Question

Missing Users in GAL on Exchange 2007

Asked by: gotcher

I have users that just went missing from the Global Address List.  They have been there for over a year and then they started slowly disappearing.  
I am running Exchange 2007.  These user are missing from the Default Global Address List in OWA as well as missing from the Global Address List and the All Users list in both Outlook 2003 and Outlook 2007.  
Also I am running Outlook 2007 on Terminal Services so it will not let me run in Offline mode so I know that is not the issue.  Any help you can give would be greatly appreciated.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-09-03 at 10:04:58ID24705257
Tags

Exchange 2007

Topic

Exchange Email Server

Participating Experts
1
Points
500
Comments
24

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. GAL list disappearing in Outlook
    Hi, Exchange 2000 server with 15 clients running outlook. (mix of Macs and PC's). The first time a machine is configured with exchange access, all is fine the GAL displays and can be used without problem. after then, if outlook is closed and then reopened, the GAL appears as...
  2. Hosted Exchange and GAL
    I REALLY need some help with this! Please! I have setup a hosted Exchange scenario and I have taken all of the well-documented steps to hide each company's GAL from the other. This works fine with OWA users but users using Outlook and RPC over HTTPS can sometimes see other G...
  3. GAL and Offline Address Book Problems
    We are running an exchange server where by we host a number of companies email on our network. We are setting up a separate GAL for each company. When i set up a client to test, if i dont use cached mode on Outlook 2003, it picks up the right GAL perfectly. If i setup cach...
  4. Global Address List (GAL) disappeared
    Hello, I saw this problem in a variety of formats but not quiet mine so im putting it up again. I have a user who's Global Address List has disappeared so she cant email anyone anymore. I read in another Question that these may have happen due to turning Roaming Profiles o...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: shauncroucherPosted on 2009-09-03 at 10:16:41ID: 25252774

What does the following return in EMS:

Get-GlobalAddressList | fl *Filter

Update-GlobalAddressList

Shaun

 

by: shauncroucherPosted on 2009-09-03 at 10:17:25ID: 25252781

Sorry,

Last command should be :

Get-GlobalAddressList | Update-GlobalAddressList

 

by: gotcherPosted on 2009-09-03 at 10:49:52ID: 25253070

Get-GlobalAddressList | fl *Filter returned the following:

RecipientFilter            :
LdapRecipientFilter        : (& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))
LastUpdatedRecipientFilter :

Then when I ran Get-GlobalAddressList | Update-GlobalAddressList I got the following warning:

GlobalAddressList
WARNING: The recipient "spiegelhoffs.com/Microsoft Exchange System
Objects/Offline Address Book - \/o=Spiegelhoff\/cn=addrlists\/cn=oabs\/cn=De"
is invalid and could not be updated.
WARNING: The recipient "spiegelhoffs.com/Microsoft Exchange System
Objects/Offline Address Book - First Administrative Group" is invalid and could
 not be updated.
WARNING: The recipient "spiegelhoffs.com/Microsoft Exchange System
Objects/Schedule+ Free Busy Information - First Administrative Group" is
invalid and could not be updated.
WARNING: The recipient "spiegelhoffs.com/Microsoft Exchange System Objects/OAB
Version 2" is invalid and could not be updated.
WARNING: The recipient "spiegelhoffs.com/Microsoft Exchange System Objects/OAB
Version 3a" is invalid and could not be updated.

 

by: shauncroucherPosted on 2009-09-03 at 11:11:23ID: 25253265

That doesn't look good to me. So this is the Default Global Address List entry?

Can you run Get-GlobalAddressList | fl Id* for me, and clarify it is the "Default" global address list. If it's the only set of results returned then it must be.

Doesn't sound at all good to me. When did this happen? Any history prior to this happening?

Shaun

 

by: gotcherPosted on 2009-09-03 at 11:18:27ID: 25253342

Get-GlobalAddressList | fl Id* returned the following:

Identity : \Default Global Address List

I only ever had the default GAL, I never created any others.  There is nothing out of the ordinary that I can tell.  This started about a week ago when a user said someone was missing from the GAL.  I can still send emails to these users, it is just when you hit the To: button they are not showing up.  I didn't notice it because I never click on the To: button to use the GAL, I just type in the names and choose from the dropdown it gives me in Outlook.  Thanks for you help thus far.

 

by: shauncroucherPosted on 2009-09-03 at 11:24:28ID: 25253422

Is Exchange running on a DC with global catalog? If not, is communication to the DC ok?

Can you go to Exchange Management Console --> Toolbox --> ExBPA (Best Practices Analyser) and run a Health check

Also, does the event viewer App log / sys log show anything unusual?

Do you have any Exchange related third party software? AV / Spam etc in the mix?

Report back findings.

 

by: gotcherPosted on 2009-09-03 at 11:46:46ID: 25253655

Exchange is not running on a Domain Controller with a global catalog.  It is communicating with the Domain Controller.

