Outlook uses a different mechanism to serve up GAL results. The Exchange
server produces several offline address book (OAB) data files (same data,
different versions of the OAB, though there's often several patch files
included so you don't always have to download the whole thing if you have a
recent copy). I don't know what logic is used to determine which contacts
get put into the OAB files.
The specific queries we do to set up the contacts are:
1) Query the root object for the configurationNamingContext. If there is
one, we only go further if we're going to be operating in "Exchange Mode",
which means either in an Exchange account, or an LDAP account which is using
the global catalog port (3268 / 3269 with SSL).
2) Query "CN=Microsoft Exchange,CN=Services," + the
configurationNamingContext object for the globalAddressList field. The
value(s) for that multi-value attribute gets added to a list. We only
support one GAL at a time, so we arbitrarily choose the "Default Global
Address List" or the first item in the globalAddressList list, if the
Default Global Address List isn't found. NOTE: in testing, we did not come
up against cases where having multiple GAL DNs was useful -- if your
environment is set up that way, we'd love to know that, and even better,
why.
3) When browsing using VLV (which requires Exchange mode and support for the
VLV control, which means Win2k3 or up), we'll issue a query of
"(&(showInAddressBook=" + the address book DN we recorded in #2 +
")(displayName=*))" on the whole subtree (usu. of the root, unless someone
filled it in -- in which case, things will probably break and return an
error).
You can usually arrange to do those things manually using an LDAP tool to
see whether or not the server is returning the correct results and Entourage
isn't handling them correctly.
An interesting way to see what is going on is to force a regular Directory
Services account to use the same server on the normal LDAP port. Create a
new Directory Services account with the same settings as the Exchange
account's LDAP section, except set the port to be the standard LDAP port
(389 / 636 for SSL) and set the root to be the configurationNamingContext
value. This is usually something related to the domain name, e.g.,
"CN=microsoft,CN=com" for microsoft.com. This will turn off VLV mode and
Exchange list addressing and search Active Directory as if it were a generic
LDAP server. You have to perform a search, though you can force it to return
all results using Advanced Find (and match any criteria with "name is a" and
"name is not a" or some such). If you find it is returning all of your 100
or so records, then it'd be interesting to see if they are all marked to be
in the GAL or not.
-nh
