RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
↑ Back to the top
In Microsoft Exchange Server 2007 Outlook Web Access, a user tries to access the Global Address List (GAL) by clicking the "To..." button on a new message or clicking the address book icon.
↑ Back to the top
The user receives the following error:
"Access is denied. Outlook Web Access was unable to access the Active Directory resource. This may be because the Active Directory object does not exist or the object has become corrupted or because you do not have sufficient access rights for that object".
Note The same user can access the Global Address List without any problem in Microsoft Outlook 2007 online mode and cache mode.
↑ Back to the top
On the object "CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com", the Globaladdresslist attribute contains an invalid entry. Either the first object in the list is a deleted Global Address List object, or users do not have sufficient access rights for this object.
↑ Back to the top
To remove the invalid Global Address List objects from the Globaladdresslist attribute:
1. In Adsiedit, locate the object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<your_domain_name>,DC=com"
2. Right-click on the object and choose Properties.
3. From the list of Attributes, select globaladddresslist.
4. Click the Edit button.
5. Remove any invalid GALs. (For example, a tombstoned directory entry by the DEL:{GUID} moniker in the distinguished name of the object: CN=Default Global Address ListDEL:04f0ec0c-1bd4-4525-b1fa-3a5b24513c92,CN=All Global Address Lists,CN=Address Lists Container,CN=<your_Organization_name>,CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=<your_domain_name>,DC=com)
6. Click OK twice.
7. Force replication between the Domain Controllers.
↑ Back to the top