Solved

Cannot setup outlook without access to default GAL

Posted on 2008-10-16
7
424 Views
Last Modified: 2012-05-05
I have created several Default Global Address Lists in Exchange 2007 SP1.  Let's say I have 3 total named 1,2 & 3.  Now let's say I have 3 security groups also named 1, 2, & 3.  All groups have been denied read and open address list rights to all other groups..... Including the Default Global Address List.

Now I want to setup Outlook using RPC over HTTPS.  I get an error stating "can not match name to user in global address list" (or something like that) and I can't setup outlook.  If I remove the DENY permissions from the Default Global Address List then I can setup Outlook BUT they can also see all users!

I want all users in each group to ONLY see their respective GAL & I don't want outlook to give me grief when trying to setup a profile for the first time.  

Any solutions?
0
Comment
Question by:damien1234
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 23

Accepted Solution

by:
Justin Durrant earned 500 total points
ID: 22737568
0
 
LVL 1

Author Comment

by:damien1234
ID: 22753174
I've tried this and it simply does not work!  No matter what I do I cannot setup a new Outlook profile without getting the message "The name cannot be matched to a name in the address list"

I tried this particular solution a few months ago and it didn't work.  I think I've read the instructions about 100 times, plus all supporting articles.  I feel extremely comfortable with my understanding of the documents but I can't help but feel there is something I'm missing....
0
 
LVL 1

Author Comment

by:damien1234
ID: 22753263
Ok, here is a new thought but keep the following in mind:
1) I am trying to connect using RPC over HTTPS and consequently I use "Exchange in cached mode"
2) I know for a fact that I have a problem with my OAB distribution

Is it possible that the problem is has to due with OAB not functioning correctly?  I suppose the real question is "When initially connecting via RPC over HTTPS in cached mode does Outlook try to pull user info from the OAB instead of the GAL?"  Just a thought....
0
Office 365 Training for IT Pros

Learn how to provision Office 365 tenants, synchronize your on-premise Active Directory, and implement Single Sign-On.

 
LVL 1

Author Comment

by:damien1234
ID: 22753651
During this whole process I lost my ability to see the GAL.  I reversed everything I did and my access was still gone.  I theorized that there was some cache in Exchange which might be causing this.  So I rebooted the Exchange server... no change... I waited a few hours and voila my access returned.  Maybe I'm just to impatient in expecting my results?  Maybe I should make all these changes and wait a good 3-4 hours before rendering judgement?
0
 
LVL 23

Expert Comment

by:Justin Durrant
ID: 22757406
Yea... it can take a bit for the GAL to regenerate.
0
 
LVL 1

Author Comment

by:damien1234
ID: 22757710
So I tried a different method than you mentioned.  I simply denied access to the appropriate company GAL's so each company can only view their own.  The drawback to this is that each company can still see the title of the other 2 GAL's BUT they can't access them.  It's also more tedious to setup a 4th and 5th company.  The other method is much better overall if I could just get it to work.  I don't have time this weekend but the following I will.  I'll start out on Friday night and I should know if everything is working by Saturday morning.  If not I'll have time to fix it before the week starts.

BTW this alternate method did not work last night.... It of course works fine this morning.  I really wish I knew how long I had to wait.  

Anyway, I'll reward the points after I retry the method (for the third time) in two weeks.

Thank you very much!
0
 
LVL 1

Author Closing Comment

by:damien1234
ID: 31506892
There were several factors at play which initially made this solution not work.  First was my test environment.  I was logged into a TS session with MY credentials and setup outlook with various users to access their own GAL's.  For some reason Outlook MUST have been passing on my own user credentials to exchange even when I was logging in as another user using RPC over HTTPS and Basic Authentication!  Lesson: login from a completely remote PC OR ONLY with that users credentials both in Windows and Outlook.  Second: Wait 24 hours for the GAL to be rebuilt before you come to any conclusions as to whether or not the solution works.  Three: DO NOT ADD ANYTHING TO THE ADDRESS BOOK ROOTS even though the instructions say so.  Yes, those same instructions do have a link regarding the issue.

Overall those instructions were exceptional.  And so was your help!  I doubt I ever would have waited for the GAL... I guess I'm just impatient!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question