Table Of Contents
Creating Accounts for the Installation and Setting Rights and Permissions
About the Accounts Required for the Cisco Unity Installation
The Account Used to Install Cisco Unity
The Account Used to Access the Cisco Unity Administrator
The Accounts That Cisco Unity Services Log On As
Creating the Accounts
Creating the Accounts When Subscribers Will Be Homed Only in Exchange 2000 or Only in Exchange 5.5, or in Both (Selected Systems Only)
Creating the Accounts When Subscribers Will Be Homed in Both Exchange 2000 and Exchange 5.5 (Selected Systems Only)
Adding the Cisco Unity Administration Account to an Admins Group
Setting Rights and Permissions with the Cisco Unity Permissions Wizard
Running the Cisco Unity Permissions Wizard with an Exchange 2000 Message Store
Running the Cisco Unity Permissions Wizard with an Exchange 5.5 Message Store
Setting Exchange Permissions
Setting Required Exchange Permissions When Subscribers Are Homed Only on Exchange 2000 Servers
Setting Required Exchange Permissions When Subscribers Are Homed Only on Exchange 5.5 Servers
Setting Required Exchange Permissions When Subscribers Are Homed on Both Exchange 2000 and Exchange 5.5 Servers
Creating Accounts for the Installation and Setting Rights and Permissions
In this chapter, you do the following tasks in the order listed:
Note 
Failover: If you are installing the secondary Cisco Unity server now, skip Task 1.
1. Familiarize yourself with the domain accounts you will create in Task 2. See the "About the Accounts Required for the Cisco Unity Installation" section.
Note Failover: If you are installing the secondary Cisco Unity server now, skip Task 2.
2. Create the applicable accounts that are needed to install Cisco Unity. See the "Creating the Accounts" section.
3. If you created a Cisco Unity administration account in Task 2., add the account either to the local Administrators group—when the Cisco Unity server is a member server—or to the Domain Admins group—when the Cisco Unity server is a domain controller. See the "Adding the Cisco Unity Administration Account to an Admins Group" section.
4. Set rights and permissions for the accounts that you created in Task 2. See the "Setting Rights and Permissions with the Cisco Unity Permissions Wizard" section.
Note Failover: If you are installing the secondary Cisco Unity server now, skip Task 5.
5. Set Exchange permissions. See the "Setting Exchange Permissions" section.
When you are finished with this chapter, return to the applicable task list for your platform type to continue installing the Cisco Unity system correctly:
•Task List for Installing Cisco Unity on a Qualified Server
•Task List for Installing Cisco Unity in the Cisco ICS 7750
Note The tasks in the list reference detailed instructions in the Cisco Unity Installation Guide and in other Cisco Unity documentation. Follow the documentation for a successful installation.
About the Accounts Required for the Cisco Unity Installation
This section describes the following domain accounts that are needed for the Cisco Unity installation:
•The Account Used to Install Cisco Unity
•The Account Used to Access the Cisco Unity Administrator
•The Accounts That Cisco Unity Services Log On As
Note The same accounts are required for installing a new Cisco Unity 4.0(x) system and for upgrading from previous versions of Cisco Unity.
The Account Used to Install Cisco Unity
During installation, Cisco Unity creates a number of Cisco Unity objects in Active Directory and in Exchange, so the account with which you log on to Windows to install Cisco Unity must have proper user rights and permissions to perform the necessary operations.
If you are installing more than one Cisco Unity server in a site (including setting up failover), you can use the same account to install Cisco Unity software on all of the servers.
The Account Used to Access the Cisco Unity Administrator
When you install Cisco Unity, you are prompted to choose the Windows domain account that you want to use to access the Cisco Unity Administrator (the website used to perform most administration tasks). During installation, the domain account is automatically associated with a Cisco Unity subscriber whose class of service allows Cisco Unity Administrator access. (Later you can create additional Cisco Unity subscribers who also can access the Cisco Unity Administrator.)
By default, the Cisco Unity administration account is the installation account. If you prefer to use an account other than the installation account to be the first Cisco Unity administration account, create an additional domain account for that purpose.
