You receive an LDAP error message in Outlook 2001 for Mac when you try to access an Exchange 2000 Server Active Directory (836756)


The information in this article applies to:

  • Microsoft Outlook 2001 for Mac
  • Microsoft Outlook Express 5.0.x for Macintosh
  • Microsoft Entourage 2001 for Mac

SYMPTOMS

When you use Microsoft Outlook 2001 for Mac to search for objects in an Active Directory directory service, you may receive a Lightweight Directory Access Protocol (LDAP) error message that is similar to the following:
LDAP server error.
The directory service denied access. Verify the authentication settings for this directory service.

You also experience this symptom if you use Microsoft Outlook Express 5.0x for Macintosh or Microsoft Entourage 2001 for Mac to search for objects in the Active Directory.

CAUSE

This problem occurs because the LDAP clients that are listed in the "Applies To" section of this article do not support Integrated Windows authentication (formerly named NTLM or Windows NT Challenge/Response authentication). This problem may occur after you upgrade from Microsoft Exchange Server 5.5 to Microsoft Exchange 2000 Server. In Exchange Server 5.5, clear text authentication is supported. In Exchange 2000 Server, you have to use Integrated Windows authentication if you want to access Active Directory using LDAP.

WORKAROUND

To work around this problem, create or modify a user account in the Active Directory service configuration that can be used to connect to the Microsoft Exchange 2000 Server. To create a new user on a Microsoft Windows 2000 Server domain controller that does not contain any data in the Last name box, do the following:
  1. Start Active Directory Users and Computers.
  2. Expand the domain that you want.
  3. Right-click Users, point to New, and then click User.
  4. In the First name box, type the name that you want.
  5. In the Initials box, type the initials that you want.
  6. Leave the Last name box blank.
  7. In the Full name box, type the name that you want.
  8. In the User logon name box, type the user logon name that you want, and then click Next.
  9. Type the password that you want, confirm the password, and then click to select one of the following check boxes:
    1. Users must change password at next logon (recommended for most users)
    2. User cannot change password
    3. Password never expires
    4. Account is disabled
  10. Click Next, and then click Finish.
  11. To create additional users, repeat steps 3 through 11 for each user account that you want to create.
  12. Quit Active Directory Users and Computers console.
Modification Type:MajorLast Reviewed:3/14/2004
Keywords:kbprb KB836756 kbAudEndUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.