netmaster3620
asked on
New Users not in Global Address List
We recently upgraded from Microsoft Exchange 2003 to Exchange 2007. After migrating all of the mailboxes and public folders we successfully brought the Exchange 2003 server offline.
The problem started when we needed to add new users to the system. I have performed some troubleshooting and here is what I found.
1. If user's AD account is added through Active Directory Users and Computers and the users mailbox is setup using the Exchange 2007 Management Console the user does not show up in the Global Address List.
2. If the user's AD account and Mailbox are created through the Exchange Management Console the user is successfully added to the Global Address List.
The Exchange 2003 Management Tools have been removed from Active Directory Users and Computers on the machine that we used for the tests.
On another note, we needed to bring the Public Folder Store on our Exchange 2003 server because Free/Busy Data was not being shown on Outlook 2003 Clients. The Message Store is still offline.
The problem started when we needed to add new users to the system. I have performed some troubleshooting and here is what I found.
1. If user's AD account is added through Active Directory Users and Computers and the users mailbox is setup using the Exchange 2007 Management Console the user does not show up in the Global Address List.
2. If the user's AD account and Mailbox are created through the Exchange Management Console the user is successfully added to the Global Address List.
The Exchange 2003 Management Tools have been removed from Active Directory Users and Computers on the machine that we used for the tests.
On another note, we needed to bring the Public Folder Store on our Exchange 2003 server because Free/Busy Data was not being shown on Outlook 2003 Clients. The Message Store is still offline.
Andres Perales
Population of the GAL is not alway instantaneous can take up to 15 minutes for some accounts to populate...just as a guideline...so are you saying accounts created using step 1 above don't ever get populated?
ASKER
Yes, that is definetly the case. I created 3 accounts yesterday.
The following test accounts were added using ADUC. The mailboxes were added using Ex2K7 Management Console
Linus Torvalds
Bill Gates
The following user's AD account and Mailbox was added using the Ex2K7 Management Console.
Steven Jobs
Steve's account showed up in the GAL immediately while the other accounts are still not showing up. We originally noticed this after some accounts that we created earlier in the week did not show up. They are still not there.
We would use the Ex2K7 Management Console to create the accounts however we use a template and users cannot be created from templates in the Ex2K7 Management Console. This feature is only available in the Ex2K7 Management Shell. There are also many other AD options that are not available through this tool.
The following test accounts were added using ADUC. The mailboxes were added using Ex2K7 Management Console
Linus Torvalds
Bill Gates
The following user's AD account and Mailbox was added using the Ex2K7 Management Console.
Steven Jobs
Steve's account showed up in the GAL immediately while the other accounts are still not showing up. We originally noticed this after some accounts that we created earlier in the week did not show up. They are still not there.
We would use the Ex2K7 Management Console to create the accounts however we use a template and users cannot be created from templates in the Ex2K7 Management Console. This feature is only available in the Ex2K7 Management Shell. There are also many other AD options that are not available through this tool.
Do you have teh OAB, Mailbox Roels etc pointed at the correct domain controllers?
By any chance also, are the users "Hidden"?
Pointed to the domain controller acting as the GC
ASKER
Q: By any chance also, are the users "Hidden"?
A: The users are not hidden.
Q: Do you have teh OAB, Mailbox Roels etc pointed at the correct domain controllers?
Where exactly would we find this information. When we setup Exchange 2007 we originally had it coexisting with Exchange 2003. Once the migration was complete we reassigned the recipient update service, removed public folder replication, and reconfigured the send connectors so they no longer funneled mail through the Exchange 2003 server. I am almost 100% positive that the 2007 server is pointing towards one of our GC DC's I am unsure as to where to go and look.
A: The users are not hidden.
Q: Do you have teh OAB, Mailbox Roels etc pointed at the correct domain controllers?
Where exactly would we find this information. When we setup Exchange 2007 we originally had it coexisting with Exchange 2003. Once the migration was complete we reassigned the recipient update service, removed public folder replication, and reconfigured the send connectors so they no longer funneled mail through the Exchange 2003 server. I am almost 100% positive that the 2007 server is pointing towards one of our GC DC's I am unsure as to where to go and look.
Open the Management Console
Expand Client Settings
Select Mailbox
Right click on the Server - Select Properties.
Click the System Settings Tab
Expand Client Settings
Select Mailbox
Right click on the Server - Select Properties.
Click the System Settings Tab
ASKER
There are 3 Domain Controllers listed and one of which is the old Exchange server. Under the Global Catalog Servers there are 2 servers listed and one of the is also the old exchange server. That system is till acting as a AD DC.
Any replication issues among the 3 servers?
Are there any errors in the event logs?
ASKER
I have done some additional troubleshooting and I found some issues.
1. I noticed that I was unable to edit the "Default Policy" under Organization Configuration > Hub Transport > E-mail Address Policies. To correct this I went to the Exchange 2003 server and browsed to Recipients > Recipient Policies. I right clicked on the default policy and Default Policy and selected Change Property Pages. On the screen that appeared I unchecked Mailbox Manager Settings and clicked OK.
This allowed me to run the following command:
Set-EmailAddressPolicy "Default Policy" -IncludedRecipients AllRecipients
Once this was done I applied the policy to all of the mailboxes. Most of the users showed up in the Global Address List. In order to correct the accounts that did not still show up I disabled their mailbox, cleaned the database, and then re-connected the mailbox.
2. Here is where we are still having issues. In order to ensure that everything was working properly I created a new account names ITS Geek through ADUC. I then added the mailbox using the Exch2K7 Management Console, waited a while and then looked to see if the user was listed in the GAL. Unfortunately the user was not.
