question

PhilippMair-9622 avatar image
0 Votes"
PhilippMair-9622 asked DaisyZhou-MSFT commented

LDAP traffic between Outlook clients and domain controllers

Hello,

I'm trying to figure out the reason for some LDAP traffic between our root and subdomains. Using Process Monitor I was able to find out that Oultook.exe is connecting to every domain controller from every subdomain using LDAP. Please see the screenshot I attached.
Basically we have some Terminal servers running in the root Domain and Users connecting to them. Our users mailboxes are running on Office 365 and we have several instances of Azure AD Sync which sync our users to multiple O365 tenants.

85316-2021-04-07-09-23-58-mremoteng-confconsxml-cloudacs.jpg



After blocking LDAP between our root and subdomains, everything still seems to work fine. But I wanted to find out why Outlook is trying to connect to other subdomain controllers?

Do you have any idea?

Regards,
Philipp

windows-serveroffice-outlook-itprowindows-active-directory
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @PhilippMair-9622,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou

0 Votes 0 ·

Hello @PhilippMair-9622,
I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
Thanks for your time and have a nice day!

Best Regards,
Daisy Zhou

0 Votes 0 ·
DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered

Hello @PhilippMair-9622,

Thank you for your update.

This may involve how Outlook works.

According to my guess, it may be that the Outlook mailbox account comes from AD, so you need to go to AD to find the corresponding account and the information in the account attributes, such as display name, email and other information.

I suggest you can try to ask the question in Outlook forum by selecting Outlook tag, open a new post again.

Thank you for your understanding and support.


Best Regards,
Daisy Zhou

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered

Hello @PhilippMair-9622,

Thank you for posting here.

I asked the engineer from outlook team, they told me we can see LDAP information of outlook below.

85629-ldap1.png

Internet directory services, also known as LDAP services, are used to find e-mail addresses that are not in your local Outlook contacts. Directory services search directories on other servers to look up names and other information that can then be viewed in Outlook. You can locate an LDAP server on the Internet, on your organization's intranet, or through another company that hosts an LDAP server.

For more information, we can read the third-part link .
Setting up Outlook to Use LDAP Address Book
https://support.kerioconnect.gfi.com/hc/en-us/articles/360015199019-Setting-up-Outlook-to-Use-LDAP-Address-Book

LDAP in Outlook 2013 & 2016 (Windows)
https://help.uis.cam.ac.uk/service/email/hermes/ldap-settings/outlook-2013-and-2016-windows

Please note: I am sorry, I can not find official link to explain it. Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.


Best Regards,
Daisy Zhou



ldap1.png (149.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PhilippMair-9622 avatar image
0 Votes"
PhilippMair-9622 answered

Hello Daisy,

sorry for my late reply.
Yes, I'm aware that it's possible to manually configure LDAP servers as an additional Adress Book. I also checked and non of our users enabled this feature.
But we still see LDAP traffic coming from Outlook.exe, trying to reach all Domain Controllers from all subdomains.

Regards,
Philipp

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PhilippMair-9622 avatar image
0 Votes"
PhilippMair-9622 answered DaisyZhou-MSFT commented

Ok thank you Daisy!

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @PhilippMair-9622,
Thank you for your update and accepting my reply as answer.
As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you!


Best Regards,
Daisy Zhou

0 Votes 0 ·