3. For an install where Unity is in the parent domain but users are in the child domains, does the UnityInstall account need more permissions that just the domain admin?

0 Helpful

Go to solution
adignan
Level 8
Level 8
In response to adignan

‎11-23-2005 02:42 PM

any way I could e-mail you these logs? You can e-mail me offline at cisco@dignans.com to keep your e-mail off the list.

0 Helpful

Go to solution
adignan
Level 8
Level 8
In response to adignan

‎11-26-2005 03:03 PM

Thanks hinho. Turned out the UnityInstall account needed Enterprise Admin rights (or run permissions wizard with an enterprise account in this type of topology and the UnityInstall account will get assigned the correct rights) and I needed to select the child domains in the "container" screen of the Permissions Wizard. I just selected the parent domain.

0 Helpful
Customers Also Viewed These Support Documents