Ran into a strange issue recently where all the default address lists were missing in Exchange. Running a Get-AddressList in the Exchange Management Shell returned zero results. The address lists were also absent in the Exchange Admin Center as well.
When we attempted to recreate the missing address lists using the same name (for example, “All Users”) we received an error that the address list already existed.
C:\> New-AddressList "All Users" -Included Recipients MailboxUsers
Active Directory operation failed on dc1.skaro.local. The object 'CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=SKARO,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=skaro,DC=local' already exists.
+CategoryInfo : Not specified (0:Int32) [New-AddressList], ADObjectAlreadyExistsException
If we attempted to modify this address list (or remove it) it reported it could not be found.
C:\> Set-AddressList "All Users" -Included Recipients MailboxUsers The operation couldn't be performed because object 'All Users' couldn't be found on 'dc1.skaro.local'.
Similarly, if we tried to create a brand new address list that we knew never existed in the environment previously this also failed.
C:\> New-AddressList "Brand New List" -Included Recipients MailboxUsers The operation couldn't be performed because object 'CN=Brand New List,CN=All Address Lists,CN=Address Lists Container,CN=SKARO,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=skaro,DC=local' couldn't be found on 'dc1.skaro.local'.
These address lists were also missing when we used ADSI Edit to examine the Address Lists Container.
We also discovered then when we tried to compose a new email in Outlook Web App and clicked the To: field to launch the address book we were presented with the error: An unexpected error occurred and your request couldn’t be handled.
Not really missing – bad permissions
It took a few hours to find the root cause of this issue. On a hunch, we decided to compare the permissions of the Address List Container between a known working environment and the problem environment.
We quickly discovered that the problem environment had an extra deny permission that the working environment did not have.
The permission denied authenticated users (essentially anyone who isn’t anonymous) the ability to list contents of the Active Directory container that hosted the address lists.
We removed this deny permission and refreshed ADSI Edit. All our Address Lists immediately returned.
The address lists were then accessible from Exchange Admin Center and Management Shell.
C:\> Get-AddressList Name DisplayName RecipientFilter ---- ----------- --------------- Public Folders Public Folders ((Alias -ne $null)... All Contacts All Contacts ((Alias -ne $null)... All Distribution Lists All Distribution Lists ((Alias -ne $null)... All Rooms All Rooms ((Alias -ne $null)... All Users All Users ((Alias -ne $null)...
Have you seen this issue before? What did you do to fix it? Drop a comment below or join the conversation on Twitter @SuperTekBoy
Tarek Halloun says
can we delete or hide the built in address lists ?!
if yes how ?