Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Access is Denied When Users Access Global Address List in Microsoft Exchange Server 2007 Outlook Web Access


View products that this article applies to.

Rapid publishing

Source: Microsoft Support

↑ Back to the top


Action

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

↑ Back to the top


Result



In Microsoft Exchange Server 2007 Outlook Web Access, a user tries to access the Global Address List (GAL) by clicking the "To..." button on a new message or clicking the address book icon.

↑ Back to the top


Cause



The user receives the following error:

"Access is denied. Outlook Web Access was unable to access the Active Directory resource. This may be because the Active Directory object does not exist or the object has become corrupted or because you do not have sufficient access rights for that object".

Note The same user can access the Global Address List without any problem in Microsoft Outlook 2007 online mode and cache mode.


↑ Back to the top


Resolution



On the object "CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com", the Globaladdresslist attribute contains an invalid entry. Either the first object in the list is a deleted Global Address List object, or users do not have sufficient access rights for this object.

↑ Back to the top


Disclaimer



To remove the invalid Global Address List objects from the Globaladdresslist attribute:

1. In Adsiedit, locate the object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<your_domain_name>,DC=com"
2. Right-click on the object and choose Properties.
3. From the list of Attributes, select globaladddresslist.
4. Click the Edit button.
5. Remove any invalid GALs. (For example, a tombstoned directory entry by the DEL:{GUID} moniker in the distinguished name of the object: CN=Default Global Address ListDEL:04f0ec0c-1bd4-4525-b1fa-3a5b24513c92,CN=All Global Address Lists,CN=Address Lists Container,CN=<your_Organization_name>,CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=<your_domain_name>,DC=com)
6. Click OK twice.
7. Force replication between the Domain Controllers.

↑ Back to the top


Keywords: KB944334, kbrapidpub, kbnomt

↑ Back to the top

Article Info
Article ID : 944334
Revision : 1
Created on : 10/29/2007
Published on : 10/29/2007
Exists online : False
Views : 272