Pages

Monday, December 10, 2012

GAL is blank after the mailboxes are moved to exchange 2010 from Exchange 2007



We are in the process of migrating from Exchange 2007 to Exchange 2010. We have segregated AD because we host exchange for multiple companies. We use ACLs and msExchQueryBaseDN attribute for the segregation. Each company has a separate GAL, Address list and OAB. After the mailboxes were moved, the GAL appeared to be blank although the names could be resolved by outlook. After a lot of struggle to fix it, we found out why.



Exchange 2010 SP2 uses Address book policies to segregate the GAL access instead of the msExchQueryBaseDN attribute. So first of all we create an address book policy for each client. You can do so in the Exchange MMC> organization management > mailboxes > address book policies tab > new address book policy. Create it as shown in the image below. This is required if we do not want the users to have access to all the GALs.



Apply the policies to all the users under COMPANY1. You have to change it for individual user if you want to do in exchange MMC. You can do it by right clicking properties of the user mailbox> mailbox settings tab> select address book policies and click properties> select address book policy. Possibly can be scripted as well.





Step 2: check the permissions on the address lists for the client.

Open adsiedit > configuration > CN = configuration, DC=domain,DC=com > CN=services > CN=Microsoft Exchange > CN= i-worx > CN=Address lists container

1.       expand CN= all address lists. Right click the address list for COMPANY1. All the users in COMPANY1 should have the following permissions

a.       READ

b.      Open address list

(see image below)





2.       Under CN=Address lists container, now expand CN= All global address lists, Right click the GAL for the COMPANY1.The CLIENTCODE users group should have the following permissions

a.       READ

b.      Open address list

(see image below)









LAST STEP

Clear the msExchQueryBaseDN attribute for all users for company1.