Global Address List permission
Hi, Im getting errors on the ms outlook when add new account. I'm getting "The name cannot be resolved. The bookmark is not valid. " I have tried this solution but I'm still having problem. http://support.microsoft.com/kb/948800/en-us. 1. Does anybody know what is the Default permission in the GAL , because I see DENY in the List.Can you guys give me the default setting for it? 2. In the list in shows <not inherited> , is this normal ? What should I do to solve this problem? Please help Thanks & Regards Sri
September 26th, 2008 6:52pm
Dear customer:
In order to better troubleshoot the issue, please collect the following information:
1. What are your Exchange version and SP infromation?
2. open adsiedut.msc tool, navigate to the following location, right click CN=default global address list, select properties, click security tab, send the screenshot of it to v-rocwan@microsoft.com for analyze.
CN=configuration,DC=domain,DC=com,
CN=services,
CN=Microsoft Exchange
CN=ORG_NAME
CN=Address lists container
CN=All global address lists
CN=default global address list
3. In the list in shows <not inherited>, send the screenshot of it to me.
In addition, you can try the steps in the following article to fix the issue, and check the effect.
Access is Denied When Users Access Global Address List in Microsoft Exchange Server 2007 Outlook Web Access
http://support.microsoft.com/kb/944334/en-us
Note: when you send e-mail to me, please attach the subject of the post.
Hope it helps. If anything is unclear, please feel free to let me know.
Rock Wang - MSFT
Free Windows Admin Tool Kit Click here and download it now
September 28th, 2008 6:46am
Dear customer:
Since your screenshots is too small to view. Please logon local Exchange server 2003, open adsiedut.msc tool, navigate to the following location, right click CN=default global address list, select properties, click security tab, send the screenshot of it to v-rocwan@microsoft.com for analyze.
Note: when you send e-mail to me, please attach the subject of the post.
Thanks for your cooperation.
Rock Wang - MSFT
October 7th, 2008 11:58am
Dear customer:
You can try the following steps to fix the issue:
1. Open Exchange System Manager (ESM).
2. Expand Recipients
3. Expand the All Address Lists container
4. Right-click the appropriate Address List, and then click Properties
5. Click the Security tab.
6. Verify the account (or a group that the account is a member of) has permissions including Read, Execute, Read permissions, List contents, Read properties, List Object, and Open Address List.
7. Verify there are no denies on Open Address List that would affect this account being used to access the Address List.
8. Save any changes.
9. Navigate to Recipients, and All Global Address Lists.
10. Right-click the appropriate Global Address List, and then click Properties.
11. Click the Security tab.
12. Verify the account (or a group that the account is a member of) has permissions including Read, Execute, Read permissions, List contents, Read properties, List Object, and Open Address List.
13. Verify there are no denies on Open Address List that would affect this account being used to access the Address List.
14. Save any changes.
15. If changes were made, replicate between Domain Controllers (DCs), if there are multiple DCs.
16. Check the effect.
Hope it help.
Rock Wang - MSFT
Free Windows Admin Tool Kit Click here and download it now
October 9th, 2008 11:24am
Hi,
I have tried this but it doesnt seem to solve the problem. Is there any other solution ?
Is there anyway to reset back the GAL permission to default ? What will happen if click on the Default button in the Advanced Security tab.
Can anybody explain on the <not inherited> that exist in the Advanced Security list ?
Im still getting the <bookmark is not valid > error in the client machine from MS Outlook 2003
Thanks & Regards
Sri
October 9th, 2008 7:23pm
Dear customer:
In order to better troubleshoot the issue, please help collect the following information:
1. because I see DENY in the List, however, I dont find any DENY permission in the screenshot that you sent to me, please check it carefully and send the screenshot of the DENY permission to me for analyze.
2. What version is your Exchange server? What about SP information?
3. Did all users encounter the same issue? try another user with Outlook 2003. and check the effect. Please let me know the result.
4. Check whether you can access GAL from OWA?
5. Open ADSIEDIT.MSC tool, navigate to the problematic user, right click it and select properties, click attribute editor tab, select proxyAddresses and showinadderssbook attribute separately, and send the screenshot of them to me.
6. Restart Exchange and Global Catalog server, and check the effect.
7. Open ESM, navigate to recipients update services, right click recipients update services(domain) and recipients update services(enterprise) separately, select update now, and then try to restart Exchange System Attendant service, check the effect.
Hope it helps. If anything is unclear, please feel free to let me know.
Note: when you send e-mail to me, please let me know the subject of the post.
Rock Wang - MSFT
Free Windows Admin Tool Kit Click here and download it now
October 13th, 2008 2:11pm