When the Cisco Unity server is a domain controller, the Cisco Unity administration account must be a member of the Domain Admins group. When the Cisco Unity server is a member server, the Cisco Unity administration account must be a member of the Local Admins group. Procedures later in this chapter explain how to add the account to the applicable group.
The Accounts That Cisco Unity Services Log On As
During Cisco Unity installation, you are prompted to choose two or three domain accounts that Cisco Unity services log on as, depending on which version of Exchange you are using:
•For Exchange 2000, the account that Cisco Unity directory services log on as. These services keep subscriber data in the directory synchronized with subscriber data in the Cisco Unity SQL Server database.
•For Exchange 2000, the account that Cisco Unity message store services log on as. These services allow subscribers to send and receive voice messages by using the telephone user interface.
•For Exchange 5.5, the account that both directory services and message store services log on as.
•For both Exchange 2000 and Exchange 5.5, the account that local services log on as. By default, local Cisco Unity services log on as the Local System account. We recommend that you not change this.
For Exchange 2000, the permissions required by the directory services account conflict with the permissions required by the message store services account, so you must create separate accounts for the two types of services.
Caution If you are using Exchange 2000, the account that Cisco Unity message store services log on as cannot be a member of the Domain Admins group or be an Exchange 2000 administrator.
Creating the Accounts
To create the accounts that are needed for the Cisco Unity installation, see the applicable section, depending on the version of Exchange in which Cisco Unity subscribers are homed:
Some procedures in this section assume that you have access to Active Directory Users and Computers because you installed Exchange 2000 or the Exchange 2000 administration software on the Cisco Unity server, or because the Cisco Unity server is a domain controller.
To create the accounts and set their permissions when Active Directory Users and Computers is not installed on the Cisco Unity server, do one of the following:
•Install Active Directory Users and Computers on the Cisco Unity server. For information, refer to Windows 2000 Server Help.
•In the domain that includes the Cisco Unity server, go to a computer (for example, the domain controller) on which Active Directory Users and Computers is already installed.
Creating the Accounts When Subscribers Will Be Homed Only in Exchange 2000 or Only in Exchange 5.5, or in Both (Selected Systems Only)
Do this section if one of the following conditions is true:
•You are using only Exchange 2000 or Exchange 5.5.
•You are using both Exchange 2000 and Exchange 5.5, and the Active Directory Connector uses a two-way connection agreement between Exchange 2000 and Exchange 5.5.
Otherwise, do the "Creating the Accounts When Subscribers Will Be Homed in Both Exchange 2000 and Exchange 5.5 (Selected Systems Only)" section.
To create domain accounts for Cisco Unity installation, administration, and services
Step 1 On the Cisco Unity server, log on to Windows by using an account that is a member of the Domain Admins group.
Step 2 On the Windows Start menu, click Programs > Microsoft Exchange > Active Directory Users and Computers or click Programs > Administrative Tools > Active Directory Users and Computers.
Step 3 In the left pane, expand the domain, right-click Users or the organizational unit where you want to create the installation account, and click New > User.
Step 4 Follow the on-screen prompts. Creating an Exchange mailbox is optional.
We suggest that you use the following names for the accounts:
Installation
|
UnityInstall
|
Administration
|
UnityAdmin
|
Exchange 2000: Account that Cisco Unity
directory services log on as
|
UnityDirSvc
|
Exchange 2000: Account that Cisco Unity
message store services log on as
|
UnityMsgStoreSvc
|
Exchange 5.5: Account that Cisco Unity
directory and message store services log on as
|
UnitySvc
|
Step 5 Repeat Step 3 and Step 4 to create the Cisco Unity administration account and, depending on which version of Exchange you are using, the one or two accounts that Cisco Unity services log on as.
If Cisco Unity subscribers will be homed in both Exchange 2000 and Exchange 5.5, create separate accounts for directory services and message store services.
Ensure that for the accounts that Cisco Unity services log on as, the password will never expire. If the password expires, Cisco Unity will stop working the next time the server is restarted.
Step 6 Close Active Directory Users and Computers.
Creating the Accounts When Subscribers Will Be Homed in Both Exchange 2000 and Exchange 5.5 (Selected Systems Only)
Do this section if both of the following conditions are true:
•Cisco Unity subscribers will be homed in both Exchange 5.5 and Exchange 2000.
