Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
3
Replies

Unity Exchange Permissions: Any Problem giving more rights than needed?

Go to solution
srichardson
Level 4
Level 4

‎06-15-2005 08:56 AM - last edited on ‎03-25-2019 09:21 PM by Community Manager

I have a client who wants to put the installation, directory service, and message store service account into an "Exchange Gods" security group, giving the highest rights to these accounts. I seem to remember a TAC case where I was told that one particular account should NOT be added to a domain admins group.

Does anyone have a solid answer to this? Can my client safely give more permissions than needed?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jasyoung
Level 7
Level 7

‎06-15-2005 09:50 AM

The Domain Admins group is explicitly prohibited by the default Exchange ACLs from accessing user mailboxes. Therefore, the Unity message store account must not be a member of the Domain Admins group or it will be unable to login to retrieve messages or monitor mailboxes for changes, which is needed for message notification and MWI purposes.

The Unity Permissions Wizard does a good job of laying out the right permissions (and no more) and hopefully your client can be persuaded to just stick with that.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
jasyoung
Level 7
Level 7

‎06-15-2005 09:50 AM

The Domain Admins group is explicitly prohibited by the default Exchange ACLs from accessing user mailboxes. Therefore, the Unity message store account must not be a member of the Domain Admins group or it will be unable to login to retrieve messages or monitor mailboxes for changes, which is needed for message notification and MWI purposes.

The Unity Permissions Wizard does a good job of laying out the right permissions (and no more) and hopefully your client can be persuaded to just stick with that.

0 Helpful

Go to solution
jones_amy
Level 1
Level 1
In response to jasyoung

‎08-05-2005 06:12 AM

Does the Dir svc account need to be a pard of the domain admin group? I have it setup so that the msg store and the dir svc use the same account. But when I run the permission wizard It failes with 2 failures..I dont see any major issues with unity but I am currently setting up a failover server for this customer and I have the install account in the domain admins group and the msgstore and dir svc account in the domain admin groups...could this be why it is failing...It is saying that the msg store account needs to have rights..

0 Helpful

Go to solution
Hin Lee
Cisco Employee
Cisco Employee
In response to jones_amy

‎08-05-2005 09:19 AM

Permissions Set For the Directory Services Account

Group Membership

The directory services account is added to one of the following groups:

•The Administrators group, when the Cisco Unity server is a domain controller.

•The Local Administrators group, when the Cisco Unity server is not a domain controller.

0 Helpful
Customers Also Viewed These Support Documents