Entourage Account Settings for Microsoft Exchange

Using Entourage for mail, calendar, tasks and contacts can provide business users with an enterprise quality personal information manager on the Mac. The capabilities of Entourage are greatly expanded when connecting to Microsoft Exchange Server 2000, 2003 or 2007. Users on Exchange are able to query and interact with other users in their environment. This includes sharing email, calendar and contact folders and even completely delegating folders to other employees from within Entourage.

Entourage is included in Microsoft’s Office 2008 for Mac and is the equivalent of Microsoft Outlook on the PC. We’ve written this article about setting up Entourage for non-techy people and for those new to Office for Mac. For an extensive technical walk through, please see Amir Haque’s blog entry on How Entourage Works.

This article is dedicated to helping beginners get connected.

Entourage Technologies Under the Hood

Yes…. Entourage is different than Microsoft Outlook for PC

Because Entourage runs on Mac OS X , the underlying technologies are web standards based and the differences can be significant, especially in earlier versions of Entourage and Exchange. This article will touch on the following protocols and services:

Outlook for PC also relies on standards based technologies (in Exchange 2000 and Exchange 2003). It differs primarily in it’s specific implementation of Remote Procedure Call to connect to Exchange over HTTPS. This is a different implementation than Mac because Entourage relies primarily on WebDAV and LDAP to provide secure connection, authentication and directory services while Outlook relies on RPC.

by-the-way, this all changes in Exchange 2007 SP1 which transitioned certain key functions to web services

Here’s a non-normative comparison prior to Exchange 2007 SP1:

function:	Entourage	Outlook
Connect and Authenticate	HTTP SSL LDAP	HTTP SSL Basic Authentication
Retrieve Data Share Data Delegate	WebDAV LDAP	RPC / HTTP Active Directory
find other Users	LDAP	Active Directory

For anyone familiar with Outlook but unfamiliar with Entourage, it’s important to understand the differences not only between PC and Mac but between setting up the different Mac versions of Entourage (2001, 2004, 2008) with the different versions of Exchange Server (2000, 2003, 2007).

Setting up Entourage Account Settings and connecting to Microsoft Exchange

We’re going to setup Entourage with Exchange (prior to the Exchange 2007 SP1 version)

open Entourage
on the menu bar above, go to Entourage | Account Settings
in the “Accounts” window, click New
the following window will appear to enter the Account Settings

Entourage Exchange Account Settings

Explanation of Account Settings

Account Name: your personal description of your account on the Exchange Server
Name: your name as you want it to appear in Email
Email Address: the full email address associated with your Exchange account
Account ID: your UserID on the Exchange Server (this is NOT your email address but is your user logon name in Active Directory and may be different from your email “alias”)
- ask your administrator for this information
Domain: this is the internal DOMAIN-NAME of the network on which the Exchange Server authenticates
- it is most often the NETBIOS DOMAIN-NAME
- it will be a string of characters with no periods (.)
- it may be different than the website domain you access your email on
- ask your administrator for this information
Password: your password for email access
Exchange Server: the web facing internet address of your exchange server
- most often the same internet address as the Outlook Web Access site
- may be in a form similar to:
  - mailserver.com/exchange (PC)
  - mailserver.com/exchange/mark@mailserver.com (Mac)
  - owa.mailserver.com (PC)
  - owa.mailserver.com/mark@mailserver.com (Mac)
  - etc…
  - use this article to Troubleshoot Entourage Connections to Exchange
- ask your administrator for your mail server information
usually check the box – This DAV service requires a secure connection (SSL)
- most administrators require SSL which encrypts the User/Password credentials when logging on
- Please confirm with you administrator about this requirement

The last entry is the first in which we view Entourage using DAV (Distributed Authoring and Versioning) over SSL. This is one of the differences between the way Outlook on PC and Entourage for Mac access the Exchange Server.

ALSO: It is possible to Override default DAV port of 443 but do not check this box or alter this this setting unless specifically instructed to do so by your administrator.

NOTES:

Account ID

Your Account ID is most often your email address name without the @mailserver.com

EX: if your email address is mark@mailserver.com then your Account ID is generally mark

However, email addresses may also be an alias of the actual Account ID. This means that while your Account ID may be “mark”, your default email address could be mark.raborn, markr, mraborn OR any number of variants called an “alias”. Ask your administrator for this information.