I do not have any thrid party software running on exchange, no AV or SPAM.

The app log shows that on Tuesday of this week exchange lost communication with the DC, however that was due to a power failure on the DC and I have been having this problem long than that.

When I ran the Health check, I got a warning "Connection to Recipient Update Service domain controller failed" this failure is happening from a DC that I decomissioned a while ago.  It also ran the health check against an old Exchange 2003 server that was also long ago decomissioned.  It also warned me that I am running exchange on a VMWare computer.  Other than that, everything seems good.

 

by: shauncroucherPosted on 2009-09-03 at 11:56:25ID: 25253743

When did you migrate from 2000/2003 to 2007? Does the time tally with this issue?

Please read: http://msexchangeteam.com/archive/2006/10/02/429053.aspx

Shaun

 

by: gotcherPosted on 2009-09-03 at 12:01:12ID: 25253796

We have been running Exchange 2007 for at least 6 months if not more.  The problems just started a little over a week ago, so I don't believe that they have anything to do with one another.  

 

by: shauncroucherPosted on 2009-09-03 at 12:16:32ID: 25253948

Any problems during the migration?

Can you run dcdiag netdiag routines, make sure there is no comms problems with the DC.

Also, does Test-ServiceHealth - make sure all services are up and running.

The part here that is concerning is that the Recipient filter results for your Default GAL are non-standard. That's why I ask about the migration, and if any problems?

Shaun

 

by: gotcherPosted on 2009-09-03 at 12:47:39ID: 25254260

This is what I got when I ran dcdiag /s:dc-01

Directory Server Diagnosis

Performing initial setup:
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC-01
      Starting test: Connectivity
         ......................... DC-01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC-01
      Starting test: Advertising
         ......................... DC-01 passed test Advertising
      Starting test: FrsEvent
         ......................... DC-01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC-01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC-01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC-01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC-01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC-01 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=spiegelhoffs,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=spiegelhoffs,DC=com
         ......................... DC-01 failed test NCSecDesc
      Starting test: NetLogons
         ......................... DC-01 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC-01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... DC-01 passed test Replications
      Starting test: RidManager
         ......................... DC-01 passed test RidManager
      Starting test: Services
         ......................... DC-01 passed test Services
      Starting test: SystemLog
         An Error Event occurred.  EventID: 0x0000165B
            Time Generated: 09/03/2009   13:59:28
            Event String:
            The session setup from computer 'WKST-2430-GR-01' failed because the
 security database does not contain a trust account 'WKST-2430-GR-01$' reference
d by the specified computer.
         An Error Event occurred.  EventID: 0x000016AD
            Time Generated: 09/03/2009   14:03:32
            Event String:
            The session setup from the computer WKST-2430-GR-01 failed to authen
ticate. The following error occurred:
         ......................... DC-01 failed test SystemLog
      Starting test: VerifyReferences
         ......................... DC-01 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : spiegelhoffs
      Starting test: CheckSDRefDom
         ......................... spiegelhoffs passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... spiegelhoffs passed test CrossRefValidation

   Running enterprise tests on : spiegelhoffs.com
      Starting test: LocatorCheck
         ......................... spiegelhoffs.com passed test LocatorCheck
      Starting test: Intersite
         ......................... spiegelhoffs.com passed test Intersite

 

by: gotcherPosted on 2009-09-03 at 12:49:27ID: 25254276

Here is what I got when I ran Test-ServiceHealth

Role          RequiredServicesRunning ServicesRunning        ServicesNotRunning
----          ----------------------- ---------------        ------------------
Mailbox       True                    IISAdmin
                                      MSExchangeADTopology
                                      MSExchangeIS
                                      MSExchangeMailboxAssis
                                      tants
                                      MSExchangeMailSubmissi
                                      on
                                      MSExchangeRepl
                                      MSExchangeSA
                                      MSExchangeSearch
                                      MSExchangeServiceHost
                                      MSExchangeTransportLog
                                      Search
                                      MSFTESQL-Exchange
                                      W3Svc
Client Access True                    IISAdmin
                                      MSExchangeADTopology
                                      MSExchangeFDS
                                      MSExchangeServiceHost
                                      W3Svc
Hub Transport True                    MSExchangeADTopology
                                      MSExchangeEdgeSync
                                      MSExchangeTransport
                                      MSExchangeTransportLog
                                      Search

 

by: gotcherPosted on 2009-09-03 at 12:52:46ID: 25254299

No problems with the migration as far as I could tell.  Everything went off without a hitch.

What is netdiag?  Where do I run it?  I ran it from both the command line and from Exchange Management Shell and did not work at either.

 

by: shauncroucherPosted on 2009-09-03 at 13:02:51ID: 25254378

 

by: gotcherPosted on 2009-09-03 at 13:05:10ID: 25254396

The page says windows 2000, will it run on windows 2008?

 

by: shauncroucherPosted on 2009-09-03 at 13:13:46ID: 25254469

Sorry, its not supported in 2008.

