Another question before we go deep-diving - offline/online mode and or RPC/HTTP or direct connect?
From: Senter, John [mailto:[email protected]] Sent: Tuesday, January 12, 2010 2:49 PM To: MS-Exchange Admin Issues Subject: RE: Outlook addressbook issue with child domain DC's Outlook 2003, various SP's; Outlook 2007 latest updates. From: Michael B. Smith [mailto:[email protected]] Sent: Tuesday, January 12, 2010 2:46 PM To: MS-Exchange Admin Issues Subject: RE: Outlook addressbook issue with child domain DC's This shouldn't be a problem with any recent version of Outlook. What versions of Outlook, including service pack, are you using? From: Senter, John [mailto:[email protected]] Sent: Tuesday, January 12, 2010 2:11 PM To: MS-Exchange Admin Issues Subject: Outlook addressbook issue with child domain DC's Here is the problem: When list owners go into the addressbook in Outlook to add/remove a member, sometimes they get access denied type messages or the list does not show members. After doing some searching I came across something about Outlook using a GC from a child domain. I checked a couple of users Outlook that were having this issue and did see that for the directory connection Outlook was using a GC from our child domain. This child domain is a resource domain and does not have any users or Exchange install. If found the MS article KB319206 which would allow me to specify a specific Global Catalog server which I set on a couple of systems to force Outlook to use a GC in the user/exchange domain, and it allow the addressbook updates to work as expected. The web search I found talked about the Outlook client using a GC in a child domain that did not have the users account and Exchange installed. When the user tried to make a update that DC was not allowing the update since the user did not have write access in that child domain. Our forest is laid out where the forest root is also the primary user and exchange domain. We have a child domain that is a server resource domain. We have multiple sites with the primary domain DC's at each site and a couple of sites have a DC for the child domain. All DC's are global catalog servers, in both domains. All replication has been verified as working correctly. With all of this I am trying to figure out how to stop this from occurring. Has anyone else seen this? If so what did you do? My first thought was to step down DC's in the child domain to no longer be GC's. If they are not GC's then Outlook will not use them. Does anyone see a issue with doing this? If there is a child DC in a site, there is also going to be a DC for the parent domain so lookups should not be a issue. If I go this route the Infrastructure Master for the parent domain/forest root will be a GC, which should not be a issue in that domain since all DC's in that domain are GC's. The way I understand the Windows 2003 domain design, the infrastructure master is separate for each domain so I do not see how this could affect replication with a child domain.
