Exchange Shared Hosting and addressBookRoots
I must say that from all the articles I wrote for MSExchange.org, Shared Hosting with Exchange 2007 was the one I received more comments from (which is good).
Besides the usual help requests, I got some really nice comments and suggestions. One of these suggestions was from Nick Russo and had to do with the AD attribute addressBookRoots.
As you may recall, in part 2 of the article, I state that we must add the distinguished name of each Address List to the addressBookRoots attribute.
Nick alerted me that this could break Offline Address Book creation/replication, so I decided to do some further investigation. Knowledge Base Article 297801 says:
“You cannot specify both a parent container and a child of that parent as an address book root. For example, if you enter All Address Lists as an address book root, it has to be the only address book root. All your other address lists are listed under All Address Lists; if you enter both the parent object and child objects that exist under this parent object, you enter the child objects more than once. When you do so, Check Names and all other Global Address List and NSPI operations do not succeed.”
Then I checked my test environment and noticed that, although the picture from the article shows the “All Address Lists”, I only have the CONTROL AL and KAOS AL in my lab.
The official document from Microsoft, Configuring Virtual Organizations and Address List Segregation in Exchange 2007, doesn’t mention addressBookRoots either.
So, here’s my advice:
- Leave the attribute addressBookRoots as it is, everything should work as expected.
- If you decide to add other Address Lists, in case they are a child of “All Address Lists”, remove this entry from addressBookRoots as it may break Offline Address Book creation/replication.
Richard Ellison Says:
June 13th, 2008 at 12:07 am
I read all three of your articles on Shared Multi hosting of Exchange. I got most of the way through it but have run into a snag. when I create a new Exchange User, I cannot set them up in Outlook on their office computer. Whenever I try, I get an error that tells me the name is not found in the address list. Can you help? Thanks
William Ro Says:
November 26th, 2008 at 8:51 pm
In reference to the above post by Richard - I am having the same problem -
Has anyone answered or found the problem/resolution?? Thanks
bilal Ahsan Says:
February 18th, 2009 at 5:18 am
give authenticated user right “read “to Default Global address list.
dvillar Says:
March 16th, 2009 at 7:54 pm
Using ADSIEdit, copy the distinguished name of the GAL that the user should be a member of and paste in the showinAddressBook attribute of the user account in ADSIedit.
That will fix your problem.
Adam Says:
May 14th, 2009 at 9:10 pm
I am having the same issue as the first two comments, and I have tried the fixes suggested by the last two.
I am still having this issue, any ideas?
adam Says:
May 14th, 2009 at 10:20 pm
Ok,
So, I removed my aditional address list distiguished names from AddressBookRoots, and it worked. I can now get past the “Check Name” part of setting up an outlook client.
However, there is now a new wrinkle.
It gets past the check name, and when I start outlook, I receive this error:
“Unable to open your default e-mail folders. You must connect to your Microsoft Exchange Server computer with the current profile before you can synchronize your folders with your offline folder file”
I am now stumped.
matarvai Says:
May 30th, 2009 at 9:43 am
I also have the same problem that Adam has. Same error everytime when connecting wiht Outlook. Webaccess works great.