Open Microsoft Outlook on your MacBook. Click the 'Tools' menu and select 'Accounts.' Click ' Exchange or Office 365.' Enter your exchange account information and select 'Add Account.' Enter your email ID and password for NMU. For your username, type 'ads ' before your NMU User ID. Configure Mac Mail With Microsoft Exchange The following will help you setup your Microsoft Exchange email account with Mac Mail. Note: Exchange only runs with the 10.6 or above OS (operating system) If you're unsure about what OS you're running, select the Apple icon located in the top left hand corner and then About This Mac. For more information, see Address lists in Exchange Server. These are the address list and GAL procedures that you'll find in this topic: Global address list procedures. Use the Exchange Management Shell to update global address lists. Use the Exchange Management Shell to view members of global address. Also known as an LDAP server. Enter the name of the server that is provided by your system administrator. This server address is commonly the same address as your Microsoft Exchange Server address, but this is not always true. Override default port. To be able to edit the port number that follows the server address, select this check box. 2008-11-5 I was just wondering, before I e-mail my company's IT Department, if I can find out my Exchange Server's address so I can use Exchange on my iPhone. Any help would be much appreciated. On outlook it reads as something like UKHJKM26 Should that not be a server address.
-->An address list is a collection of mail-enabled recipient objects from Active Directory. Address lists are based on recipient filters, and are basically unchanged from Exchange 2010. You can filter by recipient type (for example, mailboxes and mail contacts), recipient properties (for example, Company or State or Province), or both. Address lists aren't static; they're updated dynamically. When you create or modify recipients in your organization, they're automatically added to the appropriate address lists. These are the different types of address lists that are available:
After you've installed Exchange Server 2016 or Exchange 2019 in your organization, you need to configure Exchange for mail flow and client access. Without these additional steps, you won't be able to send mail to the internet and external clients (for example, Microsoft Outlook, and Exchange ActiveSync devices) won't be able to connect to your. Implementing an ABP is a multi-step process that requires planning. For more information, see Scenario: Deploying address book policies in Exchange Server. How ABPs work. The following diagram shows how ABPs work. The user is assigned Address Book Policy A that contains a subset of address lists that are available in the organization.
Global address lists (GALs): The built-in GAL that's automatically created by Exchange includes every mail-enabled object in the Active Directory forest. You can create additional GALs to separate users by organization or location, but a user can only see and use one GAL.
Address lists: Address lists are subsets of recipients that are grouped together in one list, which makes them easier to find by users. Exchange comes with several built-in address lists, and you can create more based on you organization's needs.
Offline address books (OABs): OABs contain address lists and GALs. OABs are used by Outlook clients in cached Exchange mode to provide local access to address lists and GALs for recipient look-ups. For more information, see Offline address books in Exchange Server.
Users in your organization use address lists and the GAL to find recipients for email messages. Here's an example of what address lists look like in Outlook 2016:
For procedures related to address lists, see Procedures for address lists in Exchange Server.
Recipient filters for address lists
Recipient filters identify the recipients that are included in address lists and GALs. There are two basic options: precanned recipient filters and custom recipient filters. These are basically the same recipient filtering options that are used by dynamic distribution groups and email address policies. The following table summarizes the differences between the two filtering methods.
Recipient filtering method | User interface | Filterable recipient properties | Filter operators |
---|---|---|---|
Precanned recipient filters | Address lists: Exchange admin center (EAC) and the Exchange Management Shell GALs: Exchange Management Shell only | Limited to: • Recipient type (All recipient types or any combination of user mailboxes, resource mailboxes, mail contacts, mail users, and groups) • Company • Custom Attribute 1 to 15 • Department • State or Province | Property values require an exact match. Wildcards and partial matches aren't supported. For example, 'Sales' doesn't match the value 'Sales and Marketing'. Multiple values of the same property always use the or operator. For example, 'Department equals Sales or Department equals Marketing'. Multiple properties always use the and operator. For example, 'Department equals Sales and Company equals Contoso'. |
Custom recipient filters | Exchange Management Shell only | You can use virtually any available recipient attributes. For more information, see Filterable Properties for the -RecipientFilter Parameter. | You use OPATH filter syntax to specify any available Windows PowerShell filter operators. Wildcards and partial matches are supported. |
Notes:
You can't used precanned filters and customized filters at the same time.
