Solved

Public folder contacts can not be resolved in Exchange Server 2000

Posted on 2004-09-14
3
320 Views
Last Modified: 2008-02-01
We use distribution lists located in the public folders of Exchange 2000.  Sometime over the last two weeks, most of the names in these distribution lists can't be used any more.  In Outlook, when you click on a name in a distro list, you get an error that the contact may have moved or been deleted.  You can see all the names and their email addresses in the list, but you can't send email to them.  In IIS, when you try to browse the contact list through OWA, you get an error message that says "names in the list cannot be resolved, and you must delete the unresolved names to send mail to this distro list."  

I don't want to have to print up and recreate these lists manually, as there are a couple thousand names in 50 or so lists.

Any ideas?
0
Comment
Question by:jerminate
  • 2
3 Comments
 
LVL 12

Accepted Solution

by:
BNettles73 earned 250 total points
ID: 12058270

Check out this article ... (KB 297801)

Troubleshooting Check Name Errors
http://support.microsoft.com/default.aspx?kbid=297801

To troubleshoot this issue, follow these steps.

Note In this procedure, the "user account" is the Active Directory user account whose name cannot be resolved, the "administrator account" is any account in the Domain admins group, and "user" refers to the user whose account you are logged on as.

Verify that the Active Directory account that you use either to create the client profile or to log on to the mailbox has been mailbox-enabled.

Verify that the account that you use to log on to the workstation or the account for which you enter credentials in the Outlook Enter password dialog box is mailbox-enabled. If this account is not mailbox-enabled, the account cannot check names.

To make this account mailbox-enabled, start the Active Directory Users and Computers snap-in, right-click the user account, click Exchange Tasks, and then click Create mailbox.
Verify that the user can use the Active Directory account to view sibling objects in the Users container (or in the Active Directory organizational unit that contains the user account). To do so:


Start Ldp.exe, and then type the user credentials of the account that is not resolving to bind to port 389 of a domain controller (type the user credentials in the following format: domain/user/password).
Find the user in the User container or its parent organizational unit.
The user must be able to find themselves in their organizational unit while they are bound to the domain controller with their credentials. If Ldp.exe reports that there are "no children" in the organizational unit, the computer may not have the appropriate permissions.

To resolve this issue:
Start the Active Directory Users and Computers snap-in, click View, and then make sure that Advanced Features is checked.
Right-click Users, click the Security tab, and then click the Authenticated Users group.
Verify that Read permissions are assigned to either the Users container or to the organizational unit where the accounts are located.
Verify that the user account has been stamped by the Recipient Update Service after you mailbox-enable the user account. To do so, start Ldp.exe, use the user credentials to bind, and then verify that the following attributes have been populated to the account:
showInAddressBook ()
textEncodedORAddress
msExchUserAccountControl
msExchALObjectVersion
msExchUserAccountControl
msExchPoliciesIncluded
If these attributes are populated, the Recipient Update Service has stamped this user account. If these attributes have not been populated, troubleshoot the Recipient Update Service and the recipient policies to determine why the attributes have not been stamped.
Verify that the user can see both the Global Address List objects that are listed in the showInAddressBook attribute and the members of the Global Address List using Ldp.exe. To do so:


Open the showInAddressBook attribute for the user (see step 3), copy the distinguished name values for the Global Address List objects, and then paste these values to a Microsoft Notepad file.
Start Ldp.exe, and then use the user credentials of the account that is not resolving to bind to port 389 of a domain controller
On the View menu, click Tree.
Paste the distinguished name of one of the Global Address List objects in the Base Dn box.
Double-click the Global Address List object that is displayed.

The user should be able to see themselves as child objects.
If Ldp.exe reports that there are "no children," the Global Address List object may not have the appropriate permissions. A user must be able to see at least one Global Address List object and its members. To resolve this issue, start Exchange System Manager, and then make sure that the user has permissions to view the Global Address List object's members. Make sure that the Authenticated Users group has List Content permissions.

Note If you enter an incorrect distinguished name, Ldp.exe reports that there are "no children." Make sure that you enter the correct distinguished name.
Verify that the user can see themselves and their attributes in the global catalog. To do so, start Ldp.exe, and then use the user's credentials to bind to the global catalog on port 3268. If the user or the following attributes are not visible, you may be experiencing a replication latency or a property promotion problem.
mail
proxyAddresses
showInAddressBook

For additional information about replication latency or a property promotion problems, click the article number below to view the article in the Microsoft Knowledge Base:
248717 How to Modify Attributes That Replicate to the Global Catalog

Log on as an administrator, and then verify that there are no duplicates in the addressBookRoots attribute of the Microsoft Exchange object under Domain,cn=Configuration,cn=Services.

You cannot specify both a parent container and a child of that parent as an address book root. For example, if you enter All Address Lists as an address book root, it has to be the only address book root. all your other address lists are listed under All Address Lists; if you enter both the parent object and child objects that exist under this parent object, you enter the child objects more than once. When you do so, Check Names and all other Global Address List and NSPI operations do not succeed.
Verify that Microsoft Exchange Server 5.5 is not installed on the global catalog server.
If the user who is checking names is an administrator who is checking names for another user, confirm that the administrator account that is being used is mailbox-enabled.

The administrator account and the user that is being checked must be members of a common Global Address List. (The showInAddressBook attribute for both users must contain one common Global Address List object.) In addition, the common Global Address List object must be the administrator's Global Address List.


Other articles -
Clients Cannot Browse the Global Address List After You Apply the Q299687 Windows 2000 Security Hotfix
http://support.microsoft.com/default.aspx?scid=kb;EN-US;309622
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 12058324


Also, make sure the RUS is running and configured properly -
http://support.microsoft.com/default.aspx?kbid=288807

If you create a new distribution list does it work?
Is email flowing in your Org as it should be?
Are there any events in the application logs?

Are your distribution lists expanding on any server in the Org, or do you use an expansion server?
    Have you tried specifying either and testing?
0
 

Author Comment

by:jerminate
ID: 12064073
Thank you for all of your input - in reality the solution was much easier than I had thought.  I just opened each distribution list and clicked on the "Update List" button, which resolved all the contacts.

I'm still not sure what caused the problem, but I think it may have had something to do with upgrading our main mailing list user to Outlook 2003, then back to Outlook XP.
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now