Solved

Exchange 2003 OWA Check Names Fails To Find Receipients in Global Address List (GAL)

Posted on 2004-09-15
14
711 Views
Last Modified: 2012-08-14
My company is using an Exchange Hosting provider; MailStreet per my recommendation.  MailStreet offers Exchange 2003 hosting along with OWA use.  Ran a pilot for a few months which went well.  During pilot, when using OWA and creating a new message, users could type a few letters of someone in our Global Address List, type the message and send it and OWA would pop up the Check Names dialogue with the matches.  Worked close to how Outlook works.  I was pleaseantly surprised.

Now, on the new domain which lies on a different Exhange server, when the user clicks send, the Check Names dialogue comes up, but there are no names in the list even though it should get a match from our global address list.
0
Comment
Question by:scalvillo
  • 6
  • 6
14 Comments
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 12072002
can you still see the GAL in OWA, if you do a search for a user?
0
 

Author Comment

by:scalvillo
ID: 12079360
yes, you can search fine on the Find window.  I just don't want users to have to go to that window to address messages.  i want them to be able to type a few letters and then send it.
0
 

Author Comment

by:scalvillo
ID: 12108954
Anyone have a resolution to this?
0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 12112216
When I type in 3 letters, and hit control + k, it underlines it, then gives me a screen with the proposed match(es) if there's more than one. If you're looking for auto complete, like Outlook, that functionality doesn't reside in OWA.

D
0
 

Author Comment

by:scalvillo
ID: 12112322
I am NOT looking for Auto Complete.  I have a lot of experience with OWA and I know how it is supposed to work.  I posted this problem because 1 exchange server is acting different from another.  For some reason the server is not getting matches from the Global Address List.  I am wondering if there are any tricks on the exchange setup side?  Maybe a way to re-generate the search indexes on the Global Address List.  I was looking on Microsoft.com and http://support.microsoft.com/default.aspx?scid=kb;en-us;826925 seems close to my issue.  However, my issue is more extreme because even if I type in the entire name or alias, i never get a match from the GAL.  Again, Find through OWA works fine and so does resolution in Outlook.  The problem is specific to Check Names through OWA and it is only happening on one server.
0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 12112730
Ok, so are we working with Exchange 2003 on SP1? and is this a 2003 AD? Is this new domain talking to a different domain for the GAL, or is Exchange in the same domain it's trying to resolve names with? And last, is this a front end exchange server, or a mailbox server?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:scalvillo
ID: 12112791
2003 sp1
2003 AD
Exchange is in the same domain
It is a front end exchange server.  the mailbox server is a different box.
0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 12112884
ok, now, is the FE in a DMZ, or is it behind the firewall? Looking for possible communications issue...
0
 

Author Comment

by:scalvillo
ID: 12112932
As mentioned in my original post, we are using an exchange hosting provider so I will need to ask them this.  But I see your point.  I am 99% sure the FE is in a DMZ.  I can ping it just fine.  Come to think of it I can ping the backend mail server just fine also so they may both be in a DMZ.  I will find out for sure and get back to you...  thanks for being so responsive.

Sean
0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 12112994
Not a problem :) You may also want to check to see that they gave your OU the right perms. You most likely only want to see the recipients in your company, not the whole server, since its hosting, so they would have to block your view of the entire GAL, and then give your users full rights to view the GAL...could be a little something they missed in your setup.
0
 

Author Comment

by:scalvillo
ID: 12113222
I actually know another company that uses the same hosting organization and their company happens to be on the same exchange server.  They have the same problem so if its a problem with the setup of the OU, it is not specific to my company.  What is interesting is besides this problem, the GAL works as expected.  Again, OWA Find is fine as well as resolution of names from the GAL in Outlook.  That leads me to believe it is web server permissions or the way OWA searches the GAL when checking names. thanks for all your help.  i will let you know what i find out about the dmz...

0
 
LVL 24

Accepted Solution

by:
David Wilhoit earned 500 total points
ID: 12113258
I realize you don't control the server, but here's the process they should be using.

http://support.microsoft.com/default.aspx?scid=kb;en-us;318635#12

Restrict Outlook Web Access Lookups
Restrict Outlook Web Access (OWA) lookup operations for the hosted company's users to members of the hosted company. By default, Outlook Web Access users can still see all users, including those users who are not in the same organizational unit, by using the Find names feature. To prevent this behavior, you must change the msExchQueryBaseDN attribute on each member of the hosted company to point to the hosted company's organizational unit. This limits the scope of a directory service search from OWA. To set the msExchQueryBaseDN attribute on a user object, use one of the following methods:
Method 1: By Using ADSI Edit
Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.
Start the ADSI Edit utility. To do this, click Start, click Run, type adsiedit.msc in the Open box, and then click OK.

ADSI Edit is included with Windows 2000 Support Tools. To install Windows 2000 Support Tools, run Setup.exe from the Support\Tools folder on the Windows 2000 CD-ROM.
Expand Domain NC, and then expand DC=your_domain_name, DC=com.
Click the organizational unit that you created for the hosted company. For example, click OU=Contoso.
In the right pane, right-click a user from the hosted company, and then click Properties.
In the Select a property to view list, click msExchQueryBaseDN.
In the Edit Attribute box, type the distinguished name of the hosted company. For example, type ou=contoso,dc=your_domain_name,dc=com (where contoso is the name of the organizational unit that you created for the hosted company, and where your_domain_name.com is the name of your domain).

Note This distinguished name appears (together with the canonical name [CN] of the user) in the right pane when you click the hosted company's organizational unit.
Click Set, and then click OK.
Follow steps 4 through 7 to set the msExchQueryBaseDN attribute for each user in the hosted company.
Method 2: By Using ADModify
Use the ADModify utility to set the msExchQueryBaseDN attribute for each user in the hosted company. To do so, follow these steps.

Note You must be using ADModify 1.5d or later for this method to work.
Obtain and install the ADModify utility. To obtain ADModify, contact Microsoft Product Support Services (PSS). For additional information about how to contact PSS, visit the following Microsoft Web site:
http://support.microsoft.com

Start ADModify.
Under Select Action, click Modify Existing User Attributes, and then click Next.
In the Select Domain Controller list, click a domain controller.
Expand DC=example, and then click the hosted company's organizational unit. For example, click OU=Contoso.
Click Add To List, select all the users, and then click Next.

The Modify Active Directory Users dialog box appears.
Click the Exchange General Continued tab, click to select the Set msExchQueryBaseDN to the following (type null to clear attribute) check box, click the hosted company's address list (not the Global Address List) in the list that appears, and then click Change.
Click Exit to quit the ADModify utility.
back to the top
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now