The recipient's location in Active Directory (the organizational unit or container) is available in both precanned and custom recipient filters.
If an address list uses custom recipient filters instead of precanned filters, you can see the address list in the EAC, but you can't modify or remove it by using the EAC.
You can hide recipients from all address lists and GALs. For more information, see Hide recipients from address lists.
Global address lists
By default, a new installation of Exchange Server creates an GAL named Default Global Address List that's the primary repository of all recipients in the Exchange organization. Typically, most organizations have only one GAL, because users can only see and use one GAL in Outlook and Outlook on the web (formerly known as Outlook Web App). You might need to create multiple GALs if you want to prevent groups of recipients from seeing each other (for example, you single Exchange organization contains two separate companies). If you plan on creating additional GALs, consider the following issues:
You can only use the Exchange Management Shell to create, modify, remove, and update GALs.
The GAL that users see in Outlook and Outlook on the web is named Global Address List, even though the default GAL is named Default Global Address List, and any new GALs that you create will require a unique name (users can't tell which GAL that they're using by name).
Users can only see a GAL that they belong to (the recipient filter of the GAL includes them). If a user belongs to multiple GALs, they'll still see only one GAL based on the following conditions:
The user needs permissions to view the GAL. You assign user permissions to GALs by using address book policies (ABPs). For more information, see Address book policies in Exchange Server.
If a user is still eligible to see multiple GALs, only the largest GAL is used (the GAL that contains the most recipients).
Each GAL needs a corresponding offline address book (OAB) that includes the GAL. To create OABs, see Use the Exchange Management Shell to create offline address books.
Default address lists
By default, Exchange comes with five built-in address lists and one GAL. These address lists are described in the following table. Note that by default, system-related mailboxes like arbitration mailboxes and public folder mailboxes are hidden from address lists.
Name | Type | Description | Recipient filter used |
---|---|---|---|
All Contacts | Address list | Includes all mail contacts in the organization. To learn more about mail contacts, see Recipients. | 'Alias -ne $null -and (ObjectCategory -like 'person' -and ObjectClass -eq 'contact')' |
All Distribution Lists | Address list | Includes all distribution groups and mail-enabled security groups in the organization. To learn more about mail-enabled groups, see Recipients. | 'Alias -ne $null -and ObjectCategory -like 'group' |
All Rooms | Address list | Includes all room mailboxes. Equipment mailboxes aren't included. To learn more about room and equipment (resource) mailboxes, see Recipients. | 'Alias -ne $null -and (RecipientDisplayType -eq 'ConferenceRoomMailbox' -or RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')' |
All Users | Address list | Includes all user mailboxes, linked mailboxes, remote mailboxes (Office 365 mailboxes), shared mailboxes, room mailboxes, equipment mailboxes, and mail users in the organization. To learn more about these recipient types, see Recipients. | '((Alias -ne $null) -and (((((((ObjectCategory -like 'person') -and (ObjectClass -eq 'user') -and (-not(Database -ne $null)) -and (-not(ServerLegacyDN -ne $null)))) -or (((ObjectCategory -like 'person') -and (ObjectClass -eq 'user') -and (((Database -ne $null) -or (ServerLegacyDN -ne $null))))))) -and (-not(RecipientTypeDetailsValue -eq 'GroupMailbox')))))' |
Default Global Address List | GAL | Includes all mail-enabled recipient objects in the organization (users, contacts, groups, dynamic distribution groups, and public folders. | '((Alias -ne $null) -and (((ObjectClass -eq 'user') -or (ObjectClass -eq 'contact') -or (ObjectClass -eq 'msExchSystemMailbox') -or (ObjectClass -eq 'msExchDynamicDistributionList') -or (ObjectClass -eq 'group') -or (ObjectClass -eq 'publicFolder'))))' |
Public Folders | Address list | Includes all mail-enabled public folders in your organization. Access permissions determine who can view and use public folders. For more information about public folders, see Public Folders. | 'Alias -ne $null -and ObjectCategory -like 'publicFolder' |
Custom address lists
An Exchange organization might contain thousands of recipients, so the built-in address lists could become quite large. To prevent this, you can create custom address lists to help users find what they're looking for.
