Cisco Unity Permissions Wizard

Setting Exchange Permissions

In general, Permissions Wizard does not set Exchange permissions, which must be set manually. (If subscribers will be homed in Exchange 2003 and/or Exchange 2000, with or without Exchange 5.5, Permissions Wizard does grant Send-As, Receive-As, and Administer Information Store permissions on the Exchange 2003 and/or Exchange 2000 mailstores that are selected in Permissions wizard.)

The Exchange permissions that you set for the Cisco Unity installation and services accounts depend on the version(s) of Exchange in which Cisco Unity subscribers will be homed. See the following table for a list of the permissions that must be set for each configuration.

Do the procedures in the applicable section:

*          Setting the Required Exchange Permissions When Subscribers Are Homed Only in Exchange 2003 and/or Exchange 2000

*          Setting the Required Exchange Permissions When Subscribers Are Homed Only in Exchange 5.5

*          Exchange Permissions Required When Subscribers Are Homed in Exchange 2003 and/or Exchange 2000, and Also in Exchange 5.5

If you are setting up failover, set Exchange permissions only on the primary server.

Exchange Permissions Required

Where Cisco Unity Subscribers Are Homed

Permissions

Exchange 2003 and/or Exchange 2000 only

Installation account: Exchange Administrator

Cisco Unity directory services account: Exchange Administrator if you want to create Cisco Unity subscribers by using the Cisco Unity Administrator. Exchange View Only Administrator if you want to create Cisco Unity subscribers only by importing accounts from Active Directory.

Cisco Unity message store services account: Send-As, Receive-As, and Administer Information Store permissions on the Exchange 2003 and/or Exchange 2000 mailstores that are selected in Permissions wizard (set by the Permissions wizard).

Exchange 5.5 only

Installation account: Service Account Administration

Cisco Unity directory and message store services account: Service Account Administration

Exchange 2003 and/or Exchange 2000 and also Exchange 5.5

Installation account: Exchange Administrator

Cisco Unity directory services account:

*          Exchange Administrator if you want to create Cisco Unity subscribers by using the Cisco Unity Administrator. Exchange View Only Administrator if you want to create Cisco Unity subscribers only by importing accounts from Active Directory.

*          Service Account Administration

Cisco Unity message store services account:

*          Send-As, Receive-As, and Administer Information Store permissions on the Exchange 2003 and/or Exchange 2000 mailstores that are selected in Permissions wizard (set by the Permissions wizard).

*          Service Account Administration

Setting the Required Exchange Permissions When Subscribers Are Homed Only in Exchange 2003 and/or Exchange 2000

Do the procedure for the installation account first, then for the directory services account.

To grant Exchange permissions to the installation and directory services accounts

  1. On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > System Manager.
  2. In the left pane of the Exchange System Manager MMC, right-click the organization name at the top of the tree control, and click Delegate Control.
  3. In the Welcome to the Exchange Administration Delegation Wizard, click Next.
  4. In the Users or Groups dialog box, click Add.
  5. In the Delegate Control dialog box, click Browse.
  6. In the Select Users, Computers, or Groups dialog box, in the Look In list, click the name of the domain to which the Cisco Unity server belongs.
  7. In the list of users, computers, and groups, double-click the name of the installation or the Cisco Unity directory services account, and the Delegate Control dialog box reappears. The account you selected appears in the Group (Recommended) or User box.
  8. When you do this procedure for the installation account, in the Role list, click Exchange Administrator.

When you repeat this procedure for the Cisco Unity directory services account, in the Role list, click the applicable option:

Exchange Administrator

If you want to create Cisco Unity subscribers by using the Cisco Unity Administrator.

Exchange View Only Administrator

If you do not want to create Cisco Unity subscribers by using the Cisco Unity Administrator (meaning that you will create Cisco Unity subscribers only by importing accounts from Active Directory).

  1. Click OK to close the Delegate Control dialog box.
  2. Repeat Steps 4 through 9 for the Cisco Unity directory services account.
  3. Click Next.
  4. Click Finish.
  5. Close the Exchange System Manager MMC.

Exchange Permissions Required When Subscribers Are Homed Only in Exchange 5.5

Do the procedure for the installation account first, then for the account that owns directory and message store services.

To grant Service Account Administration permissions to the installation and Cisco Unity directory and message store services accounts

  1. Log on to an Exchange server in the site that the Cisco Unity server will be joining by using an Exchange Service Account Administration account.
  2. On the Windows Start menu, click Programs > Microsoft Exchange > Microsoft Exchange Administrator.
  3. In the tree, click the site name.
  4. On the File menu, click Properties.
  5. Click the Permissions tab.
  6. Click Add.
  7. Under List Names From, click the Cisco Unity server domain.
  8. The first time you do the procedure, select the installation account from the list of names.

The second time you do the procedure, select the account that owns Cisco Unity directory and message store services.

  1. Click Add.
  2. Click OK to close the Add Users and Groups dialog box.
  3. Under Roles, click Service Account Admin.
  4. Click OK to close the Properties dialog box.
  5. In the left pane, under the name of the site, click Configuration.
  6. On the File menu, click Properties.
  7. Click the Permissions tab.
  8. Click Add.
  9. Under List Names From, click the Cisco Unity server domain.
  10. In the list of names, select the installation account or the Cisco Unity directory and message store services account.
  11. Click Add.
  12. Click OK to close the Add Users and Groups dialog box.
  13. Under Roles, click Service Account Admin.
  14. Click OK to close the Properties dialog box.
  15. Repeat Steps 3 through 22 for the Cisco Unity account that owns directory and message store services.

Setting the Required Exchange Permissions When Subscribers Are Homed in Exchange 2003 and/or Exchange 2000, and Also in Exchange 5.5

When Cisco Unity subscribers will be homed in Exchange 2003 and/or Exchange 2000, and will also be homed in Exchange 5.5, do the following two procedures.

Caution! If you want to home Cisco Unity subscribers in Exchange 2003 and/or Exchange 2000 and also in Exchange 5.5, the Active Directory Connector must be installed, and there must be either a two-way connection agreement, or a one-way connection agreement that replicates data from Exchange 5.5 to Active Directory.

Do the following procedure for the installation account first, then for the directory services account.

To grant Exchange permissions to the installation and Cisco Unity directory services accounts

  1. On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > System Manager.
  2. In the left pane of the Exchange System Manager MMC, right-click the organization name at the top of the tree control, and click Delegate Control.
  3. In the Welcome to the Exchange Administration Delegation Wizard, click Next.
  4. In the Users or Groups dialog box, click Add.
  5. In the Delegate Control dialog box, click Browse.
  6. In the Select Users, Computers, or Groups dialog box, in the Look In list, click the name of the domain to which the Cisco Unity server belongs.
  7. In the list of users, computers, and groups, double-click the name of the installation or Cisco Unity directory services account, and the Delegate Control dialog box reappears. The account you selected appears in the Group (Recommended) or User box.
  8. When you do this procedure for the installation account, in the Role list, click Exchange Administrator.

When you repeat this procedure for the Cisco Unity directory services account, in the Role list, click the applicable option:

Exchange Administrator

If you want to create Cisco Unity subscribers by using the Cisco Unity Administrator.

Exchange View Only Administrator

If you do not want to create Cisco Unity subscribers by using the Cisco Unity Administrator (meaning that you will create Cisco Unity subscribers only by importing accounts from Active Directory).

  1. Click OK to close the Delegate Control dialog box.
  2. Click Next.
  3. Click Finish.
  4. Repeat Steps 2 through 11 for the Cisco Unity directory services account.
  5. Close the Exchange System Manager MMC.

To grant Service Account Administration permissions to the directory services account and the message store services account

  1. On an Exchange 5.5 server, on the Windows Start menu, click Programs > Microsoft Exchange > Microsoft Exchange Administrator.
  2. In the left pane, click the name of the site.
  3. On the Microsoft Exchange Administrator menu, click File > Properties.
  4. Click the Permissions tab.
  5. Click Add.
  6. In the Add Users and Groups dialog box, in the List Names From list, click the name of the domain that the directory services and message store services accounts are in.
  7. The first time you do this step, in the top list, double-click the name of the directory services account, and the name appears in the bottom list.

The second time you do this step, in the top list, double-click the name of the message store services account, and the name appears in the bottom list.

  1. Click OK to close the Add Users and Groups dialog box.
  2. The first time you do this step, in the Properties dialog box, click the name of the directory services account.

The second time you do this step, in the Properties dialog box, click the name of the message store services account.

  1. In the Roles list, click Service Account Admin.
  2. Repeat Steps 5 through 10 for the message store services account.
  3. Click OK to close the Properties dialog box.
  4. In the left pane, under the name of the site, click Configuration.
  5. On the Microsoft Exchange Administrator menu, click File > Properties.
  6. Click the Permissions tab.
  7. Click Add.
  8. In the Add Users and Groups dialog box, in the List Names From list, click the name of the domain that the directory services and message store services accounts are in.
  9. The first time you do this step, in the top list, double-click the name of the directory services account, and the name appears in the bottom list.

The second time you do this step, in the top list, double-click the name of the message store services account, and the name appears in the bottom list.

  1. Click OK to close the Add Users and Groups dialog box.
  2. The first time you do this step, in the Properties dialog box, click the name of the directory services account.

The second time you do this step, in the Properties dialog box, click the name of the message store services account.

  1. In the Roles list, click Service Account Admin.
  2. Repeat Steps 16 through 21 for the message store services account.
  3. Click OK to close the Properties dialog box.
  4. Close Microsoft Exchange Administrator.

Revision History

1.0.0   – Initial version.

1.1.0   – Updated for Cisco Unity 4.0(3)

© 2003 Cisco Systems, Inc. -- Company Confidential