Outlook unable to connect to mailbox that is hidden in GAL

Question

I ran into this problem, and managed to fix it by un-hiding the address in the GAL. I would really like to avoid having to do this however, as I have some mailboxes that are used as resources that I don't want published.

The exact scenario I had was this:

I created a second email profile for the user, and began configuring Outlook. When I got to the page asking for server and username credentials, it was unable to verify the username because it was hidden.

Like I said, I fixed this by un-hiding this, but was wondering if there is another way to accomplish what I want while still keeping the email address hidden.

Outlook 03, Exchange 07

score 3 · Accepted Answer · answered Aug 06 '10 at 18:38

You're not going to like this any better than the answer you have now (unhide and re-hide), but specifying the legacyExchangeDN of the user's mailbox will allow "Check Name" to function even if the object is hidden (since, basically, that's what "Check Name" is doing-- resolving the user's alias into the legacyExchangeDN).

My "EAnderson" user on my test rig here has a legacyExchangeDN of "/o=Home/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=EAnderson". I verify the that mailbox is hidden from address lists, won't resolve with the alias name "EAnderson", but "Check Name" works fine and the mailbox opens when I use the legacyExchangeDN. (This trick has worked all the way back to at least Exchange 5.5 and was a trick I'd use to show people who though they were "Exchange experts" that, perhaps, they didn't know everything they thought they did... heh heh...)

Where do you get the legacyExchangeDN? Using a tool like ADSIEDIT will let you see it, as will any other tools that allow "free form" queries of the Active Directory database.

Once you know the format of your users' legacyExchangeDN attributes you can probably formulate them out of your head. They've gotten a lot uglier in Exchange 2007 because they have the reference to the "/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" AG in them.

It's a fun little trick. Back in the Exchange 2003 and earlier days it was fairly easy to remember a given Customer's legacyExchangeDN and to connect to hidden mailboxes w/o having to go unhide the mailbox. The whole "EXCHANGE12ROCKS" thing makes it a lot harder (unless you like typing "FYDIBOHF23SPDLT"). — Evan Anderson, Aug 06 '10 at 18:41
Well that's just...awesome. As I was looking for a different way than what I did, yours fits the bill, so you get the check. Although I'm not sure what will be more of a hassle, remote-ing to the Exchange box to un-hide, or remembering the legacyExchangeDN attributes. I'll try it anyways, cuz I like doing things that are "outside the box". — Holocryptic, Aug 06 '10 at 18:54

score 2 · Answer 2 · answered Aug 06 '10 at 18:28

2

Unhide it in the GAL, configure Outlook, re-hide it in the GAL.

answered Aug 06 '10 at 18:28

joeqwerty

109,901
6
81
172

+1, as far as I know, there isn't a way to connect to hidden objects, but you will stay connected if its hidden after you connect. – DanBig Aug 06 '10 at 18:33
@Dan: That's incorrect. There is a way. @joewqwerty: That'll work, but the poster already said that he knows how to do it that way. – Evan Anderson Aug 06 '10 at 18:34
@Evan: I didn't get the impression that the OP knew that he could re-hide it after configuring Outlook. – joeqwerty Aug 06 '10 at 19:42
I did know that, but in this case I did forget that I could re-hide it. Color me sheepish :) – Holocryptic Aug 06 '10 at 19:58
Good point. – Evan Anderson Aug 06 '10 at 20:10

Outlook unable to connect to mailbox that is hidden in GAL

2 Answers2