•The Active Directory Connector uses a one-way connection agreement between Exchange 2000 and Exchange 5.5.
If either condition is not true, do the "Creating the Accounts When Subscribers Will Be Homed Only in Exchange 2000 or Only in Exchange 5.5, or in Both (Selected Systems Only)" section.
To create accounts for a system that includes Exchange 2000 and Exchange 5.5 servers
Step 1 Using Exchange 5.5 Administrator, create a mailbox in the Exchange 5.5 directory for the message store services account. You do not need to associate the mailbox with a Windows NT account or an Active Directory account.
We suggest that you use the name UnityMsgStoreSvc. Do not use the following names:
•Unity_<servername>
•Unity Messaging System - <servername>
If there is more than one Cisco Unity server in the Exchange site, create one Exchange 5.5 mailbox for each Cisco Unity server. If you are setting up one or more failover systems, create one mailbox for each pair of failover servers.
The Active Directory Connector replicates the mailbox to Active Directory as a disabled account.
Step 2 After the mailbox replicates to Active Directory, enable the account in Active Directory Users and Computers, change the password, and move it to the Exchange 2000 server to which you want to connect Cisco Unity.
Ensure that the password for the account will never expire. If the password expires, Cisco Unity will stop working the next time the server is restarted.
Step 3 On the Cisco Unity server, double-click the Cisco Unity Tools Depot icon on the desktop.
Step 4 In the left pane of Cisco Unity Tools Depot, expand Administration Tools.
Step 5 Double-click Advanced Settings Tool.
Step 6 In the Unity Settings list, click Exchange 2000/Exchange 5.5 Mixed Messaging Display Name.
Step 7 Change New Value to the display name of the mailbox that you created in Step 1.
Step 8 Click Set.
Step 9 In the Unity Settings list, click Exchange 2000/Exchange 5.5 Mixed Messaging Distinguished Name.
Step 10 Change New Value to the legacyExchangeDn (Exchange 5.5-style distinguished name) of the mailbox that you created in Step 1 (for example, /O=<Org>/OU=<Site>/CN=Recipients/CN=<Alias>).
Step 11 Click Set.
Step 12 If the system is using failover, repeat Steps 6 through 11 on the secondary server.
Step 13 Exit the Advanced Settings Tool, and exit Tools Depot.
Step 14 Create the installation, administration, and directory services accounts. On the Windows Start menu, click Programs > Microsoft Exchange > Active Directory Users and Computers or click Programs > Administrative Tools > Active Directory Users and Computers.
Step 15 In the left pane, expand the domain, right-click Users or the organizational unit where you want to create the installation account, and click New > User.
Step 16 Follow the on-screen prompts to create the installation account.
We suggest that you use the following names:
Installation
|
UnityInstall
|
Administration
|
UnityAdmin
|
Account that Cisco Unity
directory services log on as
|
UnityDirSvc
|
Creating an Exchange mailbox is optional.
Step 17 Repeat Step 15 and Step 16 to create the Cisco Unity administration account and the account that Cisco Unity directory services log on as.
Ensure that for the account that Cisco Unity directory services log on as, the password will never expire. If the password expires, Cisco Unity will stop working the next time the server is restarted.
Step 18 Close Active Directory Users and Computers.
Step 19 Restart the server.
Adding the Cisco Unity Administration Account to an Admins Group
If you created a Cisco Unity administration account in the "Creating the Accounts" section, you must add the account either to the local Administrators group—when the Cisco Unity server is a member server—or to the Domain Admins group—when the Cisco Unity server is a domain controller.
To add the Cisco Unity administration account to the local Administrators group (only when the Cisco Unity server is a member server)
Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Administrative Tools > Computer Management.
Step 2 In the left pane of the Computer Management MMC, expand System Tools > Local Users and Groups.
Step 3 In the left pane, click Groups.
Step 4 In the right pane, double-click Administrators.
Step 5 In the Administrators Properties dialog box, click Add.
Step 6 In the Select Users or Groups dialog box, in the Look In list, click the name of the domain to which the Cisco Unity server belongs.
