Thunderbird and the Outlook Global Address book

As I mentioned in an earlier post, I have switched job and while I initially had to use the Outlook Web Access (OWA) in the version of 2010 to access my mailbox. At this point I want to be fair and say: Microsoft really improved the web client. You can work with it. I prefer that interface over several others (Hotmail/Live). The other option was to use the real Outlook over a terminal server session or using a virtual machine. I tried both (in version 2007 and 2010) too so I have used all variants. The result is: Outlook still completely sucks! I talked to other people who ever used something different than Outlook in their work (e.g. Thunderbird or Notes) and everybody confirms, that Outlook sucks. People often wonder why I have problems with Outlook when "the whole rest of the world" is fine with it. The reason is: Most people don't know anything else and they got used to suffer. But enough, I want to help out everybody who is in the lucky situation that IMAP protocol got activated in their Exchange branded workplace (in my case they activated it just for me :-) - this is cool). I tried several alternatives for directly accessing the Exchange server without success and I could not occupy the internal IT for hours to figure out, what goes wrong. Opening up the IMAP protocol was the simplest and straight-forward-option.

So I can use the loved Thunderbird again!

But opening up the IMAP is only half the way. You also need to get access to the address book. And here I ran against brick walls in the first step:

1. Trying to open an LDAP address book pointing to the Exchange server failed in getting no connection (neither port 389 nor 3268 worked).
2. I figured out the AD (Active Directory) server of the Windows world and used that. It connected immediately to port 389, however then had problems loading the contacts. As I know now, it is a matter of filtering to the correct entry set. However, after failing continously during my first attempts I tried
3. exporting the global address list from within Outlook into ... well ... anything, I was about to even accept any CSV file, however styled. Completely failed in that too - you can export contacts but not the global address list. You can imagine how happy I was...

Fast forward to my final solution which now supports

• directly using the global address book via LDAP directly from the server or
• use a local copy (export+import which you need to do manually from time to time to be up-to-date).

How it is done:

1. Get the Apache Directory Studio or another LDAP browser tool of your choice that supports an LDIF export. In the Apache Studio case, just extract the package and start it (yes, it's that simple, it's a Java application that runs on Linux and Windows). You need this to first test your LDAP access, if you are not sure about the correct criteria.
2. Now you need to find out where the AD is hosted. In my case I promised not to ask boring questions to IT (they were already nice enough to open up the IMAP just for me), so I had to find out on my own. I simply checked in to the Terminal Server Session and wrote a little batch file (directly going to the console is forbidden in the terminal server session due to security policies) of the content:
   

   set
   pause

   
   and just double-clicked it to find the entry "LogonServer", "UserDNSDomain" and "UserDomain".
3. Now start the Apache Directory Studio and create a new LDAP connection. The connection parameters would be something like:
   

   hostname=fulldnsmachinename

   
   (using the information from LogonServer and UserDNSDomain, so e.g. "myserver.mycompany.com").
   

   Port = 389

   
   (default LDAP port).
   Logon with UserDomain\yourUserName and your password.
   Click on "Fetch base DNs" to find out the base DN to use - or guess it, it usually is:
   

   dc=yourCompany,dc=internetsuffixlikecomnetorgetc

   
   so for example dc=microsoft,dc=com.
4. Now you would find a lot of stuff browsing through the AD (assuming you have enough read permissions). To find the entries that are displayed in the Outlook address book, you need to filter the information. To do so, create a new search using the base DN above and the following search filter (click on "Filter Editor..." for better formatting):
   

    (&
   (showInAddressBook=*)
   (mail=*)
   (mailNickname=*)
   (|
     (objectClass=person)
     (objectClass=group)
     (objectClass=groupOfNames)
   )
   )

   
   Here is the filter again as one-liner - this is how to use it in your Thunderbird:
   
   (&(showInAddressBook=*)(mail=*)(mailNickname=*)(|(objectClass=person)(objectClass=group)(objectClass=groupOfNames)))
   
   In the Apache Directory Studio you can now set the option to "Follow referrals manually" or ignore them completely. Leaving it to automatic can produce errors - especially if AD not well configured (in my case loops are generated when automatically following all referrals). Search scope should be the complete subtree. Check the results by executing the search.
5. Start Thunderbird and create a new IMAP account (if you didn't already) and create a new LDAP address book (Tools-Address book; File-New-LDAP Directory). Enter Hostname, Port, Base DN as in step 3 and in the "Advanced" tab choose subtree and enter the one-liner version of the filter as in step 4.
   Now you have the direct access version. You now could change settings in Thunderbird (Edit-Preferences-Composition-Addressing) or even configure it for a single account (under Composition and Addressing) to use the LDAP directory for autocompletion, but I found that to be annoying because of the slow Exchange server in my particular case (YMMV). Hence I did not do this but pressed F9 in a new mail to show the contacts sidebar. There I switched to the LDAP address book and can now search and choose addresses if they are not already among my collected addresses. This is BTW the same you get, using Outlook - only those addresses, you already used get auto-completed and the others you need to search manually. A second annoyance is that Thunderbird takes a longer time to really disappear from memory when the LDAP search was used during runtime. So I was not really satisfied with that solution.
6. Just for performance and to have all autocompleted, I wanted to have a local copy of the address book. I found that the Apache Directory Studio offers an LDIF export feature, which is really the best you can get. Even phone numbers and other properties from the LDAP directory finds the way into the imported address book in Thunderbird. Just right-click the search (it's in the tree on the left-hand side) and choose "Export-LDIF" from the context menu within the Studio and in Thunderbird you go to "Tools-Address Books" and choose "Tools-Import..." - done.

Now you have both - full autocompelete and you can actively search the current LDAP at the server for the case new employees joined the train without the need to export-import all the time. However from time-to-time it makes sense to do a re-import just to have the current entries in the local cache. Fortunately the search is saved in the Apache Directory Studio for later reuse. Thanks to the Apache team for this great piece of software!

Oh, BTW: The local download of the LDAP directory did not work for me (it started but never finished - maybe because of the internal loops).

Hope this helps!

Related posts: Ignorance of the different, Popular Ubuntu Desktop myths, Apple worse than Microsoft, Outlook Calendar meetings, Maintaining multiple calendars.