Did you do anything with the Default Global address list when you migrated from E2003 to E2007? It just doesn't look right to me:

Review this article here:

http://blogs.technet.com/msukucc/archive/2009/02/23/recipients-list.aspx

Particularly at the very bottom:

Address Lists Common Issues

A couple of common issues that you may experience are, either you are unable to edit an address list properties, or changes you have done on an address list don't show up when you see them.

On the first issue if address lists have been created using Exchange Server 2003 they must be upgraded in order to be able to modify them using Exchange Management Console. This is due to the fact that Exchange Server 2007 uses OPATH filters based on the Exchange Management Shell instead of using LDAP filters as in Exchange Server 2003. In order to have a list of the address lists which should be upgraded you may use Get-AddressList | Format-List Name,*RecipientFilter*,ExchangeVersion or Get-GlobalAddressList | Format-List Name,*RecipientFilter*,ExchangeVersion  Exchange Management Shell cmdlets. If one of the below conditions occurs you will have to upgrade the Address Lists:

LDAPRecipientFilter: Populated but RecipientFilter is empty (Exchange Server 2003 doesn't populate RecipientFilter);
RecipientFilterType: Legacy;
ExchangeVersion: 0.0 (6.5.6500.0)
At least three of the basic Address Lists can be corrected using pre-canned filters:

Set-AddressList "All Users" -IncludedRecipients MailboxUsers
Set-AddressList "All Groups" -IncludedRecipients MailGroups
Set-AddressList "All Contacts" -IncludedRecipients MailContacts
Others may need custom filters (Public Folders and Global Address List)

Set-AddressList "Public Folders" -RecipientFilter { RecipientType -eq 'PublicFolder' }
Set-GlobalAddressList "Default Global Address List" -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq 'user' -or ObjectClass -eq 'contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass -eq 'publicFolder'))}
On the second issue since Exchange Server 2007 has no Recipient Update Service, the address lists must be manually updated if you experience the described issue, using Exchange Management Console or the Exchange Management Shell cmdlet Update-AddressList. If that still doesn't work and in order to troubleshoot issues related to the Recipient Update Service API you may enable diagnostic logging of the Recipient Update Service API using the cmdlets Get-EventLogLevel MSExchangeAL and Set-EventLogLevel.


Can you enable the logging as described.

Shaun

 

by: shauncroucherPosted on 2009-09-03 at 13:15:05ID: 25254482

And can you run this cmdlet:

Set-GlobalAddressList "Default Global Address List" -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq 'user' -or ObjectClass -eq 'contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass -eq 'publicFolder'))}


So that the Recipientfilter section is populated with default entries

Shaun

 

by: gotcherPosted on 2009-09-03 at 13:19:38ID: 25254519

I did not do anything to the Default GAL when I upgraded from 2003 to 2007.  Am I supposed to cut and paste the cmdlet

Set-GlobalAddressList "Default Global Address List" -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq 'user' -or ObjectClass -eq 'contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass -eq 'publicFolder'))}

from your last posting and run it on Exchange or did I need to do something else first?

 

by: shauncroucherPosted on 2009-09-03 at 13:22:49ID: 25254563

Yes, the cmdlet references generic object types that are native to all all Mailbox servers, so it should be fine to run this command.

Shaun

 

by: gotcherPosted on 2009-09-03 at 13:26:34ID: 25254597

I ran the cmdlet

Set-GlobalAddressList "DefaultGlobal Address List" -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq 'user' -or ObjectClass -eq 'contact' -or ObjectClass -eq 'msExchSystemMailbox' -or
 ObjectClass -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or
 ObjectClass -eq 'publicFolder'))}

and got the follow which I answered yes to.

Confirm
To save changes on object "Default Global Address List", the object must be
upgraded to the current Exchange version. After the upgrade, this object cannot
 be managed by a previous version of Exchange System Manager. Do you want to
continue to upgrade and save the object?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is "Y"):

Do I need to do anything else or should I be able to check and see if user are showing up now.  I really do appreciate all of your help.

 

by: gotcherPosted on 2009-09-03 at 14:20:34ID: 25255073

The users are not showing up in the Global Address List, but they are now showing up under All Users (which they weren't doing before).  So we have fixed part of it but not all of it.  Thanks for your help so far.  At least this is a crutch that can get them by.

 

by: shauncroucherPosted on 2009-09-04 at 04:35:44ID: 25258485

Is the GAL ok on OWA now?

Shaun

 

by: gotcherPosted on 2009-09-04 at 06:26:39ID: 25259387

Yes it is working on OWA and also on the Global Address List in Outlook.  I just needed to regenereate the Offline Address Book so I could see Global Address List in Outlook.  Thanks for all of you help, I would not have been able to figure this out without it.

 

by: shauncroucherPosted on 2009-09-04 at 07:03:53ID: 25259769

Yes, I was going to say, OAB generation if OWA works!

Glad I could help

Shaun

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...