Cannot setup outlook without access to default GAL

Posted on 2008-10-16
Last Modified: 2012-05-05
I have created several Default Global Address Lists in Exchange 2007 SP1.  Let's say I have 3 total named 1,2 & 3.  Now let's say I have 3 security groups also named 1, 2, & 3.  All groups have been denied read and open address list rights to all other groups..... Including the Default Global Address List.

Now I want to setup Outlook using RPC over HTTPS.  I get an error stating "can not match name to user in global address list" (or something like that) and I can't setup outlook.  If I remove the DENY permissions from the Default Global Address List then I can setup Outlook BUT they can also see all users!

I want all users in each group to ONLY see their respective GAL & I don't want outlook to give me grief when trying to setup a profile for the first time.  

Any solutions?
Question by:damien1234
  • 5
  • 2
LVL 23

Accepted Solution

Justin Durrant earned 500 total points
ID: 22737568

Author Comment

ID: 22753174
I've tried this and it simply does not work!  No matter what I do I cannot setup a new Outlook profile without getting the message "The name cannot be matched to a name in the address list"

I tried this particular solution a few months ago and it didn't work.  I think I've read the instructions about 100 times, plus all supporting articles.  I feel extremely comfortable with my understanding of the documents but I can't help but feel there is something I'm missing....

Author Comment

ID: 22753263
Ok, here is a new thought but keep the following in mind:
1) I am trying to connect using RPC over HTTPS and consequently I use "Exchange in cached mode"
2) I know for a fact that I have a problem with my OAB distribution

Is it possible that the problem is has to due with OAB not functioning correctly?  I suppose the real question is "When initially connecting via RPC over HTTPS in cached mode does Outlook try to pull user info from the OAB instead of the GAL?"  Just a thought....
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.


Author Comment

ID: 22753651
During this whole process I lost my ability to see the GAL.  I reversed everything I did and my access was still gone.  I theorized that there was some cache in Exchange which might be causing this.  So I rebooted the Exchange server... no change... I waited a few hours and voila my access returned.  Maybe I'm just to impatient in expecting my results?  Maybe I should make all these changes and wait a good 3-4 hours before rendering judgement?
LVL 23

Expert Comment

by:Justin Durrant
ID: 22757406
Yea... it can take a bit for the GAL to regenerate.

Author Comment

ID: 22757710
So I tried a different method than you mentioned.  I simply denied access to the appropriate company GAL's so each company can only view their own.  The drawback to this is that each company can still see the title of the other 2 GAL's BUT they can't access them.  It's also more tedious to setup a 4th and 5th company.  The other method is much better overall if I could just get it to work.  I don't have time this weekend but the following I will.  I'll start out on Friday night and I should know if everything is working by Saturday morning.  If not I'll have time to fix it before the week starts.

BTW this alternate method did not work last night.... It of course works fine this morning.  I really wish I knew how long I had to wait.  

Anyway, I'll reward the points after I retry the method (for the third time) in two weeks.

Thank you very much!

Author Closing Comment

ID: 31506892
There were several factors at play which initially made this solution not work.  First was my test environment.  I was logged into a TS session with MY credentials and setup outlook with various users to access their own GAL's.  For some reason Outlook MUST have been passing on my own user credentials to exchange even when I was logging in as another user using RPC over HTTPS and Basic Authentication!  Lesson: login from a completely remote PC OR ONLY with that users credentials both in Windows and Outlook.  Second: Wait 24 hours for the GAL to be rebuilt before you come to any conclusions as to whether or not the solution works.  Three: DO NOT ADD ANYTHING TO THE ADDRESS BOOK ROOTS even though the instructions say so.  Yes, those same instructions do have a link regarding the issue.

Overall those instructions were exceptional.  And so was your help!  I doubt I ever would have waited for the GAL... I guess I'm just impatient!

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't know how to downgrade, my instructions below should be helpful.
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now