|
On
my lab (which is stock) Exchange servers, there are checkboxes checked for both
“Everyone” and for “Authenticated Users”. They are both
“special” but basically give “read” and “list
contents”. Did
you go into “Advanced” and ensure that “Allow inheritable…”
is checked? If
so, I’m out of ideas and would recommend a call to PSS. I’ve
seen this more than once before and recovered from it, but apparently my memory
isn’t dumping to my fingers very well today. From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Yes,
I did that already but forgot to mention it. I didnot see any deny permissions.
I gave Authenticated users read permission, as well as the Everyone
group. When
I look in another Exchange Organization I manage I dont see that this is
necessary, the Authenticated users and Everyone group dont have any
rights there, I mean none of the checkboxes on the security tab are
checked for those people. From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith Good.
So, can you right click on “Address Lists Container” in the left
pane and blow the permissions down? (Don’t touch the right-side before
trying!) From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Good
point. I will clarify things. If I navigate on the left side to
"CN=Configuration,CN=Services,CN=Microsoft
Exchange,CN=Domain,CN=AddressListContainer" from within Adsi Edit, I see
only two 'folders' on the left side: -
CN=Offline Address List -
CN=Recipient Update Services I
should see two more 'folders' there in my opinion, that is the CN=All Address
Lists folder and the CN=All Globall Address Lists folder. I
dont see the All Address Lists and the All Globall Address List 'folders' on
the LEFT side but on the RIGHT side I see the following 'files' (not
directories): -
CN=All Address Lists -
CN=All Globall Address Lists (I
cant request properties from either of those two). Cheers, Victor From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith This
may sound silly (and in a way, it is), but try accessing them a little
differently. Open
adsiedit.msc and drill down ONLY USING THE TREE IN THE LEFT PANE OF THE WINDOW. Right-click
on “All Address Lists” IN THE LEFT PANE and open Properties and go
to the Security tab and see if you can make your changes. Similarly for
“All Global Address Lists”. Never click in the right pane during this process. From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor W. I
had the chance to look at the actual problem today and hereunder I will
describe the problem and what I have tried to resolve it: Problem:
The All Address Lists container has dissapeared from ESM, as well as the All
Global Address Lists container. From
within Outlook it is as iff you can display the All Address List but you
are presented with an error message when you actually select it, the same error
message is displayed when clicking "check name" when creating a new
Outlook profile. I
know what happened, what has caused this; somebody had
denied Everyone and Authenticated Users acces to this list. I
found a MS article which deals with exactly this, if I am right: http://support.microsoft.com/?id=286296 When
I try this in a command prompt: DSACLS "CN=Default Global Address
List,CN=All Global Address Lists,CN=Address Lists Container,CN=First
Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" I get the following error message: "Object path is not valid, please correct it" When I try this in a command prompt: DSACLS "CN=All Global Address
Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G
"Authenticated Users":SDRCWDWOWPRPCALO I
get the following error message: "The
system cannot find the file specified". From
within Adsi Edit I can see In the right hand pane: "CN=All
Address Lists" and "CN=All Globall Address Lists" They
are at the following location: CN=Configuration,CN=Services,CN=Microsoft
Exchange,CN=Domain,CN=AddressListContainer When
I right click either of those two and ask for properties, I get the
message that an invalid directory was passed. When
I try to delete either of those two I get the message that there are other
property sheets opened and that need to close first. It
is as if the objects are visible but arent really there any more. As
suggested I tried running setup: /forestprep but I get an error almost at the
end of forestprep: "Setup
failed while installing sub-component Microsoft Exchange Organization-Level
Container Children with error code 0x80071392 (please consult the
installation logs for a detailed description). You may cancel the installation
or try the failed step again". I
