The easiest way for group owner to approve new group members is to use FIM Outlook Add-in. But installing and configuring the add-in can introduce many problems. Probably the most common problem is that Approve / Reject buttons are not visible in Outlook. While there are number of things that can be misconfigured, even correctly configured FIM and Outlook Add-in are not enough.

Symptoms

When receiving group joining approval emails the Approve / Reject buttons don't appear in Outlook.

After making sure, the basic configuration is correct as described in Troubleshooting the FIM Group Management Outlook 2007 Add-In, still isn't isn't solved.

Cause

FIM Outlook add-in tries to resolve the sender against address book(s). Only if that succeeds, it compares the senders address using MAPI property PR_SMTP_ADDRESS (0x39fe) and compares THAT with what is in the settings or registry. Sadly, the trace file will not tell you if the comparison failed or the address simply didn't resolve.

This is how the code sees the valid message from resolved FIM Service account:

Address              = /o=EDS/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=FIMService
AddressEntryUserType = olExchangeUserAddressEntry
Name                 = FIMService

Resolved Sender      = FIMService@acme.com
Valid Sender         = FIMService@acme.com

And this is how it sees the message if FIM Service is not in the GAL / is not resolvable.

Address              = FIMService@acme.com 
AddressEntryUserType = olSmtpAddressEntry
Name                 = FIMService@acme.com

Valid Sender         = FIMService@acme.com 
Resolved Sender      =

So, the comparison of last two lines will fail, although the sender actually is correct, has correct email address but it isn't recognized as Exchange User Address entry.

Resolution

Make sure that FIM Service account is in user's GAL and that the email alias will resolve in Outlook.

I case with more than one domain when users in each domain see their own subset of the GAL one possible solution is adding "All Users" to last place in "When sending mail, check names using these address lists in the following order" list in Outlook configuration.

See Also

note Note
To provide feedback about this article, create a post on the FIM TechNet Forum.