[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3872
  • Last Modified:

Exchange 2010: The action cannot be completed. the name cannot be matched to a name in the address list.

Hello -

Running Exchange 2010 SP1. At random about a week ago, we've been unable to add any new Outlook profiles. When we do, we get the error listed in the title: The action cannot be completed. the name cannot be matched to a name in the address list.

error message
After hours of searching, all the 'usual suspects' are turning up empty (typically showinaddressbook attribute, check/uncheck 'hide from GAL', etc...). I'm just flat out of ideas here - this issue is across the board (all accounts) rather than just one or two. Please help! Even some suggestions on where to look or how to debug this would be something!
0
jmichaelpalermo4
Asked:
jmichaelpalermo4
  • 7
  • 5
  • 2
1 Solution
 
Gerald26Commented:
Can you use ADSIEDIT.MSC and browse Configuration, services, Microsoft Exchange
Right click it and display properties
Check adressbookroots. how many lines are there ?
0
 
jmichaelpalermo4Author Commented:
Just one - CN=All Address Lists,CN=Address Lists Container,...<rest of domain info here>
0
 
Gerald26Commented:
I was looking for solutions and found the following KV, have you checked it before ?

Troubleshooting Check Name errors
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Gerald26Commented:
KB of course, not KV !
0
 
jmichaelpalermo4Author Commented:
That's a good article to work through, although it is for earlier versions of Exchange. I'll check into it and report back.
0
 
mwadminCommented:
If you are running more than one DC (and don't we all), also verify that AD replication is working 100%.
0
 
jmichaelpalermo4Author Commented:
MWAdmin - what are your thoughts on that? How could an AD Replication issue cause this?
0
 
Gerald26Commented:
Because Exchange server will search for an object in AD/GC when validating a mapi profile.
This can be a problem in case of replication error.

a simple repadmin /replsummary will give you the informations about a bad synchronization.
0
 
mwadminCommented:
I have also had similar issues to you caused by a DC not replicating due to a bad disk. As posted by gerald26 a simple repadmin /replsummary will provide the information. If you are using win2k3 DC's use replmon.

Thanks
0
 
jmichaelpalermo4Author Commented:
I've run through the "Troubleshooting Check Name errors" document posed by Gerald26 to no avail. One item of note: there's a step in the document that says:

If Ldp.exe reports that there are "no children," the Global Address List object may not have the appropriate permissions. A user must be able to see at least one Global Address List object and its members.

When I browsed the tree using LDP.exe (a new tool for me), it did show "No Children" under the global address list object. However, I checked the user's permissions to the GAL (using adsiedit.msc...NOT a new tool for me) and it seems like everything is set okay.

Any ideas of next steps on this? I'd really love to see if I could debug or somehow watch what Exchange is doing when trying to authenticate the user. Then I could see where the permissions failure (or something else) was occurring.

Please - I'm all ears!
0
 
Gerald26Commented:
LDP is a bit raw and tricky to use, you might have made a lil mistake using it.
I see you want to go deeper, Lets try again differently and confirm user can not browse the address list and even list its attributes.

First, please confirm that user has good rights set on "list content" security of GAL
As a domain admin, use ADSIEDIT and jump on GAL,  check property, Security, ADVANCED Parameters, Effective Permission. Select user, and check the result displays that List Content Checkbox is checked.



Now we are sure that the user can see it, there is no reason you have 'no children error'

Lets make it appear :

I think you have copied/pasted the values of addresslist in showInAddressBook attribute of a test user in a notepad, dont close it.

We are going to use DSQUERY command to check it out. To make it simple, we will need to have full LOCAL admin rights on a member server, but just standard user rights in AD (because i don't know if DStools can be installed or launched from a 7 client)

Step 1: Add user to LOCAL administrators group on a MEMBER server
Step 2: Login with this user on this member server
Step 3: open a dos prompt and copy tools from a dc to a temporary folder

mkdir c:\temp
xcopy \\dcname\c$\windows\system32\ds*.* c:\Temp\DSTools\
cd c:\temp\dstools
c:

Let's say the GAL you found in user attribut is CN=Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=organisation,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local

Step 4 : you will want to type this command:

dsquery * "CN=Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=organisation,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local" -attr *

Open in new window


note the quotes " " because there are spaces in path, note the * after DSquery and -attr to get all attributes
Note that you must change dc=domain,dc=local and also CN=organisation

Repeat with all addresslist found in showInAddressBook user attibute

Step 5: remove user from administrators group on MEMBER server and clean temp


Step 6 : comment the result

Sorry if I detail too much, this might be useless, but before going farther and farther, we must be 100% sure about security.


PS: I know there might be quicker ways to do it but this one works :p
0
 
jmichaelpalermo4Author Commented:
Gerald26 - sorry for the delay. I have yet to go through the process you've outlined (our accounts are locked down via GPO for all the member servers, so it's going to take some time to do that). I will be doing that shortly. Some more information for you to ponder while I figure this out --

1. We're running the Exchange server for multiple groups (creating multiple address lists / GALs).
2. The lookup succeeds for at least one of the groups of addresses, but not others
3. The Exchange accounts can be added internally without an issue for all address lists, but not through Outlook Anywhere (how most our accounts are supported).

How does Exchange sift through the address lists to find an address? How is the process different for Outlook Anywhere clients?

I know these are some "deep understanding of Exchange" questions...
0
 
jmichaelpalermo4Author Commented:
This issue mysteriously resolved itself. Seems to be related to something on the Outlook client side rather than the server...I'll update this post if I find anything else.
0
 
jmichaelpalermo4Author Commented:
Mysteriously resolved...
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 7
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now