Step 7 In the top list, double-click the name of the Cisco Unity administration account. The name appears in the bottom list.
Step 8 Click OK to close the Select Users or Groups dialog box.
Step 9 Click OK to close the Administrators Properties dialog box.
Step 10 Close the Computer Management MMC.
To add the Cisco Unity administration account to the Domain Admins group (only when the Cisco Unity server is a domain controller)
Step 1 On the Cisco Unity server, log on to Windows by using an account that is a member of the Domain Admins group.
Step 2 On the Windows Start menu, click Programs > Microsoft Exchange > Active Directory Users and Computers or click Programs > Administrative Tools > Active Directory Users and Computers.
Step 3 In the left pane, expand the domain, and click Users.
Step 4 In the right pane, double-click the name of the Cisco Unity administration account.
Step 5 Click the Member Of tab.
Step 6 Click Add.
Step 7 In the Select Groups dialog box, in the top list, double-click Domain Admins. The name appears in the bottom list.
Step 8 Click OK to close the Select Groups dialog box.
Step 9 Click OK to close the Properties dialog box.
Setting Rights and Permissions with the Cisco Unity Permissions Wizard
This section contains procedures for setting many of the permissions that Cisco Unity requires for:
•The account that you will use to install Cisco Unity.
•For Exchange 2000, the two accounts that Cisco Unity directory and message store services will log on as.
•For Exchange 5.5, the account that both directory and message store services will log on as.
In addition, you must set Exchange-specific permissions (as described in the "Setting Exchange Permissions" section).
If you will be homing Cisco Unity subscribers in both Exchange 2000 and Exchange 5.5, do the procedure for Exchange 2000.
If the system is using failover, you run Permissions wizard on both the primary and secondary servers.
Running the Cisco Unity Permissions Wizard with an Exchange 2000 Message Store
Before you can run the Permissions wizard, the Active Directory schema must have been extended for Cisco Unity, which you should have done when you set up the message store ("Extending the Active Directory Schema for Cisco Unity (Exchange 2000 Only)" section).
Caution The following procedure grants each account the rights to act as a part of the operating system, to log on as a service, and to log on as a batch job, and does so in the local security policy. If a domain security policy is in effect, confirm that the domain security policy does not deny the accounts these rights.
To run the Cisco Unity Permissions wizard with an Exchange 2000 message store
Step 1 Log on to the Cisco Unity server by using an account that:
•Is a member of the Domain Admins group in the domain in which the Cisco Unity server is being installed.
•Is either an Exchange Full Administrator or a member of the Domain Admins group in the domain that contains all of the domains from which you want to import Cisco Unity subscribers.
•Has the right to act as part of the operating system.
Caution If you try to run the Permissions wizard by using an account that has less than the default permissions for a Domain Admin, the wizard may not be able to set all of the permissions required by the installation account and the services accounts. If the Permissions wizard cannot set all of the required permissions, either the Cisco Unity installation will fail or Cisco Unity will not run properly after it has been installed.
Step 2 Insert the Cisco Unity DVD in the DVD drive.
or
Insert Cisco Unity CD 1 in the CD-ROM drive.
Step 3 Browse to the Utilities\PermissionsWizard directory, and run PermissionsWizard.exe.
Step 4 In the Welcome to the Cisco Unity Permissions Wizard, click Microsoft Exchange 2000.
Step 5 Click Next.
Step 6 Click Change, and choose the account that you want to use to install Cisco Unity.
Step 7 Click Next.
Step 8 Click Change, and choose the account that you want Cisco Unity directory services to log on as.
Step 9 Click Next.
Step 10 Click Change, and choose the account that you want Cisco Unity message store services to log on as.
Caution The account that Cisco Unity message store services log on as cannot be a member of the Domain Admins group or be an Exchange 2000 administrator.
Step 11 Click Next.
Step 12 Cisco Unity needs access to one or more Active Directory organizational units to create users (Cisco Unity subscribers) and groups (Cisco Unity distribution lists). Choose the following:
•The domain in which you want new users and groups to be created.
