Microsoft Exchange 2003 –  GAL Anonymous Access

Introduction to Anonymous Access to GALs in Exchange 2003

Normally you configure an object’s permissions through Access Control List on the security tab.  However, Exchange has cases where you can only alter permissions with ADSI Edit.

Topics for Configuring Anonymous Access to the GAL


Strategy for configuring Anonymous Access to the GAL

1) Give the ‘Anonymous’ user read access to the GAL.

2) Configure permissions with ADSI Edit because there is no tab in the Exchange System Manager.

3) Install ADSI Edit.

4) Make sure you are editing the Configuration Container (not the Domain).

5) Drill down in ADSI Edit to the Address Lists Container.

6) Give the ‘Anonymous’ user read permission.

Where does ADSI Edit come from?

With any new utility always, ‘Where do I get this program?’  In the case of ADSI Edit, you install it as part of Windows Server 2003’s support tools.  Once installed, I add ADSI Edit as a snap-in to my MMC along-side my Active Directory Users and Computers and Exchange System Manager.

Finding the Address Lists Container

When ADSI Edit launches, make sure that you choose the Configuration container, and not the Domain container.  Expand the Services, Microsoft Exchange and then the name of your Exchange Organization (Mine was GuyMail).

Your next decision is which Address List to configure permissions?  The Default Global Address List, or the Offline Address list.

Guy Recommends: Permissions Analyzer – Free Active Directory ToolFree Permissions Analyzer for Active Directory

I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT.  When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource.  Give this permissions monitor a try – it’s free!

Download Permissions Analyser – Free Active Directory Tool

Setting Permissions on the Security Tab

Now you want the Address Lists Container, and finally select the particular Address List you wish to edit.  right-click on the CN=, and select the Security Tab and Anonymous Logon.  Just give this anonymous account read access, not full control.


ADSI Edit is helpful for those situations where Microsoft do not supply a tab to configure the permission that you need.  Take every opportunity to launch ADSI Edit and explore the attributes in the Configuration container of Active Directory.

Engineer's Toolset v10Guy Recommends: SolarWinds Engineer’s Toolset v10

This Engineer’s Toolset v10 provides a comprehensive console of 50 utilities for troubleshooting computer problems.  Guy says it helps me monitor what’s occurring on the network, and each tool teaches me more about how the underlying system operates.

There are so many good gadgets; it’s like having free rein of a sweetshop.  Thankfully the utilities are displayed logically: monitoring, network discovery, diagnostic, and Cisco tools.  Try the SolarWinds Engineer’s Toolset now!

Download your fully functional trial copy of the Engineer’s Toolset v10


See Also