Introduction to Global Address Lists in Microsoft Exchange Server 2003
It’s only natural that users try and locate each others email addresses in the GAL. But why would an administrator need to configure Exchange 2003’s GAL? The most likely answers are: to check permissions, create custom lists and control how the names are displayed in the Global Address List.
Topics for Global Address Lists in Exchange 2003
- Strategy for your GAL (Global Address List)
- Exchange 2007 GAL
- Exchange Server 2010 GAL
- Objects found in the Exchange 2003 GAL
- How the Exchange 2003 GAL works
- Types of Exchange 2003 Address Lists
My advice for configuring the GAL is do nothing! Just go with the default GAL (Global Address List). Exchange 2003 server automatically adds every new mail recipient to the Global Address List, so, Guy says there is no more work to be done.
However, I admit that larger companies may have compelling business reasons for customizing the address book. To them I say: make changes to the GAL immediately after installing Exchange 2003 and certainly before you build the first email address.
This is the horror story. If you change the Exchange GAL display order from:
Firstname Lastname, to Lastname, Firstname, it only affects new users. Here is how the display would change, Elizabeth Washington, becomes: Washington, Elizabeth See more here.
I often say that being good at computing means being aware of subtle difference in Microsoft names. Exchange 2003’s mail objects is a case in point. Pay careful attention to the difference between a mailbox enabled user and a mail-enabled user; a security group and a distribution group. Here is a list of the objects which you find the Global Address List.
- Mailbox enabled accounts. Regular users with MAPI mailboxes Active Directory accounts.
- Mail-enabled users. Contractors who have an Active Directory logon but no mailbox. (No mailbox in your Exchange Organization.)
- Contacts. Suppliers, customers, people with email address outside your organization. No Active Directory account. Thankfully, contacts have a different symbol in the GAL.
- Distribution groups. These can be Global or Universal Groups, but they are designed for email rather than security. These are sometimes referred to as DLs – Distribution lists instead of distribution groups. Pay attention to detail and examine the Members and MemberOf tabs.
- Query-based distribution groups. Well worth setting up. Again, note the different symbol from other groups. Incidentally, I wish Microsoft would use different colors for different scopes of group. Say, Red for Universal and Green for Local Groups.
- Mail-enabled groups. Security groups that have mailboxes. Guy says that unless you have a good reason, favour the classic Distribution group and avoid Mail Enabled Security Groups.
- Public Folders. Mail-enabled public folders if your users need an easy way to post.
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
All the address information is held by Active Directory. To the left of the @ is the username, to the right of the @, the email domain name. In fact, I think of the GAL as merely a fancy LDAP query which produces a list of addresses, for example guyt @ cp.com. The final piece of the address jigsaw is RUS (Recipient Update Service. RUS is the engine which generates and updates the email addresses that you see in the GAL.
If the GAL is slow to update, then look to the Global Catalog servers. Make sure that there is Windows 2003 Global Catalog server near the Exchange 2003 server running RUS. As you may know, the Global Catalog replicates a sub-set of all the user’s properties, including Exchange features such as email address. So if Exchange has access to a local Global Catalog server, then its GAL will be up-to-date.
Potentially, any client who can query Active Directory can access the GAL. However, you can control who sees which list through read permission on the security tab found on the lists.
Global Address Lists – All of Exchange’s mail recipients are in the GAL. (Except hidden mailboxes). By default, everything and anything with an email address is here. The surprise is that you can have more than one, Global Address List. Multiple Global Address Lists blow my mind, so I recommend that you stick with just one GAL.
The only exception to the one GAL rule is if you manage two email domains. What I mean is that you could have a GAL for maincompany.com and another for subsiduary.com. In this case you would use security permissions to determine which users get which GAL in their Outlook clients.
Default Lists – Again, note the plural. Once you see the list names, All Users, All Contacts, All Public Folders, All Groups, then you realise that these are sub-sets of the Global Address List. Perhaps we should think of it the other way around, a Global Address List is made up of these individual lists, see diagram opposite.
Offline Address List – The idea is that for remote users, the administrator can reduce the size of the offline address book, for example, by choosing only the All Users and All Groups. (But omitting the All Public Folders). If you have more than Offline Address List, then go to the Mailbox Store, database tab, and choose which Offline Address List is associated with which Mailstore.
Custom Address List – Don’t bother! Much as I usually love customizing, my own view is that you do not need anything but a list of mail objects in the main GAL. Users are getting sophisticated at searching, in my opinion they do not need the confusion of multiple lists for each department.
I fully realize that my vision of one GAL is in the minority. Most companies love to create lots of custom lists. They say, for example, if there is a John Smith in sales and John Smith in accounts then only by having a custom list for each department, can users tell who is who. I say rubbish, if they go to the properties they can see to which department the user belongs. My view is the benefits of multiple lists are offset by feeling of being overwhelmed by lots of lists.
Import users from a spreadsheet, complete with their mailbox. Just provide a list of the users with the fields in the top row, and save as .csv file. Then launch this FREE utility, match your Exchange fields with AD’s attributes, click and import the users. Optionally, you can provide the name of the OU where the new mailboxes will be born.
- Bulk-import new users and mailboxes into Active Directory.
- Seek and zap unwanted user accounts.
- Find inactive computers.
In Microsoft Exchange Server 2003, configuring the GAL is optional, by default all mail objects appear in the Global Address List. However, if you do decide to customise the GAL make sure you do it straight after installing Exchange 2003. In order to make an informed decision on what you do, or what you don’t need, investigate GAL, Address Lists, Global Catalog, mail objects, LDAP queries and RUS.