Can't see new GAL
- Server 2003 Standard/Exchange 2003 Standard
Outlook 2007
I have a request from the Accounting head in my location to publish 40 distribution lists for the accounting department to use. All members of these DL's are external to the organization so I will be creating about 100 or so new contacts. I know that I can create the new Contacts, add them to the DL, and then hide them from the GAL, but I would also like to hide the DLs from the GAL.
To get around this I have created a new GAL to test with complete with a different LDAP query. The Preview works fine as all of the test DLs that I have created are not visible. For testing purposes I denied my user account Open Address List permissions on the Default Global Address List and explicitly permitted my user account on the new Test GAL. I have added the new Test GAL to the Default Offline Address List. I have rebuilt the RUS as well as the Default Offline Address List and exited Outlook but the new Test GAL is not visible. To top it off I still am able to open the Default GAL which I shouldn't since I denied myself Open Address List rights. I have also logged off and logged back on.
I use my Outlook client in Cached mode. When I change it to be used Online, then the correct GAL is shown. When I change it back to cached mode the incorrect GAL is shown. I've deleted all .oab files in my local profile and then opened Outlook in cached mode and the correct GAL is shown. Once I download the address book the incorrect information is shown.
What am I missing here??
All Replies
- Ok, I went through and deleted the Default Offline Address Book and the Default Global Address List and created new ones. I waited a day for the maintenenace process to work. The new Offline Address Book was created. When I log open Outlook without cached mode it works fine, but when I put it back in cached mode the old OAB gets downloaded. Where in the world is this info coming from??
- Address List Segregation is not supported in 2003:
http://blogs.msdn.com/dgoldman/archive/2008/02/17/exchange-2007-address-list-segregation-document-updates.aspx
Exchange 2003 / 2007 Address List Segregation Document - Updates!! - On Sat, 31-Oct-09 19:57:21 GMT, unclerico wrote:
>Ok, I went through and deleted the Default Offline Address Book and the Default Global Address List and created new ones. I waited a day for the maintenenace process to work. The new Offline Address Book was created. When I log open Outlook without cached mode it works fine, but when I put it back in cached mode the old OAB gets downloaded. Where in the world is this info coming from??
Exchange 2003? It comes from one of the OAB ssytem folders. If you
our client is accessing
a replica that isn't receiving updates?
I'm not sure I understand what you expect the OAB to look like,
though. The OAB isn't created using YOUR credentials so it'll only
contain whatever the system account can access. And, if the system
account can access that TEST address list then everyone should see the
TEST address list in the OAB.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP - Hi,
Please restart the Microsoft System Attendant service, then rebuild Default Offline Address Book, then download the OAB again on the Outlook client. After that, please check this issue again.
Thanks
Allen On Sat, 31-Oct-09 19:57:21 GMT, unclerico wrote:
>Ok, I went through and deleted the Default Offline Address Book and the Default Global Address List and created new ones. I waited a day for the maintenenace process to work. The new Offline Address Book was created. When I log open Outlook without cached mode it works fine, but when I put it back in cached mode the old OAB gets downloaded. Where in the world is this info coming from??
Exchange 2003? It comes from one of the OAB ssytem folders. If you
our client is accessing
a replica that isn't receiving updates?
I'm not sure I understand what you expect the OAB to look like,
though. The OAB isn't created using YOUR credentials so it'll only
contain whatever the system account can access. And, if the system
account can access that TEST address list then everyone should see the
TEST address list in the OAB.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
It uses the System credentials?? I guess I assumed that when my Outlook client would initiate the OAB download that it would check my credentials and download the OAB that I have permissions for and if there was no OAB that I had permissions for it would error out just as it does when you don't have permissions for an online address book.- On Mon, 2-Nov-09 17:27:34 GMT, unclerico wrote:
client is accessinga replica that isn't receiving updates?I'm not sure I understand what you expect the OAB to look like,though. The OAB isn't created using YOUR credentials so it'll onlycontain whatever the system account can access. And, if the systemaccount can access that TEST address list then everyone should see theTEST address list in the OAB.---Rich MatheisenMCSE+I, Exchange MVP
>--- Rich Matheisen MCSE+I, Exchange MVPIt uses the System credentials?? I guess I assumed that when my Outlook client would initiate the OAB download that it would check my credentials and download the OAB that I have permissions for and if there was no OAB that I had permissions for it would error out just as it does when you don't have permissions for an online address book.
If the OAB isn't the one that's the default for the mailbox database
you'll have to use "set-mailbox" and the "-OfflineAddressBook"
parameter to have another OAB downloaded.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP On Mon, 2-Nov-09 17:27:34 GMT, unclerico wrote:
client is accessinga replica that isn't receiving updates?I'm not sure I understand what you expect the OAB to look like,though. The OAB isn't created using YOUR credentials so it'll onlycontain whatever the system account can access. And, if the systemaccount can access that TEST address list then everyone should see theTEST address list in the OAB.---Rich MatheisenMCSE+I, Exchange MVP
>--- Rich Matheisen MCSE+I, Exchange MVPIt uses the System credentials?? I guess I assumed that when my Outlook client would initiate the OAB download that it would check my credentials and download the OAB that I have permissions for and if there was no OAB that I had permissions for it would error out just as it does when you don't have permissions for an online address book.
If the OAB isn't the one that's the default for the mailbox database
you'll have to use "set-mailbox" and the "-OfflineAddressBook"
parameter to have another OAB downloaded.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Rich,
Thanks again for replying. Just to re-iterate what I've done:
- Created two GALs; All Users GAL and Accounting GAL
- The All Users GAL has the Accounting security group with Deny Open Address List and the Accounting GAL has Authenticated Users removed from the ACL and Allow Open Address List, List Contents, Read rights for the Accounting security group
- The Default Offline Address Book has been deleted and a new one labeled Global OAB has been created. The Global OAB has both the All Users GAL as well as the Accounting GAL in the Address Lists area
- The Global OAB has been added to the Mailbox Store as the Offline Address List
In this scenario which OAB is the default?? I hope I'm making sense. Thanks.- On Tue, 3-Nov-09 13:24:40 GMT, unclerico wrote:
? I guess I assumed that when my Outlook client would initiate the OAB download that it would check my credentials and download the OAB that I have permissions for and if there was no OAB that I had permissions for it would error out just as it does when you don't have permissions for an online address book. If the OAB isn't the one that's the default for the mailbox databaseyou'll have to use "set-mailbox" and the "-OfflineAddressBook"parameter to have another OAB downloaded.---Rich
>MatheisenMCSE+I, Exchange MVP
he Global OAB has both the All Users GAL as well as the Accounting GAL in the Address Lists area- The Global OAB has been added to the Mailbox Store as the Offline Address ListIn this scenario which OAB is the default?? I hope I'm making sense. Thanks.
You only have one OAB named "Global OAB". That OAB includes two
address lists. I'm not sure why you think it isn't the default OAB.
The address lists within the OAB aren't ACLed.
I think, too, that deleting the default OAB you may be causing some
problems. Dave Goldman's blog on OABs is probably a good place to go
to see if that's true:
http://blogs.msdn.com/dgoldman/
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
