Setting Exchange Permissions

In general, Permissions Wizard does not set Exchange permissions, which must be set manually. (If you are using Exchange 2000, with or without Exchange 5.5, Permissions Wizard does add the message store services account to the Exchange Domain Servers group.)

The Exchange permissions that you set for the Cisco Unity installation and services accounts depend on whether Cisco Unity subscribers are homed on Exchange 2000, Exchange 5.5, or both. See the following table for a list of the permissions that must be set for each configuration.

Do the procedures in the applicable section:

• Exchange Permissions Required If Subscribers Are Homed Only on Exchange 2000 Servers
• Exchange Permissions Required If Subscribers Are Homed Only on Exchange 5.5 Servers
• Exchange Permissions Required If Subscribers Are Homed on Both Exchange 2000 and Exchange 5.5 Servers

If you are setting up failover, set Exchange permissions only on the primary server.

Exchange Permissions Required

Where Cisco Unity Subscribers Are Homed	Permissions
Exchange 2000 servers only	Installation account: Exchange Full Administrator Cisco Unity directory services account: Exchange Full Administrator if you want to create Cisco Unity subscribers by using the Cisco Unity Administrator. Exchange View Only Administrator if you want to create Cisco Unity subscribers only by importing accounts from Active Directory. Cisco Unity message store services account: Member of the Exchange Domain Servers group (set by Permissions Wizard) Cisco Unity server: Member of the Exchange Domain Servers group (only if Exchange is not installed on the Cisco Unity server)
Exchange 5.5 servers only	Installation account: Services Account Administration Cisco Unity directory and message store services account: Services Account Administration
Both Exchange 2000 and Exchange 5.5 servers	Installation account: Exchange Full Administrator Cisco Unity directory services account: Exchange Full Administrator if you want to create Cisco Unity subscribers by using the Cisco Unity Administrator. Exchange View Only Administrator if you want to create Cisco Unity subscribers only by importing accounts from Active Directory. Exchange Domain Servers group for the Exchange 5.5 site and Configuration container: Services Account Administration Cisco Unity message store services account: Member of the Exchange Domain Servers group (set by Permissions Wizard) Cisco Unity server: Member of the Exchange Domain Servers group

Exchange Permissions Required If Subscribers Are Homed Only on Exchange 2000 Servers

Do the procedure for the installation account first, then for the directory services account.

To grant Exchange permissions to the installation and directory services accounts

1. On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > System Manager.
2. In the left pane of the Exchange System Manager MMC, right-click the organization name at the top of the tree control, and click Delegate Control.
3. In the Welcome to the Exchange Administration Delegation Wizard, click Next.
4. In the Users or Groups dialog box, click Add.
5. In the Delegate Control dialog box, click Browse.
6. In the Select Users, Computers, or Groups dialog box, in the Look In list, click the name of the domain to which the Cisco Unity server belongs.
7. In the list of users, computers, and groups, double-click the name of the installation or the Cisco Unity directory services account, and the Delegate Control dialog box reappears. The account you selected appears in the Group (Recommended) or User box.
8. When you do this procedure for the installation account, in the Role list, click Exchange Full Administrator.

When you repeat this procedure for the Cisco Unity directory services account, in the Role list, click the applicable option:

Exchange Full Administrator	If you want to create Cisco Unity subscribers by using the Cisco Unity Administrator.
Exchange View Only Administrator	If you do not want to create Cisco Unity subscribers by using the Cisco Unity Administrator (meaning that you will create Cisco Unity subscribers only by importing accounts from Active Directory).

9. Click OK to close the Delegate Control dialog box.
10. Repeat Steps 4 through 9 for the Cisco Unity directory services account.
11. Click Next.
12. Click Finish.
13. Close the Exchange System Manager MMC.

Do the following procedure only when Exchange is not installed on the Cisco Unity server. You add the Cisco Unity server to the Exchange Domain Servers group in the domain in which the server is being installed to give the server permission to act as an Exchange server. (When Exchange is installed on the Cisco Unity server, the server is already a member of the Exchange Domain Servers group.)

To add the Cisco Unity server to the Exchange Domain Servers group

1. On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > Active Directory Users and Computers.
2. In the left pane, click Computers.
3. In the right pane, right-click the Cisco Unity server, and click Properties.
4. In the Properties dialog box, click the Member Of tab.
5. Click Add.
6. In the Select Groups dialog box, in the top list, double-click Exchange Domain Servers. Exchange Domain Servers appears in the bottom list.
7. Click OK to close the Select Groups dialog box.
8. Click OK to close the Properties dialog box.
9. Close Active Directory Users and Computers.

Exchange Permissions Required If Subscribers Are Homed Only on Exchange 5.5 Servers

Do the procedure for the installation account first, then for the account that owns directory and message store services.

