We trust each other don't we part II: Can I share Free/Busy information between two Exchange 2007 organizations?

Here is some additional information to supplement Greg's post. I had the same question this week from a Pacific northwest university so this must be Free/Busy week.

 

Here are the prerequisites required for this to work:

1.  Representation of the target user contact objects in the source Exchange org directory. This can be either from CSV imports or some other sync mechanism such as using ILM 2007 FP1.

2.  Add an availability space for the target SMTP domain.  From the Exchange shell run: Add-AvailabilityAddressSpace task.  You can find more information here about that task.

How does this actually work between Exchange 2007 organizations?

image

1.  User performs a free/busy lookup for a user that is not in the same Exchange 2007 organization by selecting their contact. 
2.  The Availability Service finds the availability space for that SMTP domain space via the autodiscover SRV record in DNS.
3.  Availability services talks to the target domain's AutoDiscover service to determine the Availability Service URL responsible for the target mailbox.
4.  Either source user's credentials are used (trust scenario) or a free/busy account's credentials are used (non-trust scenario) to perform the F/B lookup.

 

How granular can this cross-org calendar information be?

It depends on whether the Exchange 2007 Org you are trying to retrieve availability information from is a trusted Forest or an untrusted Forest. If it is trusted Forest, the per user permissions will apply as to what can be viewed. If it is an untrusted Forest, a service account must be used and only the Free/Busy information can retrieved.

 

How do I set the cross org service account when no trust exists?

On the target CAS server Org, use the set-availabilityconfig command. See here for more information.

Here is an example using a local forest based free/busy account. This account should not be a mailbox or any type of elevated privileged account:

set-availabilityconfig -orgwideaccount "schooldomain\orgfbacct"

On the source CAS sever Org, use the Add-AvailabilityAddressSpace command. See here for more information.

Here is an example using the remote forest credentials you added above.

  1. From Exchange Management Console:type $a=get-credential - type in for exanple: schooldomain\orgfbacct and password in the PowerShell dialog box:

         image

  1. Next type: Add-AvailabilityAddressSpace -ForestName schoolsmtp.edu -AccessMethod OrgWideFB -Credential $a - The key here is to use the SMTP domain of the target Forest and NOT the actual Active Directory FQDN name.

You should see something like this:

image

That is it. Test it out.

Note:   If you want this cross-org availability lookup to work over the Internet,  make sure you have a CNAME record on your external DNS servers configured such as autodiscover.school.edu pointing to your CAS server or loadbalanced VIP name.