Introduction to Anonymous Access to GALs in Exchange 2003
Normally you configure an object’s permissions through Access Control List on the security tab. However, Exchange has cases where you can only alter permissions with ADSI Edit.
Topics for Configuring Anonymous Access to the GAL
- Strategy for configuring Anonymous Access to the GAL
- Where does ADSI Edit come from?
- Finding the Address Lists Container
- Setting the Permissions on the Security Tab
- Exchange 2007 GAL
- Exchange Server 2010 GAL
1) Give the ‘Anonymous’ user read access to the GAL.
2) Configure permissions with ADSI Edit because there is no tab in the Exchange System Manager.
3) Install ADSI Edit.
4) Make sure you are editing the Configuration Container (not the Domain).
5) Drill down in ADSI Edit to the Address Lists Container.
6) Give the ‘Anonymous’ user read permission.
With any new utility always, ‘Where do I get this program?’ In the case of ADSI Edit, you install it as part of Windows Server 2003’s support tools. Once installed, I add ADSI Edit as a snap-in to my MMC along-side my Active Directory Users and Computers and Exchange System Manager.
When ADSI Edit launches, make sure that you choose the Configuration container, and not the Domain container. Expand the Services, Microsoft Exchange and then the name of your Exchange Organization (Mine was GuyMail).
Your next decision is which Address List to configure permissions? The Default Global Address List, or the Offline Address list.
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
Now you want the Address Lists Container, and finally select the particular Address List you wish to edit. right-click on the CN=, and select the Security Tab and Anonymous Logon. Just give this anonymous account read access, not full control.
ADSI Edit is helpful for those situations where Microsoft do not supply a tab to configure the permission that you need. Take every opportunity to launch ADSI Edit and explore the attributes in the Configuration container of Active Directory.
This Engineer’s Toolset v10 provides a comprehensive console of 50 utilities for troubleshooting computer problems. Guy says it helps me monitor what’s occurring on the network, and each tool teaches me more about how the underlying system operates.
There are so many good gadgets; it’s like having free rein of a sweetshop. Thankfully the utilities are displayed logically: monitoring, network discovery, diagnostic, and Cisco tools. Try the SolarWinds Engineer’s Toolset now!
- Mailbox Recovery
- Recovery Storage Group
- Alternative Forest Recovery
- Deleted Item Recovery
- Restore Horror Stories
- Restore. env
- Diagnostic Logging
- SMTP Logging
- Free Kiwi Syslog Analyzer
- Tips for Disaster Recovery