•The organizational unit in which you want users to be created. This is where Cisco Unity example users will be created during Cisco Unity installation.
•The organizational unit in which you want groups to be created.
Step 13 Click Next.
Step 14 Choose the organizational unit where you want Cisco Unity location objects to be created.
Step 15 Click Next.
Step 16 If you do not want to use the Cisco Unity Administrator to create new Active Directory users, contacts, and groups, you may choose to not grant the Cisco Unity directory services account the necessary rights to create each type of Active Directory object.
If you uncheck a check box next to an Active Directory object type, you will not be able to create the associated type of Cisco Unity object by using the Cisco Unity Administrator. You may only import existing objects into Cisco Unity. (For example, if you uncheck the Users check box, you will not be able to create new Cisco Unity subscribers by using the Cisco Unity Administrator. You will only be able to import existing Active Directory users to make them Cisco Unity subscribers.)
Step 17 Click Next.
Step 18 Choose the Active Directory containers from which you want to import users, contacts, and groups to make them Cisco Unity subscribers, contacts, and public distribution lists. Note the following:
•You must choose a container for the domain that includes the Cisco Unity server.
•Choose only one container for each domain. If you will want to import users, contacts, and groups from more than one container in a domain, choose a common parent container that includes all of the containers from which you want to import. If the common parent is the domain itself, choose the domain.
Step 19 Click Next.
Step 20 If you are using the Cisco Unity Bridge to allow Cisco Unity to exchange voice messages with other voice messaging systems that support Octel Analog Networking, check the Cisco Unity Will Use Cisco Unity Bridge check box.
Step 21 If you are using the Cisco Unity Bridge, choose the Active Directory organizational unit in which you want Bridge contacts to be created.
Step 22 Click Next.
Step 23 A summary appears that lists the permissions that will be granted to each account. The information listed includes user rights, Active Directory rights, and membership in groups.
Click Next to grant the listed permissions. The Permissions wizard may take a few minutes to grant permissions.
Step 24 If the Permissions wizard failed to grant one or more permissions, an error message appears that lists the number of permissions it was not able to grant. Click OK.
Step 25 To display a report listing the operations that succeeded and those that failed, if any, click View Detailed Results.
In some cases, individual rights may be combined into a single entry. For example, the rights to read properties, write properties, list contents, read permissions, and modify permissions applied onto Group objects are all included in the single entry "SUCCEEDED granting Group read/modify rights."
Step 26 If one or more permissions could not be granted, fix the problems, and run the Permissions wizard again.
Caution If the Permissions wizard failed to set any permissions, either the Cisco Unity installation will fail or Cisco Unity will not run properly after it has been installed. You must successfully run the Permissions wizard before you can continue installing Cisco Unity.
Caution An Active Directory right being granted by the Permissions wizard may conflict with an existing right on an Active Directory container. (For example, an account may be denied the right to create user objects in one of the containers selected during the Permissions wizard.) The log file will explain that a conflict has been found, but the Permissions wizard will not resolve the conflict. You must resolve the conflict and then rerun the Permissions wizard.
Step 27 Click Finish.
Step 28 If the account that you logged on with in Step 1 is also the account that you want to use to install Cisco Unity (the account that you selected in Step 6), log off Windows and log back on so the permissions set by the Permissions wizard will take effect.
Running the Cisco Unity Permissions Wizard with an Exchange 5.5 Message Store
Caution The following procedure grants each account the rights to act as a part of the operating system, to log on as a service, and to log on as a batch job, and does so in the local security policy. If a domain security policy is in effect, confirm that the domain security policy does not deny the accounts these rights.
To run the Cisco Unity Permissions wizard with an Exchange 5.5 message store
Step 1 Log on to the Cisco Unity server by using an account that is a member of the Domain Admins group and that has the right to act as part of the operating system.
Caution If you try to run the Permissions wizard by using an account that has less than the default permissions for a Domain Admin, the wizard may not be able to set all of the permissions required by the installation account and the services accounts. If the Permissions wizard cannot set all of the required permissions, either the Cisco Unity installation will fail or Cisco Unity will not run properly after it has been installed.
Step 2 Insert the Cisco Unity DVD in the DVD drive.
or
Insert Cisco Unity CD 1 in the CD-ROM drive.
