Solved: Unity 3.1 and migration to Windows 2000 AD domain

tmaurello_2 · ‎11-01-2002

I have a customer running Unity 3.1.4 UM with Exchange 5.5 on-box. There are 3 other Exchange 5.5 servers in the site. The network is Windows NT - no active directory. No subscribers are homed on the Exchange server that is running on the Unity box.

The customer has built a totally separate Windows 2000 Active Directory domain. Their first phase of their plan is to "move" the users from the NT domain to the AD domain. I think they are planning on creating brand new accounts (hopefully with the same alias). They will have a two-way trust between the two domains.

Is there a way to break the link to the NT4 domain account and re-connect the subscriber to their respective AD account? What else can I do to make Unity work with their plan?

lindborg · ‎11-02-2002

The Syncher (or SynKerr as it's known in house... Mr. Kerr wrote it) will look from the root of the forest down in an attempt to find a match - it doesn't care what container a user object is in.

If for some odd reason there are two objects with the same mail alias, for instance, it'll fail to bind to either one and will log an error in the SQLSyncSvr logs found under \commserver\logs. It is technically possible to have two users with the same mail alias across domains in a forest (or if you try real hard in the same domain) but is really not a good idea. The Syncher doesn't try and make a best guess here, it just skips the user entirely (no new user is created either, of course).

View solution in original post

tmaurello_2 · ‎11-02-2002

Let me ask my question a different way.

If I build a new Unity server and connect it to a Win2K AD domain with Exchange 2000, can I use the DiRT tool here? If I have the customer create all of the user accounts with the same alias as the old NT4 domain, will the subscriber properties and settings repoint to the respective accounts based on the match on the alias field?

Thanks.

lindborg · ‎11-02-2002

Yes... the SQLSyncSvr service is called at the end of the DiRT process and it will search for all the restored subscribers in SQL first by DirectoryID then by RDN then by mail Alias. If a match is found on any one of those properties, it will bind to that directory account. If no match is found on any of those criteria it'll create a new directory object in the default container selected for new users that you chose during part 2 setup (configuration setup).

tmaurello_2 · ‎11-02-2002

Thanks Jeff.

Do the all of the directory accounts I am hoping to match need to be in the default container, or will the SQLSyncSvr service traverse the tree when it searches for an alias match?

lindborg · ‎11-02-2002

The Syncher (or SynKerr as it's known in house... Mr. Kerr wrote it) will look from the root of the forest down in an attempt to find a match - it doesn't care what container a user object is in.

If for some odd reason there are two objects with the same mail alias, for instance, it'll fail to bind to either one and will log an error in the SQLSyncSvr logs found under \commserver\logs. It is technically possible to have two users with the same mail alias across domains in a forest (or if you try real hard in the same domain) but is really not a good idea. The Syncher doesn't try and make a best guess here, it just skips the user entirely (no new user is created either, of course).

tmaurello_2 · ‎11-02-2002

Jeff,

It sounds like I can make this work as long as the AD domain and the directory accounts/alias naming follow these guidelines.

A sincere thanks for the info.

- Tony