For example, consider a company that has two large divisions in one Exchange organization:
Fourth Coffee, which imports and sells coffee beans.
Contoso, Ltd, which underwrites insurance policies.
For most day-to-day activities, employees at Fourth Coffee don't communicate with employees at Contoso, Ltd. Therefore, to make it easier for employees to find recipients who exist only in their division, you can create two new custom address lists: one for Fourth Coffee and one for Contoso, Ltd. However, if an employee is unsure about where recipient exists, they can search in the GAL, which contains all recipients from both divisions.
You can also create address lists under other address lists. For example, you can create an address list that contains all recipients in Manchester, and you can create another address list under Manchester named Sales that contains only sales people in the Manchester office. You can also move address lists back to the root, or under other address lists after you've created them. For more information, see Use the Exchange Management Shell to move address lists.
Best practices for creating additional address lists
Although address lists are useful tools for users, poorly planned address lists can cause frustration. To make sure that your address lists are practical for users, consider the following best practices:
Address lists should make it easier for users to find recipients.
Avoid creating so many address lists that users can't tell which list to use.
Use a naming convention and location hierarchy for your address lists so users can immediately tell what the list is for (which recipients are included in the list). If you have difficulty naming your address lists, create fewer lists and remind users that they can find anyone in your organization by using the GAL.
For detailed instructions about creating address lists in Exchange Server, see Create address lists.
Update address lists
After you create or modify an address list, you need to update the membership.
If the address list contains a large number of recipients (our recommendation is more than 3000), you should use the Exchange Management Shell to update the address list (not the EAC). For more information, see Update address lists.
To update a GAL, you always need to use the Exchange Management Shell. For more information, see Use the Exchange Management Shell to update global address lists.
-->After you've installed Exchange Server 2016 or Exchange 2019 in your organization, you need to configure Exchange for mail flow and client access. Without these additional steps, you won't be able to send mail to the internet and external clients (for example, Microsoft Outlook, and Exchange ActiveSync devices) won't be able to connect to your Exchange organization.
The steps in this topic assume a basic Exchange deployment with a single Active Directory site and a single simple mail transport protocol (SMTP) namespace.
Important
This topic uses example values such as Mailbox01, contoso.com, mail.contoso.com, and 172.16.10.11. Replace the example values with the server names, FQDNs, and IP addresses for your organization.
For additional management tasks related to mail flow and clients and devices, see Mail flow and the transport pipeline and Clients and mobile.
What do you need to know before you begin?
Estimated time to complete this task: 50 minutes
You might receive certificate warnings when you connect to the Exchange admin center (EAC) website until you configure a secure sockets layer (SSL) certificate on the Mailbox server. You'll be shown how to do this later in this topic.
To open the EAC, see Exchange admin center in Exchange Server. To open the Exchange Management Shell, see Open the Exchange Management Shell.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.
Tip
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.
Step 1: Create an internet Send connector
Before you can send mail to the internet, you need to create a Send connector on the Mailbox server. For instructions, see Create a Send connector in Exchange Server to send mail to the internet.
Note
By default, a Receive connector named 'Default Frontend <ServerName>_' is created when Exchange is installed. This Receive connector accepts anonymous SMTP connections from external servers. You don't need to do any additional configuration if this is the functionality you want. If you want to restrict inbound connections from external servers, modify the Default Frontend <Mailbox server> Receive connector on the Mailbox server. For more information, see Default Receive connectors created during setup.
Step 2: Add additional accepted domains
By default, Exchange uses the Active Directory domain where Setup /PrepareAD was run for email addresses. If you want recipients to receive and send messages to and from another domain, you need to add the domain as an accepted domain. For instructions, see Create accepted domains and Configure Exchange to accept mail for multiple authoritative domains.