Step 3 Browse to the Utilities\PermissionsWizard directory, and run PermissionsWizard.exe.
Step 4 In the Welcome to the Cisco Unity Permissions Wizard, click Microsoft Exchange 5.5.
Step 5 Click Next.
Step 6 Click Change, and choose the account that you want to use to install Cisco Unity.
Step 7 Click Next.
Step 8 Click Change, and choose the account that you want Cisco Unity directory and message store services to log on as.
Step 9 Click Next.
Step 10 A summary appears that lists the permissions that will be granted to each account, including user rights and membership in groups.
Click Next to grant the listed permissions. The Permissions wizard may take a few minutes to grant permissions.
Step 11 If the Permissions wizard failed to grant one or more permissions, an error message appears that lists the number of permissions it was not able to grant. Click OK.
Step 12 To display a report listing the operations that succeeded and those that failed, if any, click View Detailed Results.
Step 13 If one or more permissions could not be granted, fix the problems, and run the Permissions wizard again.
Caution If the Permissions wizard failed to set any permissions, either the Cisco Unity installation will fail or Cisco Unity will not run properly after it has been installed. You must successfully run the Permissions wizard before you can continue installing Cisco Unity.
Step 14 Click Finish.
Step 15 If the account that you logged on with in Step 1 is also the account that you want to use to install Cisco Unity (the account that you selected in Step 6), log off Windows and log back on so the permissions set by Permissions wizard will take effect.
Setting Exchange Permissions
In general, the Cisco Unity Permissions wizard does not set Exchange permissions, so they must be set manually. (If you are using Exchange 2000, with or without Exchange 5.5, the Permissions wizard does add the message store services account to the Exchange Domain Servers group.)
The Exchange permissions that you set for the Cisco Unity installation and services accounts depend on whether Cisco Unity subscribers are homed on Exchange 2000, Exchange 5.5, or both. See Table 7-1 for a list of the permissions that must be set for each configuration.
Do the procedures in the applicable section:
•Setting Required Exchange Permissions When Subscribers Are Homed Only on Exchange 2000 Servers
•Setting Required Exchange Permissions When Subscribers Are Homed Only on Exchange 5.5 Servers
•Setting Required Exchange Permissions When Subscribers Are Homed on Both Exchange 2000 and Exchange 5.5 Servers
If the system is using failover, set Exchange permissions only on the primary server.
Table 7-1 Required Exchange Permissions
Where Cisco Unity Subscribers Are Homed
|
Permissions
|
Exchange 2000
servers only
|
Installation account: Exchange Full Administrator.
Cisco Unity directory services account: Exchange Full Administrator if you want to create Cisco Unity subscribers by using the Cisco Unity Administrator. Exchange View Only Administrator if you want to create Cisco Unity subscribers only by importing accounts from Active Directory.
Cisco Unity message store services account: Member of the Exchange Domain Servers group (set by the Permissions wizard).
Cisco Unity server: Member of the Exchange Domain Servers group (only if Exchange is not installed on the Cisco Unity server).
|
Exchange 5.5
servers only
|
Installation account: Services Account Administration.
Cisco Unity directory and message store services account: Services Account Administration.
|
Both Exchange 2000
and Exchange 5.5 servers
|
Installation account: Exchange Full Administrator.
Cisco Unity directory services account: Exchange Full Administrator if you want to create Cisco Unity subscribers by using the Cisco Unity Administrator. Exchange View Only Administrator if you want to create Cisco Unity subscribers only by importing accounts from Active Directory.
Exchange Domain Servers group for the Exchange 5.5 site and Configuration container: Services Account Administration.
Cisco Unity message store services account: Member of the Exchange Domain Servers group (set by the Permissions wizard).
Cisco Unity server: Member of the Exchange Domain Servers group.
|
Setting Required Exchange Permissions When Subscribers Are Homed Only on Exchange 2000 Servers
This section contains two procedures. Do the first procedure for all installations. Do the second procedure only when Exchange is not installed on the Cisco Unity server.
Do the following procedure for the installation account first, then for the directory services account.
