We trust each other don't we?

  • Article

The Dean of XYZ on Main Campus needs to be able to setup meetings with the Dean from XYZ at the Medical School. Sounds easy. Well, the Main Campus has one forest and the Medical School has another forest and neither are trusted. In earlier Exchange versions this could be very difficult. In Exchange 2007 this can be "Easy" to setup. I laugh when I hear Easy because I was a consultant and Easy usually tacked on time to my engagement. In Exchange 2007 calendar information is shared via a web service called the Availability Service. The Availability service improves information workers' free/busy data by providing secure, consistent, and up-to-date free/busy information to computers that are running Microsoft Office Outlook 2007.

In cross-forest topologies where all connecting client computers are running Outlook 2007, the Availability service is the only method of retrieving free/busy data.

You can use the Availability service in cross-forest topologies across trusted or untrusted forests. If trusted the information can be per-user and if untrusted as the case with alot of Universities the information provided is the default free/busy to the other forest.

 

 

The type of free/busy information is determined by whether the cross-forest free/busy data is configured as a per-user or an organization-wide service. Per-user free/busy information is possible only in a trusted cross-forest topology and makes it possible for the Availability service to make cross-forest requests on behalf of a particular user. This also allows a user in a remote forest to grant detailed free/busy information to a cross-forest user.

However, with organization-wide free/busy data, the Availability service can make cross-forest requests only on behalf of a particular organization. With organization-wide free/busy data, a user's default free/busy information is returned, and it is not possible to control the level of free/busy information that is returned to users in the other forest.

To understand the objects in both forest it is necessary to use GALSync to synchronize the user objects between forest. Also, if you have clients older than Outlook 2007 you need to use the InterOrg Repl tool. Microsoft Exchange Server Inter-Organization Replication.

Permissions needed for cmds:

Get-ClientAccessServer - Exchange View-only admin

Add-ADPermission - Exchange Org Admin

Add-AvailabilityAddressSpace - Exchange Org Admin

Set-AvailabilityConfig - Exchange Org Admin

 

How to do it? (untrusted only)

 

1. On CAS in Target forest:

Set-AvailabilityConfig -OrgWideAccount "Contoso.com\User"

2. Run the following commands to add the Availability address space configuration object for the source forest

  1.  $a = get-credential  (Enter the credentials for organization-wide user in Contoso.com domain)
Add-AvailabilityAddressspace -Forestname Contoso.com -Accessmethod OrgWideFB -Credential:$a

 For full details on untrusted and trusted configuration see https://technet.microsoft.com/en-us/library/bb125182(EXCHG.80).aspx