Cannot setup outlook without access to default GAL

Posted on 2008-10-16
Last Modified: 2012-05-05
I have created several Default Global Address Lists in Exchange 2007 SP1.  Let's say I have 3 total named 1,2 & 3.  Now let's say I have 3 security groups also named 1, 2, & 3.  All groups have been denied read and open address list rights to all other groups..... Including the Default Global Address List.

Now I want to setup Outlook using RPC over HTTPS.  I get an error stating "can not match name to user in global address list" (or something like that) and I can't setup outlook.  If I remove the DENY permissions from the Default Global Address List then I can setup Outlook BUT they can also see all users!

I want all users in each group to ONLY see their respective GAL & I don't want outlook to give me grief when trying to setup a profile for the first time.  

Any solutions?
Question by:damien1234
  • 5
  • 2
LVL 23

Accepted Solution

Justin Durrant earned 500 total points
ID: 22737568

Author Comment

ID: 22753174
I've tried this and it simply does not work!  No matter what I do I cannot setup a new Outlook profile without getting the message "The name cannot be matched to a name in the address list"

I tried this particular solution a few months ago and it didn't work.  I think I've read the instructions about 100 times, plus all supporting articles.  I feel extremely comfortable with my understanding of the documents but I can't help but feel there is something I'm missing....

Author Comment

ID: 22753263
Ok, here is a new thought but keep the following in mind:
1) I am trying to connect using RPC over HTTPS and consequently I use "Exchange in cached mode"
2) I know for a fact that I have a problem with my OAB distribution

Is it possible that the problem is has to due with OAB not functioning correctly?  I suppose the real question is "When initially connecting via RPC over HTTPS in cached mode does Outlook try to pull user info from the OAB instead of the GAL?"  Just a thought....
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.


Author Comment

ID: 22753651
During this whole process I lost my ability to see the GAL.  I reversed everything I did and my access was still gone.  I theorized that there was some cache in Exchange which might be causing this.  So I rebooted the Exchange server... no change... I waited a few hours and voila my access returned.  Maybe I'm just to impatient in expecting my results?  Maybe I should make all these changes and wait a good 3-4 hours before rendering judgement?
LVL 23

Expert Comment

by:Justin Durrant
ID: 22757406
Yea... it can take a bit for the GAL to regenerate.

Author Comment

ID: 22757710
So I tried a different method than you mentioned.  I simply denied access to the appropriate company GAL's so each company can only view their own.  The drawback to this is that each company can still see the title of the other 2 GAL's BUT they can't access them.  It's also more tedious to setup a 4th and 5th company.  The other method is much better overall if I could just get it to work.  I don't have time this weekend but the following I will.  I'll start out on Friday night and I should know if everything is working by Saturday morning.  If not I'll have time to fix it before the week starts.

BTW this alternate method did not work last night.... It of course works fine this morning.  I really wish I knew how long I had to wait.  

Anyway, I'll reward the points after I retry the method (for the third time) in two weeks.

Thank you very much!

Author Closing Comment

ID: 31506892
There were several factors at play which initially made this solution not work.  First was my test environment.  I was logged into a TS session with MY credentials and setup outlook with various users to access their own GAL's.  For some reason Outlook MUST have been passing on my own user credentials to exchange even when I was logging in as another user using RPC over HTTPS and Basic Authentication!  Lesson: login from a completely remote PC OR ONLY with that users credentials both in Windows and Outlook.  Second: Wait 24 hours for the GAL to be rebuilt before you come to any conclusions as to whether or not the solution works.  Three: DO NOT ADD ANYTHING TO THE ADDRESS BOOK ROOTS even though the instructions say so.  Yes, those same instructions do have a link regarding the issue.

Overall those instructions were exceptional.  And so was your help!  I doubt I ever would have waited for the GAL... I guess I'm just impatient!

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question