Article ID: 329622
Article Last Modified on 2/28/2007
APPLIES TO
- Microsoft Exchange 2000 Server Standard Edition
This article was previously published under Q329622
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
SYMPTOMS
When you use Microsoft Outlook to try to delegate access to your mail folders to another user, the user to whom you delegate this access may not receive the "Send on behalf" permission. When you click Delivery Options on the Exchange General tab of your user account properties, the account to whom you tried to delegate access may not be listed in the Grant this permission to list under Send on behalf.
CAUSE
This problem may occur if your MAPI client program points to a global catalog server that is in a domain other than that of your user account.
Global catalogs are chosen based on the site in which the Exchange server resides. Exchange determines to which site it belongs, locates all global catalogs in the site, and then distributes them to MAPI clients to use for directory queries. However, although the global catalog contains a list of all objects in the Active Directory forest, it only contains a read-only copy of objects in other domains. In this case, this is the domain that contains your user account.
When the Name Service Provider Interface (NSPI) that MAPI uses for directory queries contacts the global catalog server in a domain other than that which contains your user account, it obtains a read-only copy of the object. When you try to change the properties of this read-only copy of the object, you are unsuccessful.
WORKAROUND
To work around this problem, use one of the following methods:
- Have an Exchange administrator grant the required "Send on behalf" access. To do this, the administrator should follow these steps:
- Access the properties of the mailbox owner user object through the Active Directory Users and Computers management console on an Exchange server or an Exchange System Administrator workstation.
- In the Exchange General/Delivery Options dialog box, add the delegate account to the Send on behalf list.
- Move the mailbox-enabled user to the same domain to which the Exchange 2000 Server-based computer belongs.
- Configure mailboxes to use a global catalog that is in the same domain as their own mailbox-enabled user object.
Note This method affects only those Outlook clients that connect by using MAPI.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. For scalability and resilience, the local Active Directory domain is replicated between sets of domain controllers. However, some programs and services such as Exchange 2000 require access to a full listing of the objects in Active Directory to perform forest-wide queries. Global catalog servers exist for this purpose. Any domain controller can become a global catalog server. Global catalog servers hold the configuration and schema naming contexts for the forest. This is a complete replica (read/write) of the domain-naming context in which the server is installed, and a partial replica (read-only) of all other domains in the forest. A partial replica indicates that although every domain object is represented in the global catalog, only a limited number of attributes for that object are replicated to it. For example, although the user "Joe User" is represented in the global catalog, his telephone number is not, although "Joe's" telephone number has been entered into the Active Directory. For more information about how MAPI clients use Active Directory, click the following article number to view the article in the Microsoft Knowledge Base:
256976 How MAPI clients access Active Directory
On an Exchange 2000 Server-based computer with Service Pack 1 or later installed, you can view the global catalog servers that it distributes to MAPI clients:
- Start Exchange System Manager. To do this, click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
- Expand Administrative Groups if Administrative Groups is enabled, expand Servers, right-click the Exchange 2000 Server-based computer that you want to view, and then click Properties.
- Click the Directory Access tab, and then click Global Catalog Servers in the Show list.
On Microsoft Outlook 2000 SR-1 and later clients, you can use Registry Editor to view the global catalog server that is used:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Click the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\dca740c8c042101ab4b908002b2fe182
- In the right pane, the global catalog server to which Outlook points is listed in the Data column.
- Quit Registry Editor.
Additional query words: gc
Keywords: kbbug kbpending kbui KB329622
