Free/Busy between two Trusted AD Forests running Exchnage 2007
Hi,
We have two AD forests with a two way trust. Both are running Exchange 2007 and using 3rd party certs (not self signed)
I would like to be able to view free/busy across both forest but am having trouble getting this to work.
The article I am reading is :
http://technet.microsoft.com/en-us/library/bb125182%28EXCHG.80%29.aspx
What I have does so far is:
Source Forest
- Add-AvailabilityAddressSpace -ForestName "<target forest name>" -AccessMethod PerUserFB -UseServiceAccount $true
My questions are:
- Do I have to ask the Mail admin in the target forest to execute the command for anything to work?
Get-ClientAccessServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights "ms-exch-epi-token-serialization" -User "Sourceforest\Exchange Servers"
- Do I have to create a DNS record so we can resolve autodiscover in the external forest ?
The article above says you can use DNS instead of exporting the SCP but what format does it take ? I read something about as SRV records not working across forests ??
I ran the following command to test ....
[PS] C:\>Test-OutlookWebServices -Identity sourceforestuser@companyA.com -TargetAddress destinationforestuser@companyB.com | FL
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address sourceforestuser@companyA.com.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://nymail.sourcecompany.com/Autodiscover/Autodiscover.xml.
Id : 1011
Type : Error
Message : The receipent address destinationforestuser@companyB.com is invalid. Please check your command parameters.
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://nymail.sourcecompany.com/EWS/Exchange.asmx. The elapsed time was 46 milliseconds.
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at https://nymail.sourcecompany.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1005
Type : Error
Message : When accessing https://nymail.sourcecompany.com/UnifiedMessaging/Service.asmx the error "RemoteCertificateNameMismatch:CN=nymail.sourcecompany.com
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://nymail.sourcecompany.com/UnifiedMessaging/Service.asmx. The elapsed time was 15 milliseconds.
Id : 1011
Type : Error
Message : The receipent address destinationforestuser@companyB.com is invalid. Please check your command parameters.
Id : 1016
Type : Success
Message : [EXPR]-Successfully contacted the AS service at https://nymail.sourcecompany.com/EWS/Exchange.asmx. The elapsed time was 15 milliseconds.
Id : 1015
Type : Success
Message : [EXPR]-Successfully contacted the OAB service at https://nymail.sourcecompany.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1014
Type : Information
Message : [EXPR]-The UM is not configured for this user.
Id : 1017
Type : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://nymail.sourcecompany.com/Rpc. The elapsed time was 15 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
April 25th, 2012 1:41pm
I would use Federation Service (It's free) to achieve your requirements
http://technet.microsoft.com/en-us/library/dd638083.aspx
http://technet.microsoft.com/en-us/library/dd335047.aspxGulab Prasad,
MCITP: Exchange Server 2010 | MCITP: Exchange Server 2007
MCITP: Lync Server 2010 | MCITP: Windows Server 2008
My Blog |
Z-Hire Employee Provisioning App
Free Windows Admin Tool Kit Click here and download it now
April 26th, 2012 7:47am
I would use Federation Service (It's free) to achieve your requirements
http://technet.microsoft.com/en-us/library/dd638083.aspx
http://technet.microsoft.com/en-us/library/dd335047.aspxGulab Prasad,
MCITP: Exchange Server 2010 | MCITP: Exchange Server 2007
MCITP: Lync Server 2010 | MCITP: Windows Server 2008
My Blog |
Z-Hire Employee Provisioning App
April 26th, 2012 7:47am
Looks good but we are running Exchange 2007. I mistakenly said earlier that the target forest are also running Exchange 2007, they are actually using Exchange 2010.
So we have an Exchange 2007 (us) and an Exchange 2010 (them) forest wishing to share free/busy and GAL.
We have a trust in place.
Free Windows Admin Tool Kit Click here and download it now
April 26th, 2012 10:20am
Hi,
We have two AD forests with a two way trust. Both are running Exchange 2007 and using 3rd party certs (not self signed)
I would like to be able to view free/busy across both forest but am having trouble getting this to work.
The article I am reading is :
http://technet.microsoft.com/en-us/library/bb125182%28EXCHG.80%29.aspx
What I have does so far is:
......
- Do I have to ask the Mail admin in the target forest to execute the command for anything to work?
Get-ClientAccessServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights "ms-exch-epi-token-serialization" -User "Sourceforest\Exchange Servers"
Yes.
- Do I have to create a DNS record so we can resolve autodiscover in the external forest ?
The article above says you can use DNS instead of exporting the SCP but what format does it take ? I read something about as SRV records not working across forests ??
Using DNS method is used for non-trust exist forests environment.
Not matter which method we use, we must make sure the external Autodiscover url of target forest be available, and don't forger the internal availability service url must also be available. so a DNS record should be created.
Fiona Liao
TechNet Community Support
April 28th, 2012 1:36am