To grant Services Account Administration permissions to the installation and Cisco Unity directory and message store services accounts

1. Log on to an Exchange server in the site that the Cisco Unity server will be joining by using an Exchange Services Account Administration account.
2. On the Windows Start menu, click Programs > Microsoft Exchange > Microsoft Exchange Administrator.
3. In the tree, click the site name.
4. On the File menu, click Properties.
5. Click the Permissions tab.
6. Click Add.
7. Under List Names From, click the Cisco Unity server domain.
8. The first time you do the procedure, select the installation account from the list of names.

The second time you do the procedure, select the account that owns Cisco Unity directory and message store services.

9. Click Add.
10. Click OK to close the Add Users and Groups dialog box.
11. Under Roles, click Services Account Admin.
12. Click OK to close the Properties dialog box.
13. In the left pane, under the name of the site, click Configuration.
14. On the File menu, click Properties.
15. Click the Permissions tab.
16. Click Add.
17. Under List Names From, click the Cisco Unity server domain.
18. In the list of names, select the installation account or the Cisco Unity directory and message store services account.
19. Click Add.
20. Click OK to close the Add Users and Groups dialog box.
21. Under Roles, click Services Account Admin.
22. Click OK to close the Properties dialog box.
23. Repeat Steps 3 through 22 for the Cisco Unity account that owns directory and message store services.

Exchange Permissions Required If Subscribers Are Homed on Both Exchange 2000 and Exchange 5.5 Servers

If both Exchange 2000 and Exchange 5.5 users will be Cisco Unity subscribers, do the following two procedures.

Caution! If you want to home Cisco Unity subscribers both in Exchange 2000 and in Exchange 5.5, the Exchange 2000 servers must be joined to the Exchange 5.5 site by establishing connection agreements using the Microsoft Active Directory connector.

Do the following procedure for the installation account first, then for the directory services account.

To grant Exchange permissions to the installation and Cisco Unity directory services accounts

1. On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > System Manager.
2. In the left pane of the Exchange System Manager MMC, right-click the organization name at the top of the tree control, and click Delegate Control.
3. In the Welcome to the Exchange Administration Delegation Wizard, click Next.
4. In the Users or Groups dialog box, click Add.
5. In the Delegate Control dialog box, click Browse.
6. In the Select Users, Computers, or Groups dialog box, in the Look In list, click the name of the domain to which the Cisco Unity server belongs.
7. In the list of users, computers, and groups, double-click the name of the installation or Cisco Unity directory services account, and the Delegate Control dialog box reappears. The account you selected appears in the Group (Recommended) or User box.
8. When you do this procedure for the installation account, in the Role list, click Exchange Full Administrator.

When you repeat this procedure for the Cisco Unity directory services account, in the Role list, click the applicable option:

Exchange Full Administrator	If you want to create Cisco Unity subscribers by using the Cisco Unity Administrator.
Exchange View Only Administrator	If you do not want to create Cisco Unity subscribers by using the Cisco Unity Administrator (meaning that you will create Cisco Unity subscribers only by importing accounts from Active Directory).

9. Click OK to close the Delegate Control dialog box.
10. Click Next.
11. Click Finish.
12. Repeat Steps 2 through 11 for the Cisco Unity directory services account.
13. Close the Exchange System Manager MMC.

To grant Services Account Administration permissions to the Exchange Domain Servers group for the Exchange 5.5 site and Configuration container

1. On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > Microsoft Exchange Administrator.
2. In the left pane, click the name of the site.
3. On the Microsoft Exchange Administrator menu, click File > Properties.
4. Click the Permissions tab.
5. Click Add.
6. In the Add Users and Groups dialog box, in the List Names From list, click the name of the domain that the Cisco Unity server is in.
7. In the top list, double-click Exchange Domain Servers. Exchange Domain Servers appears in the bottom list.
8. Click OK to close the Add Users and Groups dialog box.
9. In the Properties dialog box, click Exchange Domain Servers.
10. In the Roles list, click Services Account Admin.
11. Click OK to close the Properties dialog box.
12. In the left pane, under the name of the site, click Configuration.
13. Repeat Steps 3 through 11 for the Configuration container.
14. Close Microsoft Exchange Administrator.

You add the Cisco Unity server to the Exchange Domain Servers group in the domain in which the server is being installed to give the server permission to act as an Exchange server. (When Exchange is installed on the Cisco Unity server, the server is already a member of the Exchange Domain Servers group.)

To add the Cisco Unity server to the Exchange Domain Servers group

10. On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > Active Directory Users and Computers.
11. In the left pane, click Computers.
12. In the right pane, right-click the Cisco Unity server, and click Properties.
13. In the Properties dialog box, click the Member Of tab.
14. Click Add.
15. In the Select Groups dialog box, in the top list, double-click Exchange Domain Servers. Exchange Domain Servers appears in the bottom list.
16. Click OK to close the Select Groups dialog box.
17. Click OK to close the Properties dialog box.
18. Close Active Directory Users and Computers.

Revision History

1.0.0 – Initial version.

© 2002 Cisco Systems, Inc. -- Company Confidential