To grant Exchange permissions to the installation and directory services accounts
Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > System Manager.
Step 2 In the left pane of the Exchange System Manager MMC, right-click the organization name at the top of the tree control, and click Delegate Control.
Step 3 In the Welcome to the Exchange Administration Delegation Wizard, click Next.
Step 4 In the Users or Groups dialog box, click Add.
Step 5 In the Delegate Control dialog box, click Browse.
Step 6 In the Select Users, Computers, or Groups dialog box, in the Look In list, click the name of the domain to which the Cisco Unity server belongs.
Step 7 The first time you do the procedure, in the list of users, computers, and groups, double-click the name of the installation account.
The second time you do the procedure, in the list of users, computers, and groups, double-click the name of the Cisco Unity directory services account.
The Delegate Control dialog box reappears. The account you selected appears in the Group (Recommended) or User box.
Step 8 When you do the procedure for the installation account, in the Role list, click Exchange Full Administrator.
When you repeat the procedure for the Cisco Unity directory services account, in the Role list, click the applicable option:
Exchange Full
Administrator
|
If you want to create Cisco Unity subscribers by using the Cisco Unity Administrator.
|
Exchange View
Only Administrator
|
If you do not want to create Cisco Unity subscribers by using the Cisco Unity Administrator (meaning that you will create Cisco Unity subscribers only by importing accounts from Active Directory).
|
Step 9 Click OK to close the Delegate Control dialog box.
Step 10 Repeat Steps 4 through 9 for the Cisco Unity directory services account.
Step 11 Click Next.
Step 12 Click Finish.
Step 13 Close the Exchange System Manager MMC.
Do the following procedure only when Exchange is not installed on the Cisco Unity server. You add the Cisco Unity server to the Exchange Domain Servers group in the domain in which the server is being installed to give the server permission to act as an Exchange server. (When Exchange is installed on the Cisco Unity server, the server is already a member of the Exchange Domain Servers group.)
To add the Cisco Unity server to the Exchange Domain Servers group
Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > Active Directory Users and Computers.
Step 2 In the left pane, click Computers.
Step 3 In the right pane, right-click the Cisco Unity server, and click Properties.
Step 4 In the Properties dialog box, click the Member Of tab.
Step 5 Click Add.
Step 6 In the Select Groups dialog box, in the top list, double-click Exchange Domain Servers. Exchange Domain Servers appears in the bottom list.
Step 7 Click OK to close the Select Groups dialog box.
Step 8 Click OK to close the Properties dialog box.
Step 9 Close Active Directory Users and Computers.
Setting Required Exchange Permissions When Subscribers Are Homed Only on Exchange 5.5 Servers
Do the following procedure for the installation account first, then for the account that directory and message store services log on as.
To grant Services Account Administration permissions to the installation and Cisco Unity directory and message store services accounts
Step 1 Log on to an Exchange server in the site that the Cisco Unity server will be joining by using an Exchange Services Account Administration account.
Step 2 On the Windows Start menu, click Programs > Microsoft Exchange > Microsoft Exchange Administrator.
Step 3 In the tree, click the site name.
Step 4 On the File menu, click Properties.
Step 5 Click the Permissions tab.
Step 6 Click Add.
Step 7 Under List Names From, click the Cisco Unity server domain.
Step 8 The first time you do the procedure, select the installation account from the list of names.
The second time you do the procedure, select the account that Cisco Unity directory and message store services log on as.
Step 9 Click Add.
Step 10 Click OK to close the Add Users and Groups dialog box.
Step 11 Under Roles, click Service Account Admin.
Step 12 Click OK to close the Properties dialog box.
Step 13 In the left pane, under the name of the site, click Configuration.
Step 14 On the File menu, click Properties.
Step 15 Click the Permissions tab.
Step 16 Click Add.
Step 17 Under List Names From, click the Cisco Unity server domain.
Step 18 In the list of names, select the installation account or the Cisco Unity directory and message store services account.
Step 19 Click Add.
Step 20 Click OK to close the Add Users and Groups dialog box.
Step 21 Under Roles, click Service Account Admin.
Step 22 Click OK to close the Properties dialog box.
