The DiRT restore will create new accounts in AD/NT (Ex2000/EX2003/EX55) on the fly if necessary or will bind to existing accounts already in the directory.  Note that DiRT cannot create new accounts on the fly for Exchange 2007 based systems.  DiRT populates SQL with the subscriber information from the backup and then kicks off the SQLSyncSvr process noted above.  It is this process that then looks through the directory to see if each subscriber is already represented there or not.  If the user is not found in the directory then, in the case of an Exchange back end, a new object is created in the container selected during Unity installation (i.e. the Users container in AD is the default).  In the case of a Domino restore if a user in SQL is not found in the directory they are removed from the database.  When searching for a user in the directory with an Exchange back end, the Syncher does the following lookups in this order

1. Looks for the user’s directory ID. If you are restoring into the same directory where the Unity you backed up was installed, this will match and the user will be updated to be a subscriber on the new local Unity server.
2. Looks for the user by their Relative Distinguished name (RDN).
3. Looks for the user by their mail alias.  If more than one object is found with the same mail alias, that subscriber is skipped – the syncher does not make a “best guess” here as to which one to use.  Remember that the syncher is looking from the root of the forest down in AD, it is legal (although not a good idea) to have multiple users in AD with the same mail alias across domains.

If no user is found by the above three searches, then a new user is created in the default container noted above.  If, for instance, the aliases of the subscribers have changed between the system you backed up on and the system you are restoring to (i.e. you are migrating from VM only to a UM installation) you can use the Migrate Subscriber Data tool to move the Unity data off these newly created accounts onto the desired email account already in the directory.  See that tool’s help and training videos on the link above for details.

 

Caution! If the partner Exchange server is running Exchange 2000 or 2003, Cisco Unity can only create accounts in Active Directory if, when you ran Permissions Wizard, you chose the option to create users using the Cisco Unity Administrator. If you did not choose this option when you ran Permissions Wizard, the DiRT restore will fail because AD accounts cannot be created.  See Restoring to an Exchange 2007 Based System section for details specific to restores with Exchange 2007.

NOTE: You can change the alias strings for subscribers during DiRT restore starting with version 1.0.264.  See the Remapping Subscriber Alias Strings During Restore section below for more on that.

In the case of Domino the syncher will search the for a UID match first and if one is not found the alias column is used to find a  match in the directory by short name (for Unity 4.0(3)) or the full name (in Untiy 4.0(4) or later).  If no match is found the user is removed from the local SQL database since we are not able to create new users through the DUC interface. 

Exchange 5.5 and Exchange 2000/2003/2007 (AD) use different properties for these values.  The following table shows what Unity maps each of the above three properties to for both Exchange 5.5 and AD:

 

	Exchange 5.5	Exchange 2000/2003/2007 (AD)	Domino
Directory ID	DistinguishedName	ObjectGUID	UID
Relative Distinguished Name (RDN)	Rdn	Name
Alias	UID	mailNickName	Short Name (Unity 4.0(3)) Full Name (Unity 4.0(4) and later)
Alias		sAMAccountName	Added in 4.0(3) and later.

 

NOTE: It’s very important to understand that if the Syncher DOES find a match by the above 3 criteria, it will bind to that user in the directory regardless of if it’s already stamped as a subscriber or not.  Remember, one function of this tool is as a disaster recovery mechanism and it’s expected that users in the directory may still be stamped as being subscribers on a Unity server that may no longer be around.  This is expected behavior.

You can check the SQLSyncSvr logs found under \commserver\logs to see what happened during a restore.  Search on the alias of the user you’re interested in and the logs will show the process of looking for the user and then, if no match is found, the creation of the user in the directory.  This can help answer questions about why new objects were created when you didn’t expect them to be.

NOTE: DiRT does not preserve the "Disable AD accounts created by Unity" advanced setting value from the backed up system.  Prior to restoring with DiRT be sure to set this value correctly since all new accounts created will follow the value in the Advanced Settings Tool.  By default the value for new installations is to create normal, enabled accounts in AD.  If you wish to create new disabled accounts in AD then you will need to set this value to "1" in the Advanced Settings Tool or during the Message Store Configuration Wizard during installation prior to doing the restore.

NOTE: See Restoring to an Exchange 2007 Based System section for details specific to restores with Exchange 2007