Do you want to create an LDAP Address Book in order to distribute your Certificate Information? Here is a quick way to get this done!

            Consider the scenario where you, as Wingtiptoys, acquire an existing Contoso. Contoso has a client portfolio with which she has encrypted communication. In order to be able to use the encryption certificates to communicate with the Clients of Contoso you need to find a way to access the Certificate Information of the Clients.

            There are a couple of ways by which this can be achieved, one of them being the creation of an LDAP Address Book in your Organization’s Active Directory. Below you find the steps in order to set this up and get it working.


Note1: You need to have an Encryption Certificate issued for your User and configured in your Outlook 2013 Client in order to be able to send an encrypted email to the LDAP contact 


Note2: You can add the LDAP Contact to your Outlook Contacts Folder; however you need to update the contact from your Outlook Contacts Folder when the Certificate Information expires. We recommend to use the LDAP Contact directly in order to be sure the most recent and valid Certificate Information is being used for Email Encryption.

1. In your Active Directory Server open the Active Directory Users and Computers Window, right click your Domain and create a New Organizational Unit. I will name mine NewLDAPAddressBook.

 2. In the New Organizational Unit move the Contacts from the Address Book of Contoso 


So until now we have created a location that is accessible throughout the Organization of Wingtiptoys and Contoso.  Now we need to open the new Address List from the Outlook Client side in order to use the Contacts of Contoso.


3. From the Outlook Client, in this case Outlook 2013, go to the Outlook File – Info – Account Settings – Account Settings, Select the Address Books Tab and click New

4. In the Add Account Window select the Option Internet Directory Service (LDAP) and click Next

5. Enter the Server Name where the LDAP Address Book is being stored  

6. Check the This server requires me to log on checkbox and enter your Domain Credentials


7. Click on the More Settings Options and configure the following:



Characteristics of a Global Catalog Search

The following characteristics differentiate a Global Catalog search from a standard LDAP search:

  • Global Catalog queries are directed to port 3268, which explicitly indicates that Global Catalog semantics are required. By default, ordinary LDAP searches are received through port 389. If you bind to port 389, even if you bind to a Global Catalog server, your search includes a single domain directory partition. If you bind to port 3268, your search includes all directory partitions in the forest. If the server you attempt to bind to over port 3268 is not a Global Catalog server, the server refuses the bind.

  • Global Catalog searches can specify a non-instantiated search base, indicated as "com" or " " (blank search base).

  • Global Catalog searches cross directory partition boundaries. The extent of the LDAP search is the directory partition.

Global Catalog searches do not return subordinate referrals. If you use port 3268 to request an attribute that is not in the Global Catalog, you do not receive a referral to it. Subordinate referrals are an LDAP response; when you query over port 3268, you receive Global Catalog responses, which are based solely on the contents of the Global Catalog. If you query the same server by using port 389, you receive referrals for objects that are in the forest but whose attributes are not referenced in the Global Catalog.


          a. In the Connection Tab enter the Display Name of the LDAP Address Book, as you want it to be displayed in the Address Book menu, and leave the default Port 389 set  (see additional reading section for more Details)


          b. In the Search Tab in the Search Base Section enter the Custom Field enter the distinguished name of the Domain Controller Organizational Unit as displayed in ADSIEdit.


Also enable the Browsing within the LDAP Address book so that when selected all Items of the LDAP Address Book are visible



8. Click Finish in order to complete the Account Changes performed in the Address Book Section

Note: The Server Name you can find in the Active Directory Users and Computers top left corner


9. Restart Outlook 2013, go to the Address Book from the Ribbon and select the new LDAP Address Book visible in the Address Book pull down menu.


10. Select the LDAP Address Book and choose a contact you want to send an email to

Additional reading:


Add or remove an address book


Understanding S/MIME


Outlook S/MIME certificate selection


Publish S/MIME certificates for external contacts to Active Directory for use with Exchange Server 2007


Plan for e-mail messaging cryptography in Outlook 2010

Comments (1)

Skip to main content