Wednesday 26 August 2009

Unity 7.0 with AD 2008/Exchange 2007 tips

With the problems encountered in deploying Unity 7.0(2) with Exchange 2007 and Active Directory 2008, these notes have been created.

Things to watch out for:

- The ADSchema update .exe file WILL NOT RUN on Windows Server 64-bit. So instead, you have to run the following on the FSMO role holder AD controller (Disable replication using repapp if you want to, but once happy you need to push replication out to all other DC's in the forest and wait for replication before continuing setup!). Ldifde.exe is included with Windows Server 2008 (Google to find out more on MS's help pages and read up about it first):

ldifde.exe -i -k -c "<ConfigurationContainerDN>" "CN=Configuration,DC=hyperv64,DC=local" -s -f "c:\Schema\LdifScripts\avdirmonex2k.ldf"

You may be tempted to think that "<ConfigurationContainerDN>" is a variable that you need to edit of some sort! It isn't - it's actually used by the script to replace all references of that string within the script with the DC names found in the "CN=Configuration..." stuff. However, DO change the "CN=Configuration..." part for your AD design and the location of your scripts.

The avdirmonex2k.ldf file is the only one you need to run, unless you wish to run Unity Bridge or VPIM - then you'll need to do the others too (All found in the \Schema\ folder on the Unity DVD 1). Successful running of the script will give you a short message to say that roughly 110 entries were added. You can also double check this by going to a user in AD (Users and Computers); then right click and Properties, and there should be a tab for Attributes. You should find a load of Cisco ones added.

- Make sure you set an MSDE password following the instructions! If you don't, the rollout of the Exchange 2003 MAPI (Found in the Exchange 2003 deployment tools) gave me error messages because it finds that there is no password on the DB. Don't forget to install Exchange 2003 SP2 updates (Found on the Unity Service Packs DVD) otherwise Unity installation will fail (The MAPI isn't up to date).

- Be careful to change the Unity installation directories to D: away from C: - it's easy to miss but will lead to a world of pain if you don't.

- Exchange 2007 with Unity 7 does NOT SUPPORT adding new subscribers through the interface. You have to add new users through AD/Exchange 2007 and then import them into Unity.

- Don't forget to harden up your restriction tables after installation. Don't forget that there are several restriction tables (Click the Looking glass/search button to find them all). Changing the top value to 9* and allowed "No" is enough to stop most/if not all toll fraud holes in Unity.
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)