Domain

The Domain “name” you are accessing may be a name you literally have never heard of. While the website for accessing your company mail over the internet may be something familiar like owa.mailserver.com/exchange your internal Domain may be something like OURCOMPANY and may not resemble the internet address of your mail server at all. Internal DomainNames when used in Entourage (such as OURCOMPANY), are not fully qualified domains. This meansthey will not be in the form of a typical internet address “separated . by . periods”. This means not OURCOMPANY.COM or OURCOMPANY.NET but more likely a single name like OURCOMPANY

Ask your administrator for this information.

Exchange Server

Your Exchange Server address should be entered as the same web address which allows access to Outlook Web Access over the internet WITH ONE EXCEPTION, in Entourage the Exchange Server address should be appended with your default SMTP email address. This would take the form of ( example owa.mailserver.com/exchange/mark@mailserver.com )

The Exchange Server “Outlook Web Access” address enables you to log on, send email, view contact and calendar information and perform most tasks you expect to perform in Entourage or Outlook. It is part of accessing Microsoft Exchang over the web. The address you enter here (i.e. owa.mailserver.com/exchange ) should give you direct access to Exchange from a either a Browser (which is a good way to test the address by the way) or Entourage. Just be sure that when you enter it in Entourage, you append your email address to the end as in the example above as in owa.mailserver.com/exchange/mark@mailserver.com

Setting Up Advanced Settings for Entourage with Exchange Server

With basic Exchange Server “Account Settings” now in place, there are two more major components that that can increase the functionality of Entourage. They are:

Public Folders
Directory Services

To understand the Public Folder and Directory settings in Entourage, lets go to Microsoft.

Public Folders in Exchange (quoting Microsoft)

Public folders, introduced in the first version of Microsoft Exchange, are designed for shared access and provide an easy and effective way to collect, organize, and share information with other people in your workgroup or organization. Public folders are hierarchically organized, stored in dedicated databases, and can be replicated between Exchange servers.

This excerpt explains why an organization would want to provide these additional services to it’s Entourage Users. The next step is to connect to them.

PUBLIC FOLDERS

Let’s setup Public Folders using the Advanced settings for Exchange

open Entourage
on the menu bar above, go to Entourage | Account Settings
in the “Accounts” window, double click the Entourage for Exchange account you created earlier
the Edit Account window appears
click the Advanced tab
enter your Advanced Public Folder Settings here

Public Folders - Advanced settings in Entourage

Explanation of Public Folder Settings

Public folders server: this is the full web address from which Public Folders are accessible from the internet (prior to Exchange 2007 SP1). – - Please ask your administrator for your information
- usually a variant of the Outlook Web Access website address (ex. owa.mailserver.com/public )
- you can view public folders from the Internet in an internet browser using the full address (ex. https://owa.mailserver.com/public ).
- Logging onto Public Folders over the Internet is a good way to test for the correct Public Folder address as well as test your logon and view the folders you have permission to access. Seeing Public Folders through your browser enables you to verify that the same information appears in your Entourage Public Folders once you have connected Entourage.
check the box – This DAV service requires a secure connection (SSL)
- most administrators require SSL to encrypt the User/Password credentials between Entourage and Exchange. Please confirm with you administrator about this requirement.

This again is an example of Entourage using DAV (Distributed Authoring and Versioning) over SSL. Note that It is possible to Override default DAV port of 443. Do not override or alter this this setting unless specifically instructed to do so by your administrator.

DIRECTORY SERVICES

The second section of Advanced settings in Entourage is the Directory Settings. To familiarize ourselves with Directory Settings let’s once again turn to Microsoft.

Directory Services – using the Global Address List through Exchange (quoting Microsoft)

A global address list (GAL) is a directory that contains entries for every group, user, and contact within an organization’s implementation of Microsoft Exchange Server. GALs are displayed in the Microsoft Outlook Address Book on a client computer. Address lists are a subset of the GAL and can be used to further organize the recipients in your organization

With directory services explained, let’s go back and compare a picture of a typical Public Folder entry and it’s corresponding Directory Settings entry together…. (again, this is prior to Exchange 2007 SP1)

Directory settings in Entourage - LDAP

Notice how “different” they are! There is a completely different “name” used in the LDAP server entry. So, why the difference?

Accessing users, groups and internal company address book data in Entourage is accomplished by accessing something called the Global Catalog (a part of Active Directory). The Global Catalog itself is accessed (when using Entourage on Mac) by use of the web standard LDAP (Lightweight Directory Access Protocol). Here are some basics about LDAP and why we may want to use it in connecting to the Microsoft Exchange server.