Important
To receive email from the internet for a domain, you need an MX resource record in your public DNS for that domain. Each MX record should resolve to the internet-facing server that receives email for your organization.
Step 3: Configure the default email address policy
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the 'Email address policies' entry in the Email address and address book permissions topic.
If you added an accepted domain in the previous step and you want that domain to be added to every recipient in the organization, you need to update the default email address policy. For instructions, see Modify email address policies and Apply email address policies to recipients.
Note
We recommend that you configure a user principal name (UPN) that matches the primary email address of each user. If you don't provide a UPN that matches the email address of a user, the user will be required to manually provide their domainuser name or UPN in addition to their email address. If their UPN matches their email address, Outlook on the web (formerly known as Outlook on the web), ActiveSync, and Outlook will automatically match their email address to their UPN.
Step 4: Configure external URLs
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the ' <Service> virtual directory settings' entry in the Clients and mobile devices permissions topic.
Before clients can connect to your new server from the internet, you need to configure the external domains (or URLs) on the virtual directories in the Client Access (frontend) services on the Mailbox server and then in your public DNS records. The steps below configure the same external domain on the external URL of each virtual directory. If you want to configure different external domains on one or more virtual directory external URLs, you need to configure the external URLs manually. For more information, see Default settings for Exchange virtual directories.
Open the EAC and go to Servers > Servers, select your internet-facing Mailbox server that your clients will connect to, and then click Edit .
In the Exchange server properties window that opens, select the Outlook Anywhere tab, configure the following settings:
Specify the external host name...: Enter the externally accessible FQDN that your external clients will use to connect to their mailboxes (for example, mail.contoso.com).
Specify the internal host name...: Enter the internally accessible FQDN (for example, mail.contoso.com).
When you're finished, click Save.
Go to Servers > Virtual directories and then select Configure external access domain .
In the Configure external access domain window opens, configure the following settings:
Select the Mailbox servers to use with the external URL: Click Add
In the Select a server dialog that opens, select the Mailbox server you want to configure and then click Add. After you've added all of the Mailbox servers that you want to configure, click OK.
Enter the domain name you will use with your external Mailbox servers: Enter the external domain that you want to apply (for example, mail.contoso.com). When you're finished, click Save.
Some organizations use a unique Outlook on the web FQDN to protect against future changes to the underlying server FQDN. Many organizations use owa.contoso.com for their Outlook on the web FQDN instead of mail.contoso.com. If you want to configure a unique Outlook on the web FQDN, do the following steps. This checklist assumes you have configured a unique Outlook on the web FQDN.
Back at Servers > Virtual directories, select owa (Default Web Site) on the server that you want to configure, and then click Edit .
The owa (Default web site) window opens. On the General tab in the External URL field, enter the following information:
https://
The unique Outlook on the web FQDN you want to use (for example, owa.contoso.com), and then append /owa. For example, https://owa.contoso.com/owa.
/owa
In this example, the final value would be https://owa.contoso.com/owa.
When you're finished, click Save.
Back at Servers > Virtual directories, select ecp (Default Web Site) on the server that you want to configure, and click Edit .
In the ecp (Default web site) window that opens, enter the same URL from the previous step, but append the value /ecp instead of /owa (for example, https://owa.contoso.com/ecp). When you're finished, click Save.
After you've configured the external URL in the Client Access services virtual directories on the Mailbox server, you need to configure your public DNS records for Autodiscover, Outlook on the web, and mail flow. The public DNS records should point to the external IP address or FQDN of your internet-facing Mailbox server and use the externally accessible FQDNs that you've configured on your Mailbox server. The recommended DNS records that you should create to enable mail flow and external client connectivity are described in the following table:
FQDN | DNS record type | Value |
---|---|---|
Contoso.com | MX | Mail.contoso.com |
Mail.contoso.com | A | 172.16.10.11 |
Owa.contoso.com | CNAME | Mail.contoso.com |
Autodiscover.contoso.com | CNAME | Mail.contoso.com |
How do you know this step worked?
