10-09-2007 10:09 PM - edited 03-18-2019 07:56 PM
Hi all,
I have a question with Unity and multiple domain users. I have a customer that runs 2 domains and both domain use the same EXCH message store. BTW, is this even possible? I am a new bird for exch, so please bear with me.
Long store short, if Unity joins into one domain and some of the usres are in another domain, can Unity still talk to that domain? What is required to get this kind of envirnment working? If I do mail forward, I think the MWI doesn't work, right?
Any input is appreciated.
10-10-2007 05:04 AM
Are the 2 domains part of the same AD tree or forest?
What version of AD, Exchange and Unity are you using?
10-10-2007 08:42 AM
Under Exchange admin sw-> Add user/computer, I can't see those users under the main tree. So I guess they are not part of the same domain forest. I need to confirm though.
I am running AD2003, EXCH 2003 with Unity 5.0 UM.
Thanks,
10-10-2007 01:44 PM
Hi,
From your description, it sounds like they are are in the same AD forest. To confirm, do the following:
1. Open up Active Directory Users and Computers.
2. Right-click on the container at the very top of the tree in the left pane, and select "Connect to Domain."
3. In the Connect to Domain dialog box, click the "Browse" button and see if the other domain is listed there. If so, you're in the same AD forest.
Nancy
10-10-2007 01:47 PM
So I am guessing if they are in the same AD forest then I am good then, right?
Even though users are in different domain, as long as they share the same EXCH msg storage, and they are in the same AD forest tree, Unity will be able to handle that????
Can you confirm,please? And I will try your suggestion to verify.
Thanks,
10-10-2007 02:00 PM
Hi,
Yes, the users can be in different domains or homed on different Exchange servers, but as long as they are all in the same AD forest Unity is fine.
We've got a ton of documentation, and it must seem overwhelming when you aren't familiar with AD and Exchange. But here's the link so you can start exploring:
http://www.cisco.com/en/US/products/sw/voicesw/ps2237/tsd_products_support_series_home.html
Good luck!
Nancy
10-18-2007 08:20 AM
Hi Nancy,
I tried it and I can see the domains that I want. So we are in the same forest tree. Matter of fact, the 2nd domain that I want to add is just a child domain of the main domain. So say Unity is in abc.com, and I want to add users from prefix.abc.com
When I ran permission wizard, I added permission to abc.com only. Now when I tried to add those users in prefix.abc.com, it gave me an error saying"unrecognized error...E_accessdenied". I had this problem before in my abc.com and I fixed it by enabling inheritable permission from parent. However, now I can't because the check box is greyed out which I think the accounts that I am using Unityadmin, doesn't have the previledge to change, right?
What should I do now? Should I run permission wizard to that perfix.abc.com or should look into permission for Unityadmin account on prefix.abc.com domain? BTW, is it even possible to enable an account in another domain to be domain admin account? Doesn't sound logical.
Thanks,
11-07-2007 08:42 AM
I've got the same problem with a customer of mine. Exact same scenario, multiple domains, same forrest. I get the same E_ACCESSDENIED error message when attempting to import subscribers. There's an event log entry that corresponds:
Event Type: Error
Event Source: CiscoUnity_DSAD
Event Category: Error
Event ID: 1046
Date: 11/7/2007
Time: 9:37:19 AM
User: N/A
Computer: UNITY01
Description:
The Cisco Unity service that monitors Active Directory (AvDSAD) failed to modify object.
Type: AVOBJECTTYPE_MAILUSER
Name: CN=Doe\, John,OU=BT,OU=Users,OU=Somewhere,DC=hst,DC=company,DC=net
Reason: ERROR_ACCESS_DENIED: Access is denied.
Domain Controller: hstdc01.hst.company.net
Possible causes include: 1) Network connectivity to the Domain Controller. 2) Insufficient rights for The Cisco Unity service that monitors Active Directory (AvDSAD) account.
Ensure that The Cisco Unity service that monitors Active Directory (AvDSAD) can contact the Domain Controller and has sufficient rights to modify objects. If the problem persists, enable all the micro traces for The Cisco Unity service that monitors Active Directory (AvDSAD) in the Unity Diagnostic Tool. Report the problem to Cisco TAC and include the diagnostic log.
For more information, click: http://www.CiscoUnitySupport.com/find.php
I'm guessing that the problem surrounds the lack of Domain Admin privileges in the second domain. Any thoughts?
Thanks,
Matt
11-07-2007 11:17 AM
Hi,
I think you need to re-run Permissions Wizard and select that domain\OU as a container that you will be importing and/or creating subscribers in.
Nancy
11-07-2007 11:24 AM
So basically I need to run permission wizard and select the main domain and child domain as a container at the root level so all the containers below the root level will have the proper Unity previllege set?
Thx
11-07-2007 11:52 AM
Hey,
I asked our Permissions Wizard wiz kid to take a look at your question, and she replied:
I'd probably tell him to do this just to cover all of the bases:
1) login to the Unity server in question as the root domain administrator
2) download latest applicable PW version from www.ciscounitytools.com
3) run PW as the root domain admin and select each of the Ous that contain/will contain AD account of Unity subs.
4) ensure you know what you need as far as either import only vs. create and select appropriate options
5) restart Unity (for the service accounts to get their new credentials from AD)
6) log off of Unity as root admin and back on as whatever the UnityAdmin account is
7) confirm ability to do whatever he needs to do w/out errors being generated
8) if there are other errors, ensure that in ADUC, the "inherit permissions" checkbox is checked on the Ous that have Unity subs in them.
That should solve it all.....
----
Nancy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide