Delegating Exchange Administrative Control for Cisco Unity 5.0(1)+

Permissions Wizard grants a few Exchange permissions automatically. For more information, see Permissions Granted By the Cisco Unity Permissions Wizard.

However, you need to manually grant additional permissions to two Active Directory accounts. The permissions you grant depend on the versions of Exchange in which mailboxes will be homed:

Version of Exchange in Which Mailboxes Are Homed	Active Directory Account	Permissions to Grant
Exchange 2000 or Exchange 2003, with or without Exchange 2007	Cisco Unity installation	Delegate Exchange Administrator administrative control
	Cisco Unity directory services	Delegate Exchange Administrator administrative control if you want to create Cisco Unity subscribers by using the Cisco Unity Administrator. Delegate Exchange View Only Administrator administrative control if you want to create Cisco Unity subscribers only by importing accounts from Active Directory.
Exchange 2007 only	Cisco Unity installation	Delegate Exchange Organization Administrator administrative control
	Cisco Unity directory services	Delegate Exchange Organization Administrator admininistrative control
Exchange 2010, with or without Exchange 2003 or Exchange 2007	Cisco Unity installation	Add the account to the Organization Management role group. If mailboxes are also homed in Exchange 2003 and/or Exchange 2007, delegate the applicable administrative control listed above.
	Cisco Unity directory services	Add the account to the Organization Management role group. If mailboxes are also homed in Exchange 2003 and/or Exchange 2007, delegate the applicable administrative control listed above.

If any mailboxes are homed in Exchange 2000 or Exchange 2003, you can delegate control either at the Exchange organization level or at the administrative group level. However, for ease of maintenance, we encourage you to delegate control at the organization level.

If you want to use Digital Networking and if you want to delegate control at the administrative group level, then for all administrative groups in which Cisco Unity subscriber mailboxes will be homed, you must:

• Delegate Exchange Administrator control to the installation account for every Cisco Unity server.
• Delegate Exchange Administrator or Exchange View Only Administrator control to the directory service account for every Cisco Unity server.

Otherwise, Digital Networking is not supported.

Using Cisco Unity Bridge Networking, AMIS Networking, or VPIM Networking is supported only when:

• The Active Directory forest includes at least one Exchange 2000 or Exchange 2003 server, on which the Cisco Unity Voice Connector for Microsoft Exchange can be installed. A Voice Connector for Exchange 2007 is currently not available.
• You delegate control to the installation and directory services accounts at the organization level.

Do the applicable procedure:

• To Delegate Control When Mailboxes Are Homed in Exchange 2000 or Exchange 2003, with or without Exchange 2007
• To Delegate Control When All Mailboxes Are Homed in Exchange 2007
• To Add the Installation and Directory Services Accounts to the Organization Management Role Group When Mailboxes Are Homed in Exchange 2010

To Delegate Control When Mailboxes Are Homed in Exchange 2000 or Exchange 2003, with or without Exchange 2007

1. If you are delegating control at the Exchange organization level, log on to the Cisco Unity server by using an account that is an Exchange Full Administrator.
   
   If you are delegating control at the Exchange administrative group level, log on to the Cisco Unity server by using an account that has the permissions that are required to delegate control to accounts for the desired administrative group.
   
   If you are configuring failover, log on to the primary server.
2. On the Cisco Unity server, on the Windows Start menu, click Programs > Microsoft Exchange > System Manager.
3. In the left pane of the Exchange System Manager MMC, right-click either the organization name at the top of the tree control or the name of an administrative group in which Cisco Unity subscriber mailboxes will be homed, and click Delegate Control.
4. In the Welcome to the Exchange Administration Delegation Wizard, click Next.
5. In the Users or Groups dialog box, click Add.
6. In the Delegate Control dialog box, click Browse.
7. In the Select Users, Computers, or Groups dialog box, in the Look In list, click the name of the domain in which the installation account was created.
8. In the list of users, computers, and groups, double-click the name of the installation account.
   
   The Delegate Control dialog box reappears. The account you selected appears in the Group (Recommended) or User box.
9. In the Role list, click Exchange Administrator.
10. Click OK to close the Delegate Control dialog box.
11. In the left pane of the Exchange System Manager MMC, right-click either the organization name at the top of the tree control or the name of the same administrative group that you chose in Step 3, and click Delegate Control.
12. In the Welcome to the Exchange Administration Delegation Wizard, click Next.
13. In the Users or Groups dialog box, click Add.
14. In the Delegate Control dialog box, click Browse.
15. In the Select Users, Computers, or Groups dialog box, in the Look In list, click the name of the domain in which the directory services account was created.
16. In the list of users, computers, and groups, double-click the name of the directory services account.
    
    The Delegate Control dialog box reappears. The account you selected appears in the Group (Recommended) or User box.
17. In the Role list, click the applicable option:

Exchange Administrator	If you want to create Cisco Unity subscribers by using the Cisco Unity Administrator.
Exchange View Only Administrator	If you do not want to create Cisco Unity subscribers by using the Cisco Unity Administrator (meaning that you will create Cisco Unity subscribers only by importing accounts from Active Directory).

18. Click OK to close the Delegate Control dialog box.
19. If you are delegating control at the administrative group level, repeat Step 3 through Step 18 for each administrative group in which Cisco Unity subscriber mailboxes will be homed.
20. Click Next.
21. Click Finish.
22. Close the Exchange System Manager MMC.

To Delegate Control When All Mailboxes Are Homed in Exchange 2007

1. Log on to an Exchange 2007 server by using an account that is an Exchange Organization Administrator.
2. On the Windows Start menu, click Programs > Microsoft Exchange Server 2007 > Exchange Management Console.
3. In the console tree, right-click Organization Configuration, and click Add Exchange Administrator.
4. On the Add Exchange Administrator page of the wizard, click Browse.
5. In the Select User or Groups to Delegate dialog box, choose the installation account, and click OK.
6. Back on the Add Exchange Administrator page, click Exchange Organization Administrator Role.
7. Click Add.
8. On the Completion page, click Finish.
9. In the console tree, right-click Organization Configuration, and click Add Exchange Administrator.
10. On the Add Exchange Administrator page of the wizard, click Browse.
11. In the Select User or Groups to Delegate dialog box, choose the directory services account, and click OK.
12. Back on the Add Exchange Administrator page, click Exchange Organization Administrator Role.
13. Click Add.
14. On the Completion page, click Finish.
15. Close the Exchange Management Console.

To Add the Installation and Directory Services Accounts to the Organization Management Role Group When Mailboxes Are Homed in Exchange 2010

1. On the Windows Start menu, click Programs > Microsoft Exchange 2010 > Exchange Management Console.
2. In the left pane, expand Microsoft Exchange On-Premises <servername>.
3. Click Toolbox.
4. In the right pane, double-click Role Based Access Control (RBAC) User Editor.
5. Log on to Outlook Web App.
6. In the right pane, click the Administrator Roles tab.
7. Double-click Organization Management.
8. In the Organization Management window, click Add, and follow the on-screen prompts to assign the Organization Management role to the installation account.
9. Repeat Step 8 to assign the Organization Management role to the directory services account.
10. Click Save.

Revision History

1.0.0, Initial version.

1.1.0, Updated for Cisco Unity 4.0(3)

1.2.0, Updated for Cisco Unity 4.1(1)

1.3.0, Updated for Cisco Unity 4.2(1)

1.4.0, Updated for Cisco Unity 5.0(1)

1.5.0, Updated for Cisco Unity 8.0(3)

© 2010 Cisco Systems, Inc. -- Company Confidential