Microsoft Address Redmond
To verify that you've successfully configured the external URLs in the Client Access services virtual directories on the Mailbox server, do the following steps:
In the EAC, go to Servers > Virtual directories.
In the Select server field, select the internet-facing Mailbox server.
Select a virtual directory and then, in the virtual directory details pane, verify that the External URL field is populated with the correct FQDN and service as shown in the following table:
Virtual directory External URL value Autodiscover No external URL displayed ECP https://owa.contoso.com/ecp EWS https://mail.contoso.com/EWS/Exchange.asmx Microsoft-Server-ActiveSync https://mail.contoso.com/Microsoft-Server-ActiveSync OAB https://mail.contoso.com/OAB OWA https://owa.contoso.com/owa PowerShell http://mail.contoso.com/PowerShell
To verify that you've successfully configured your public DNS records, do the following steps:
Open a command prompt and run
nslookup.exe
.Change to a DNS server that can query your public DNS zone.
In
nslookup
, look up the record of each FQDN you created. Verify that the value that's returned for each FQDN is correct.In
nslookup
, typeset type=mx
and then look up the accepted domain you added in Step 1. Verify that the value returned matches the FQDN of the Mailbox server.
Step 5: Configure internal URLs
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the ' <Service> virtual directory settings' entry in the Clients and mobile devices permissions topic.
Before clients can connect to your new server from your internal network, you need to configure the internal domains (or URLs) on the virtual directories in the Client Access (frontend) services on the Mailbox server and then in your internal DNS records.
The procedure below lets you choose whether you want users to use the same URL on your intranet and on the internet to access your Exchange server or whether they should use a different URL. What you choose depends on the addressing scheme you have in place already or that you want to implement. If you're implementing a new addressing scheme, we recommend that you use the same URL for both internal and external URLs. Using the same URL makes it easier for users to access your Exchange server because they only have to remember one address.
Regardless of your decision, you need to configure a private DNS zone for the address space you choose. For more information about administering DNS zones, see Administering DNS Server.
For more information about internal and external URLs on virtual directories, see Default settings for Exchange virtual directoriesVirtual Directory Management.
Configure internal and external URLs to be the same
Open the Exchange Management Shell on your Mailbox server.
Store the host name of your Mailbox server in a variable that will be used in the next step. For example, Mailbox01.
Run each of the following commands in the Exchange Management Shell to configure each internal URL to match the virtual directory's external URL.
After you've configured the internal URL on the Mailbox server virtual directories, you need to configure your private DNS records for Outlook on the web and other connectivity. Depending on your configuration, you'll need to configure your private DNS records to point to the internal or external IP address or FQDN of your Mailbox server. Examples of recommended DNS records that you should create are described in the following table:
FQDN | DNS record type | Value |
---|---|---|
Mail.contoso.com | CNAME | Mailbox01.corp.contoso.com |
Owa.contoso.com | CNAME | Mailbox01.corp.contoso.com |
How do you know this step worked?
To verify that you've successfully configured the internal URL on the Mailbox server virtual directories, do the following:
In the EAC, go to Servers > Virtual directories.
In the Select server field, select the internet-facing Mailbox server.
Select a virtual directory and then click Edit .
Verify that the Internal URL field is populated with the correct FQDN and service as shown in the following table:
Virtual directory Internal URL value Autodiscover No internal URL displayed ECP https://owa.contoso.com/ecp EWS https://mail.contoso.com/EWS/Exchange.asmx Microsoft-Server-ActiveSync https://mail.contoso.com/Microsoft-Server-ActiveSync OAB https://mail.contoso.com/OAB OWA https://owa.contoso.com/owa PowerShell http://mail.contoso.com/PowerShell
To verify that you have successfully configured your private DNS records, do the following:
Open a command prompt and run
nslookup.exe
.Change to a DNS server that can query your private DNS zone.
In
nslookup
, look up the record of each FQDN you created. Verify that the value that's returned for each FQDN is correct.
Configure different internal and external URLs
Open the EAC, and go to Servers > Virtual directories,
On the internet-facing Mailbox server, select the virtual directory that you want to configure, and then click Edit .