took the relevant piece from the Exchange Server Setup Progress Log: "[09:30:39]
Creating organization address books I
found an MS article that address the error 0x80071392 message, but I wonder if
this is relevant for my case. http://support.microsoft.com/default.aspx?scid=kb;en-us;296938 That
article talks about Domain prep and domain prep runs just fine (I ran domain
prep anyway but it doesnt resolve the problem). The
article also talks about renaming the Exchange System Objects OU and the fact
that renaming it isnt possible if the Objectclass attribute of that OU has
the value msExchSystemObjectsContainer. Even though in my case the OU has
indeed got an Objectclass attribute, I can rename it anyway. I tried renaming
this OU and ran forestprep again but still the same stop error. I wunder if I
really renamed this OU, I mean I can right click it and rename it but the
article says that it isnt possible, so I was wondering if it had really
been renamed. I tried to remove the value of the Objectclass attribute but
this gave me an errormessage telling me that this was an invalid
operation, so I stopped there, not wanting to mess up anything. The
System State backup the firm has, is one from last night and the problem
occured a week ago so restoring AD in that sense is unfortunately not an
option. I
hope anybody can help me further with this. It should at least be possible to
run forestprep or perhaps there are even other suggestions about handling this
problem. Cheers
and many thanks in advance, Victor From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Hi Victor, I just had
this issue last week ! The All Address Lists has disapeared
from ESM !!! In fact "someone"
(saw in security event log of my DC) who has the full exchange admin on the
organisation has made an error and deleted the "All Address Lists",
then he tried to recreate it but could not due to some replication issues, and
a collision occured ! So i
wanted to confirm this by I opening ADSIEDIT, go to
"CN=LostAndFoundConfig,CN=Configuration,DC=mydomain,,DC=fr", i saw
that the List was there but suffixed with a CNF as this: "CN=All
Address ListsCNF;feffgee....", same as all chid lists and my personnal
@ lists. So that
telling that the lists was duped, and due replication issue, a collision
occured. So I
deleted the the duped lists, ran forestprep, and the "All Address
Lists" appeared in ESM. For your
issue, you have also lost the GAL, so do not forget to check: 1) that
the GAL is associated to the Offline GAL in ESM. 2) rebuild
the Offline GAL. One issue
i had is for Outlook 2k3 in cache mode: 1) For
those clients that are configured in cache mode (.ost and .oab), you must force
your client to download the GAL + All Address Lists +GAL. 2) For
those that are configured in cache mode (only .ost), you also must to force the
download of the GAL. Hope that
helps. Yann De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Victor W. Thanks
Michael and Tony, I will try it and will let you know the outcome. From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith As
Tony said, if they are deleted and you need the specific contents back, an
authoritative restore is your appropriate response. If
the defaults work for you, you might just try rerunning forestprep and
domainprep, then touching each store setting the GAL for the store. I
have seen security changes make them "appear" to disappear.
adsiedit.msc is where you go to deal with that....(although, again, rerunning
forestprep and domainprep will probably take care of it for you) From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor W. What if the
containers mentioned in the subject title are 'suddenly' missing in ESM? I have not
checked (via adsiedit) if they are still in the Config.Nam.Context cause I just
heard this and have not had the chance to actually look at it. If they are
gone from the conf.nam.cont. how can I get these folders back and what if they
are visible there but not in ESM. Any help is
greatly appreciated. |
- RE: [ActiveDir] Exchange - ESM - "All Address Lists&... Michael B. Smith
- RE: [ActiveDir] Exchange - ESM - "All Address L... Nicolas Blank
- RE: [ActiveDir] Exchange - ESM - "All Address L... joe
- RE: [ActiveDir] Exchange - ESM - "All Address L... Steve Rochford
- RE: [ActiveDir] Exchange - ESM - "All Address L... TIROA YANN
- RE: [ActiveDir] Exchange - ESM - "All Address L... Steve Rochford
- RE: [ActiveDir] Exchange - ESM - "All Address L... TIROA YANN
- RE: [ActiveDir] Exchange - ESM - "All Address L... Michael B. Smith