Step 23 Repeat Steps 3 through 22 for the account that Cisco Unity directory and message store services log on as.
Setting Required Exchange Permissions When Subscribers Are Homed on Both Exchange 2000 and Exchange 5.5 Servers
When both Exchange 2000 and Exchange 5.5 users will be Cisco Unity subscribers, do the following three procedures in the order listed.
Caution If you want to home Cisco Unity subscribers both in Exchange 2000 and in Exchange 5.5, the Exchange 2000 servers must be joined to the Exchange 5.5 site by establishing connection agreements using the Microsoft Active Directory connector.
Do the following procedure for the installation account first, then for the directory services account.
To grant Exchange permissions to the installation and Cisco Unity directory services accounts
Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > System Manager.
Step 2 In the left pane of the Exchange System Manager MMC, right-click the organization name at the top of the tree control, and click Delegate Control.
Step 3 In the Welcome to the Exchange Administration Delegation Wizard, click Next.
Step 4 In the Users or Groups dialog box, click Add.
Step 5 In the Delegate Control dialog box, click Browse.
Step 6 In the Select Users, Computers, or Groups dialog box, in the Look In list, click the name of the domain to which the Cisco Unity server belongs.
Step 7 The first time you do the procedure, in the list of users, computers, and groups, double-click the name of the installation account.
The second time you do the procedure, in the list of users, computers, and groups, double-click the name of the Cisco Unity directory services account.
The Delegate Control dialog box reappears. The account you selected appears in the Group (Recommended) or User box.
Step 8 When you do the procedure for the installation account, in the Role list, click Exchange Full Administrator.
When you repeat the procedure for the Cisco Unity directory services account, in the Role list, click the applicable option:
Exchange Full
Administrator
|
If you want to create Cisco Unity subscribers by using the Cisco Unity Administrator.
|
Exchange View
Only Administrator
|
If you do not want to create Cisco Unity subscribers by using the Cisco Unity Administrator (meaning that you will create Cisco Unity subscribers only by importing accounts from Active Directory).
|
Step 9 Click OK to close the Delegate Control dialog box.
Step 10 Click Next.
Step 11 Click Finish.
Step 12 Repeat Steps 2 through 11 for the Cisco Unity directory services account.
Step 13 Close the Exchange System Manager MMC.
To grant Services Account Administration permissions to the Exchange Domain Servers group for the Exchange 5.5 site and Configuration container
Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > Microsoft Exchange Administrator.
Step 2 In the left pane, click the name of the site.
Step 3 On the Microsoft Exchange Administrator menu, click File > Properties.
Step 4 Click the Permissions tab.
Step 5 Click Add.
Step 6 In the Add Users and Groups dialog box, in the List Names From list, click the name of the domain that the Cisco Unity server is in.
Step 7 In the top list, double-click Exchange Domain Servers. Exchange Domain Servers appears in the bottom list.
Step 8 Click OK to close the Add Users and Groups dialog box.
Step 9 In the Properties dialog box, click Exchange Domain Servers.
Step 10 In the Roles list, click Service Account Admin.
Step 11 Click OK to close the Properties dialog box.
Step 12 In the left pane, under the name of the site, click Configuration.
Step 13 Repeat Steps 3 through 11 for the Configuration container.
Step 14 Close Microsoft Exchange Administrator.
You add the Cisco Unity server to the Exchange Domain Servers group in the domain in which the server is being installed to give the server permission to act as an Exchange server. (If Exchange is installed on the Cisco Unity server, the server is already a member of the Exchange Domain Servers group.)
To add the Cisco Unity server to the Exchange Domain Servers group
Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > Active Directory Users and Computers.
Step 2 In the left pane, click Computers.
Step 3 In the right pane, right-click the Cisco Unity server, and click Properties.
Step 4 In the Properties dialog box, click the Member Of tab.
Step 5 Click Add.
Step 6 In the Select Groups dialog box, in the top list, double-click Exchange Domain Servers. Exchange Domain Servers appears in the bottom list.
Step 7 Click OK to close the Select Groups dialog box.
Step 8 Click OK to close the Properties dialog box.
Step 9 Close Active Directory Users and Computers.
Feedback