The virtual directory properties window opens. In the Internal URL field, replace the existing host name value in the URL (likely, the FQDN of the Mailbox server) with the new value that you want to use (for example, internal.contoso.com).
For example, in the properties of the Exchange Web Services (EWS) virtual directory, change the existing value from https://Mailbox01.corp.contoso.com/ews/exchange.asmx to https://internal.contoso.com/ews/exchange.asmx.
When you're finished, click Save.
Repeat the previous steps for each virtual directory you want to change.
Note
The ECP and OWA virtual directory internal URLs must be the same. You can't set an internal URL on the Autodiscover virtual directory.
After you've configured the internal URL on the Mailbox server virtual directories, you need to configure your private DNS records for Outlook on the web, and other connectivity. Depending on your configuration, you'll need to configure your private DNS records to point to the internal or external IP address or FQDN of your Mailbox server. An example of the recommended DNS record that you should create is described in the following table:
FQDN | DNS record type | Value |
---|---|---|
internal.contoso.com | CNAME | Mailbox01.corp.contoso.com |
How do you know this step worked?
To verify that you've successfully configured the internal URLs in the Client Access services virtual directories on the Mailbox server, do the following steps:
In the EAC, go to Servers > Virtual directories.
In the Select server field, select the internet-facing Mailbox server.
Select a virtual directory and then click Edit .
Verify that the Internal URL field is populated with the correct FQDN. For example, you may have set the internal URLs to use internal.contoso.com.
Virtual directory Internal URL value Autodiscover No internal URL displayed ECP https://internal.contoso.com/ecp EWS https://internal.contoso.com/EWS/Exchange.asmx Microsoft-Server-ActiveSync https://internal.contoso.com/Microsoft-Server-ActiveSync OAB https://internal.contoso.com/OAB OWA https://internal.contoso.com/owa PowerShell http://internal.contoso.com/PowerShell
To verify that you've successfully configured your private DNS records, do the following:
Open a command prompt and run
nslookup.exe
.Change to a DNS server that can query your private DNS zone.
In
nslookup
, look up the record of each FQDN you created. Verify that the value that's returned for each FQDN is correct.
Step 6: Configure an SSL certificate
Some services, such as Outlook Anywhere and Exchange ActiveSync, require certificates to be configured on your Exchange server. The following steps show you how to configure an SSL certificate from a third-party certificate authority (CA):
Create an Exchange Server certificate request for a certification authority.
You should request a certificate from a third-party CA so your clients automatically trust the certificate. For more information, see Best practices for Exchange certificates.
If you configured your internal and external URLs to be the same, Outlook on the web (when accessed from the internet) and Outlook on the web (when accessed from the Intranet) should both show owa.contoso.com. OAB (when accessed from the internet) and OAB (when accessed from the Intranet) should show mail.contoso.com.
If you configured the internal URLs to be internal.contoso.com, Outlook on the web (when accessed from the internet) should show owa.contoso.com and Outlook on the web (when accessed from the Intranet) should show internal.contoso.com.
Complete a pending Exchange Server certificate request.
At minimum, you should select SMTP and IIS.
If you receive the warning Overwrite the existing default SMTP certificate?, click Yes.
How do you know this step worked?
To verify that you've successfully added a new certificate, do the following steps:
In the EAC, go to Servers > Certificates.
Select the new certificate and then, in the certificate details pane, verify that the following are true:
Status shows Valid
Assigned to services shows, at minimum, IIS and SMTP.
How do you know this task worked?
Microsoft Phone Number
To verify that you've configured mail flow and external client access, do the following steps:
Microsoft Exchange Server Address For Mac
In Outlook, on an Exchange ActiveSync device, or on both, create a new profile. Verify that Outlook or the mobile device successfully creates the new profile.
In Outlook, or on the mobile device, send a new message to an external recipient. Verify the external recipient receives the message.
In the external recipient's mailbox, reply to the message you just sent from the Exchange mailbox. Verify the Exchange mailbox receives the message.
Go to https://owa.contoso.com/owa and verify that there are no certificate warnings.