Public folder contacts can not be resolved in Exchange Server 2000

We use distribution lists located in the public folders of Exchange 2000.  Sometime over the last two weeks, most of the names in these distribution lists can't be used any more.  In Outlook, when you click on a name in a distro list, you get an error that the contact may have moved or been deleted.  You can see all the names and their email addresses in the list, but you can't send email to them.  In IIS, when you try to browse the contact list through OWA, you get an error message that says "names in the list cannot be resolved, and you must delete the unresolved names to send mail to this distro list."  

I don't want to have to print up and recreate these lists manually, as there are a couple thousand names in 50 or so lists.

Any ideas?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


Check out this article ... (KB 297801)

Troubleshooting Check Name Errors

To troubleshoot this issue, follow these steps.

Note In this procedure, the "user account" is the Active Directory user account whose name cannot be resolved, the "administrator account" is any account in the Domain admins group, and "user" refers to the user whose account you are logged on as.

Verify that the Active Directory account that you use either to create the client profile or to log on to the mailbox has been mailbox-enabled.

Verify that the account that you use to log on to the workstation or the account for which you enter credentials in the Outlook Enter password dialog box is mailbox-enabled. If this account is not mailbox-enabled, the account cannot check names.

To make this account mailbox-enabled, start the Active Directory Users and Computers snap-in, right-click the user account, click Exchange Tasks, and then click Create mailbox.
Verify that the user can use the Active Directory account to view sibling objects in the Users container (or in the Active Directory organizational unit that contains the user account). To do so:

Start Ldp.exe, and then type the user credentials of the account that is not resolving to bind to port 389 of a domain controller (type the user credentials in the following format: domain/user/password).
Find the user in the User container or its parent organizational unit.
The user must be able to find themselves in their organizational unit while they are bound to the domain controller with their credentials. If Ldp.exe reports that there are "no children" in the organizational unit, the computer may not have the appropriate permissions.

To resolve this issue:
Start the Active Directory Users and Computers snap-in, click View, and then make sure that Advanced Features is checked.
Right-click Users, click the Security tab, and then click the Authenticated Users group.
Verify that Read permissions are assigned to either the Users container or to the organizational unit where the accounts are located.
Verify that the user account has been stamped by the Recipient Update Service after you mailbox-enable the user account. To do so, start Ldp.exe, use the user credentials to bind, and then verify that the following attributes have been populated to the account:
showInAddressBook ()
If these attributes are populated, the Recipient Update Service has stamped this user account. If these attributes have not been populated, troubleshoot the Recipient Update Service and the recipient policies to determine why the attributes have not been stamped.
Verify that the user can see both the Global Address List objects that are listed in the showInAddressBook attribute and the members of the Global Address List using Ldp.exe. To do so:

Open the showInAddressBook attribute for the user (see step 3), copy the distinguished name values for the Global Address List objects, and then paste these values to a Microsoft Notepad file.
Start Ldp.exe, and then use the user credentials of the account that is not resolving to bind to port 389 of a domain controller
On the View menu, click Tree.
Paste the distinguished name of one of the Global Address List objects in the Base Dn box.
Double-click the Global Address List object that is displayed.

The user should be able to see themselves as child objects.
If Ldp.exe reports that there are "no children," the Global Address List object may not have the appropriate permissions. A user must be able to see at least one Global Address List object and its members. To resolve this issue, start Exchange System Manager, and then make sure that the user has permissions to view the Global Address List object's members. Make sure that the Authenticated Users group has List Content permissions.

Note If you enter an incorrect distinguished name, Ldp.exe reports that there are "no children." Make sure that you enter the correct distinguished name.
Verify that the user can see themselves and their attributes in the global catalog. To do so, start Ldp.exe, and then use the user's credentials to bind to the global catalog on port 3268. If the user or the following attributes are not visible, you may be experiencing a replication latency or a property promotion problem.

For additional information about replication latency or a property promotion problems, click the article number below to view the article in the Microsoft Knowledge Base:
248717 How to Modify Attributes That Replicate to the Global Catalog

Log on as an administrator, and then verify that there are no duplicates in the addressBookRoots attribute of the Microsoft Exchange object under Domain,cn=Configuration,cn=Services.

You cannot specify both a parent container and a child of that parent as an address book root. For example, if you enter All Address Lists as an address book root, it has to be the only address book root. all your other address lists are listed under All Address Lists; if you enter both the parent object and child objects that exist under this parent object, you enter the child objects more than once. When you do so, Check Names and all other Global Address List and NSPI operations do not succeed.
Verify that Microsoft Exchange Server 5.5 is not installed on the global catalog server.
If the user who is checking names is an administrator who is checking names for another user, confirm that the administrator account that is being used is mailbox-enabled.

The administrator account and the user that is being checked must be members of a common Global Address List. (The showInAddressBook attribute for both users must contain one common Global Address List object.) In addition, the common Global Address List object must be the administrator's Global Address List.

Other articles -
Clients Cannot Browse the Global Address List After You Apply the Q299687 Windows 2000 Security Hotfix;EN-US;309622

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

Also, make sure the RUS is running and configured properly -

If you create a new distribution list does it work?
Is email flowing in your Org as it should be?
Are there any events in the application logs?

Are your distribution lists expanding on any server in the Org, or do you use an expansion server?
    Have you tried specifying either and testing?
jerminateAuthor Commented:
Thank you for all of your input - in reality the solution was much easier than I had thought.  I just opened each distribution list and clicked on the "Update List" button, which resolved all the contacts.

I'm still not sure what caused the problem, but I think it may have had something to do with upgrading our main mailing list user to Outlook 2003, then back to Outlook XP.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.