LDAP provides the company’s User data from the Global Catalog to Mac users
For LDAP to query the Global Catalog it is necessary to oepn firewall ports other than the typical internet ports of HTTP (port 80) and HTTPS (port 443). NOTE: this is prior to Exchange 2007 SP1
because accessing LDAP from the outside of a network requires making “holes” through your firewall, LDAP may not be implemented OR ALLOWED in your environment (it may be turned off from access by the outside world)
the reason the Global Catalog may be DISALLOWED is because it offers information your administrator does not want to expose on the internet

About the Ports and/or Web Services used to access the Global Catalog

As Exchange has continually developed, the methods used to access the Global Catalog have developed as well. LDAP based Directory Access is different today than it was on the last version of Exchange and how it is accessed literally “varies” on the version of Exchange Server (2007, 2003 or 2000) in use at your organization. Some key points are:

“IF” Directory Services are open for LDAP based access from the Internet, the likely ports are
- “unsecured” LDAP port = 368 and 3268
- “secured” LDAP ports = 636 and 3269
The LDAP Server name under Directory Settings is likely to be completely different than the Exchange Server or Public Folders names.
If Entourage 2008 and Exchange 2007 SP1 are present, Directory Services are actually accessed via web services through the same Internet Address as the public facing Outlook Web Access server on the internet. This basically means – - all the above stuff changes!

This all of a sudden very technical way of explaining LDAP hints at why establishing the Directory Settings is much different than other aspects of Entourage. One final point is that LDAP access from your Entourage mail client may be available while “on the local network” but that same access may not be available from “outside” the local network… meaning anywhere on the open Internet.

Fortunately, advances have been made in the most recent release of Exchange Server to help this circumstance. Please confirm with you administrator about your exact settings and the availability of the Global Catalog through LDAP in your environment.

Changes to Entourage connectivity in Exchange Server 2007 Service Pack 1

The final caveat about everything we have discussed so far is that it all changes significantly with the release of Exchange 2007 Service Pack 1. In short, Client Access has been made accessible through Web Services with the release of SP1 for Exchange 2007. This means the complex explanation of ports, protocols and different types of access inside versus outside goes away.

Here is a list of the features now available (post 2007 SP1) using plain HTTPS (port 443) via Web Services:

Public folder access – You can access and manipulate public folders.
Delegate Management – You can manage delegates by using Exchange Web Services.
Improved Delegate Access - Delegates can do the following:
- Open folders based on folder-level permissions
- Create, send, receive, forward, and respond to meeting requests
- Open shared mailboxes and act as the owner
- Create notification subscriptions on folders in the mailbox of the principal owner
Folder Level Permissions - Users and client applications can query and configure permissions on folders.
Identifier Translation - You can now translate Exchange item identifier formats.

In closing, let’s offer some additional reading.

Please read:

New Client Access Features in Exchange 2007 SP1
As well as these two articles which explain the newest capabilities of of Entourage 2008 and Exchange Server 2007 SP1 in tandem

Talk to your Administrator

The best thing in all circumstances is to consult your administrator for the specific information necessary to connect your version of Entourage (2001, 2004, 2008) to your version of Exchange (2000, 2003, 2007). Please remember Amir Haque’s excellent blog entry on TechNet for a deep dive on HOW ENTOURAGE WORKS . It is a great explanation of how Entourage and Exchange work together to connect the dots.

I hope this helps get you started. Entourage is a great tool and Exchange is one of the most successful and highly deployed of all mail platforms in the enterprise. Mac users can benefit from it’s features along with all those PC users. Who knows, with a little practice, maybe you too can get even more out of Entourage than just your email.

Thanks,
Mark Raborn
WIGITAL

Account Settings, DAV, Directory Services, Entourage, Entourage 2004, Entourage 2008, Exchange, Exchange Server, LDAP, WebDav

This entry was posted on 2008/11/22, 12:02 and is filed under Mac. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

#1 by Anthony on 2009/02/08 - 10:25

Hi. This is a truly great article and I am able to connect to the Exchange account. However, my dilemma is that I do not want to access my work Exchange account each and every time I open Entourage. Is there a way to do an on-demand scheduling of just that one account?

Quote

#2 by Paul Mead on 2009/02/24 - 13:20

Wow – what a comprehensive article – very impressed and very helpful. Many thanks Mark.

Paul.

Wintivity