cisco_idiot
asked on
Exchange 2010 OAB distribution list missing members - and not able to delete groups.
On our exchange 2010 server our address book is acting a bit strange. for our accounting group only one name will show up when I expand it. I have checked the distribution group in both active directory and in the ESM and all members are included there.
I have tried running the command update-offlineaddressbook in the shell and then restarted the microsft exchange file distributution service but the group still does not expand to more than one person.
a couple of things that may help informational wise.
when I run the command "get-addresslist | fl" it runs with no errors but all entries have:
WhenChanged : 10/11/2009 10:03:09 PM
WhenCreated : 8/10/2005 1:13:14 PM
WhenChangedUTC : 10/12/2009 5:03:09 AM
WhenCreatedUTC : 8/10/2005 8:13:14 PM
which is not good since this is way before exchange was ever installed.
Also when I try and just delete the group and try to recreate it I get the following (not sure if this is related But I see it being a problem in the future).
--------------------------
Microsoft Exchange Error
--------------------------
Action 'Remove' could not be performed on object 'accounting'.
accounting
Failed
Error:
Active Directory operation failed on domain.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151CAD, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
and finally if I just add a new group I can expand it and everything is fine I can add and remove members and things show up as they should but I can't delete the group in EMC.
If I delete accounting in active directory then readd it through active directory or EMC it still only shows one user. (looking at this user he does not have an accounting@domain.com smtp address)
I have tried running the command update-offlineaddressbook in the shell and then restarted the microsft exchange file distributution service but the group still does not expand to more than one person.
a couple of things that may help informational wise.
when I run the command "get-addresslist | fl" it runs with no errors but all entries have:
WhenChanged : 10/11/2009 10:03:09 PM
WhenCreated : 8/10/2005 1:13:14 PM
WhenChangedUTC : 10/12/2009 5:03:09 AM
WhenCreatedUTC : 8/10/2005 8:13:14 PM
which is not good since this is way before exchange was ever installed.
Also when I try and just delete the group and try to recreate it I get the following (not sure if this is related But I see it being a problem in the future).
--------------------------
Microsoft Exchange Error
--------------------------
Action 'Remove' could not be performed on object 'accounting'.
accounting
Failed
Error:
Active Directory operation failed on domain.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151CAD, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
and finally if I just add a new group I can expand it and everything is fine I can add and remove members and things show up as they should but I can't delete the group in EMC.
If I delete accounting in active directory then readd it through active directory or EMC it still only shows one user. (looking at this user he does not have an accounting@domain.com smtp address)
ASKER
oh and also have changed this mailbox to a universal group with no change.
ASKER
when running get-distributiongroupmembe
in OWA when I double click on the accounting name it also shows only one member.
in OWA when I double click on the accounting name it also shows only one member.
ok, this means we have two objects with the name accounting
run get-distributiongroup *account* and get-mailbox *account*
run get-distributiongroup *account* and get-mailbox *account*
sorry i should have added
get-distributiongroup *account* | fl name,hid*
get-mailbox *account* | fl name,hid*
get-distributiongroup *account* | fl name,hid*
get-mailbox *account* | fl name,hid*
ASKER
[PS] C:\Windows\system32>get-di
Name : accounting
HiddenFromAddressListsEnab
[PS] C:\Windows\system32>get-ma
Name : uk-accounts
HiddenFromAddressListsEnab
and of course uk-accounts is not associated with accounting at all.
Name : accounting
HiddenFromAddressListsEnab
[PS] C:\Windows\system32>get-ma
Name : uk-accounts
HiddenFromAddressListsEnab
and of course uk-accounts is not associated with accounting at all.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Went through the reading and made sure that everything had the ability to read the member list (even changed the hideDLMembership to false instead of <not set>) but still have the same issues.
everything appears to be inherited so it should act the same for everyone but other groups do show up.
after saying that I expanded other dist groups that the missing people are in and they do not show up for them either. (now to tracking down users properties but any help would still be appreciated.)
everything appears to be inherited so it should act the same for everyone but other groups do show up.
after saying that I expanded other dist groups that the missing people are in and they do not show up for them either. (now to tracking down users properties but any help would still be appreciated.)
are those users hidden from the address book
get-mailbox user | fl hid*
get-mailbox user | fl hid*
ASKER
ok easy solution after going through the whole mess. all users had the attibute "Hide from Exchange address lists" in the general tab of the users' properties in EMC. unchecked and it all is good again.
thanks endital for helping me find the way through the maze.
thanks endital for helping me find the way through the maze.
ASKER
excellent.
get-distributiongroupmembe
if you look at the group in owa, are all the members present