I then had to apply the Default Policy to all of the mailboxes, remove the ITS Geek mailbox, clean the SG Database, and re-connect the mailbox. The user was then in the Global Address List.
IT looks like the Default Policy is not being applied when the mailboxes are created for existing users.
Is there any way to fix this? I am assuming that there must be a setting somewhere that will correct this issue.
Thank you in advance for your assistance.
1. I noticed that I was unable to edit the "Default Policy" under Organization Configuration > Hub Transport > E-mail Address Policies. To correct this I went to the Exchange 2003 server and browsed to Recipients > Recipient Policies. I right clicked on the default policy and Default Policy and selected Change Property Pages. On the screen that appeared I unchecked Mailbox Manager Settings and clicked OK.
This allowed me to run the following command:
Set-EmailAddressPolicy "Default Policy" -IncludedRecipients AllRecipients
Once this was done I applied the policy to all of the mailboxes. Most of the users showed up in the Global Address List. In order to correct the accounts that did not still show up I disabled their mailbox, cleaned the database, and then re-connected the mailbox.
2. Here is where we are still having issues. In order to ensure that everything was working properly I created a new account names ITS Geek through ADUC. I then added the mailbox using the Exch2K7 Management Console, waited a while and then looked to see if the user was listed in the GAL. Unfortunately the user was not.
I then had to apply the Default Policy to all of the mailboxes, remove the ITS Geek mailbox, clean the SG Database, and re-connect the mailbox. The user was then in the Global Address List.
IT looks like the Default Policy is not being applied when the mailboxes are created for existing users.
Is there any way to fix this? I am assuming that there must be a setting somewhere that will correct this issue.
Thank you in advance for your assistance.
ASKER
To answer your questions.
Q: Any replication issues among the 3 servers?
Replication between the systems is working fine. There are no replication errors in the event logs that would indicate a problem with replication.
Q: Any replication issues among the 3 servers?
Replication between the systems is working fine. There are no replication errors in the event logs that would indicate a problem with replication.
ASKER
Update on Troubleshooting.
Here are the steps that I need to be performed if a user is added using ADUC.
1. Create the account using Active Directory Users and Computers.
2. Wait for replication or force replication to occur.
3. Create a New Mailbox in the Exch2k7 Management Console.
3. Wait for replication or force replication to occur.
4. Disable the users mailbox.
5. Clean the Storage Group Database.
6. Re-Connect the users Mailbox
If these steps are followed the user will be listed in the Global Address List.
Steps 4 - 6 should not have to be performed in order for the user to show up in the GAL.
Any ideas as to why this is occurring?
Thank you,
Here are the steps that I need to be performed if a user is added using ADUC.
1. Create the account using Active Directory Users and Computers.
2. Wait for replication or force replication to occur.
3. Create a New Mailbox in the Exch2k7 Management Console.
3. Wait for replication or force replication to occur.
4. Disable the users mailbox.
5. Clean the Storage Group Database.
6. Re-Connect the users Mailbox
If these steps are followed the user will be listed in the Global Address List.
Steps 4 - 6 should not have to be performed in order for the user to show up in the GAL.
Any ideas as to why this is occurring?
Thank you,
What do you mean by Clean the Storage Group Database? Are you running eseutil?
There should be no reason you would have to do any of the steps 4-6.
There should be no reason you would have to do any of the steps 4-6.
ASKER
I run the following command so that the disabled mailboxes will show up under Disconnected Mailboxes.
Clean-MailboxDatabase "Mailbox-Database"
This way we do not have to wait for the scheduled cleanups.
Clean-MailboxDatabase "Mailbox-Database"
This way we do not have to wait for the scheduled cleanups.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have performed additional troubleshooting.
I wanted to make sure that this issue was not being caused by the Offline Address book in Exchange 2007. I saw lots of references to this issue when I was scouring the web for solutions.
I modified the Offline Address book and Enabled Web Based Distribution alongside Public Folder Distribution which was already enabled. I then Updated the Offline Address Book.
Once this was done I created a user in A.D.U.C and created a new mailbox and attached it to that user in the Exch2k7 Management Console.
I still encountered the same issue.
If I remove the mailbox and clean the database I am not seeing it in the list of Disconnected Mailboxes. I then have to Add a new mailbox to the user account a second time and the user shows up un the Global Address List.
I wanted to make sure that this issue was not being caused by the Offline Address book in Exchange 2007. I saw lots of references to this issue when I was scouring the web for solutions.
I modified the Offline Address book and Enabled Web Based Distribution alongside Public Folder Distribution which was already enabled. I then Updated the Offline Address Book.
Once this was done I created a user in A.D.U.C and created a new mailbox and attached it to that user in the Exch2k7 Management Console.
I still encountered the same issue.
If I remove the mailbox and clean the database I am not seeing it in the list of Disconnected Mailboxes. I then have to Add a new mailbox to the user account a second time and the user shows up un the Global Address List.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have been searching for a solution to this problem for quite a number of hours now and this post is a blessing!
Fantastic solution.
Chris,
Fantastic solution.
Chris,
this is the command i had to check the versions:
Get-AddressList | Format-List Name,*RecipientFilter*,Exc
Get-GlobalAddressList | Format-List Name,*RecipientFilter*,Exc
Get-EmailAddressPolicy | where {$_.RecipientFilterType -eq “Legacy”}
then this to upgrade Global:
Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistribution
Get-AddressList | Format-List Name,*RecipientFilter*,Exc
Get-GlobalAddressList | Format-List Name,*RecipientFilter*,Exc
Get-EmailAddressPolicy | where {$_.RecipientFilterType -eq “Legacy”}
then this to upgrade Global:
Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistribution