222 TroubleshootingAccessing permissions for the AD object propertiesStep Action1 Install the Operating System Support Tools on the server (usuallythe Tools setup is on the MS Windows 2003 Server setup disk).2 Run the ADSIEdit tool (%ProgramFiles%\Support Tools\ad-siedit.msc).3 Navigate to the users object container or the specific user’s object.4 Right-click the item and open Properties.5 Go to the Security tab and click the Advanced button.6 Search for the permission entry specific for the msRTCSIPproperties group or RTCPropetySet. If there is a specificuser group that has access rights to that property group,then the best solution is to add the MCM service account tothis user group. Otherwise, you have to allow MCM Serviceaccount to read the properties msRTCSIP-UserEnabled,msRTCSIP-PrimaryUserAddress, msRTCSIPOptionFlags,msRTCSIP-Line, and msRTCSIP-LineServer.7 Click Add.8 Choose the MCM service account and click OK.9 Go to the Properties tab.10 Select User objects in the field Apply onto.11 In the Permissions list box select the Allow check boxes across theRead permission of necessary properties and RTCPropetySet.12 Click OK.—End—Solution 3: Enable propagation of the AD to the Global CatalogEnable propagation of the Active Directory field to the Global Catalog. Besure to specify a Domain Controller LDAP server (port 389) to reducethe search scope to only one domain. Follow the procedure in "Enablingpropagation of the Active Directory field to the Global Catalog" (page 223).Nortel Communication Server 1000Nortel Converged Office Fundamentals — Microsoft Office Communications Server 2007NN43001-121 01.03 StandardRelease 5.0 30 April 2008Copyright © 2005–2008, Nortel Networks.
