Background - TwoWindows 2008 forests with Exchange 2007 orgs / Two way trust / Configured with PER USERFBI am trying to share free busy across forests which IS working fine but the question is around different sets of permissions fordifferent users.The technet document seems to imply that you COULD set different permissions for different users in the other forest in a PER USER FB config.For example - it seems like the following scenarios is not possible:USER1 in forest1 wants to share Free Busy SUBJECT and LOCATION withUSER2 in forest2USER1 in forest1 DOES NOT WANT to share subject and location with anyother user in forest2So the question is Can you set different levels of Free Busy permisisons to different users across forests ? The Outlook GUI does not allow adding contacts for permissions.Thanks IAPrakash

Hi, Firstly, would you please let me know whether you have used the GAL Synchronization feature in Microsoft Integration Identity Server (MIIS) 2003 or in the Identity Integration Feature Pack 1a for Microsoft Windows Server Active Directory to ensure that the GAL in anygiven forest contains mail recipients from other forests. This feature creates mail-enabled contacts that represent recipients from other forests,thereby allowing users to view them in the GAL and add them as attendees to meetingrequests. For example, users in Forest A appear as contacts in Forest B and vice versa. When trust exists between forests, mailbox owners can specify the detailed level ofaccess granted to those principles represented by these contacts making free/busy queries against their calendar. If the GalSync is not configured, please consider following workaround: USER1 in forest1 wants to share Free Busy SUBJECT and LOCATION with USER2 in forest2 USER1 in forest1 DOES NOT WANT to share subject and location with any other user in forest2 1. Create a mailbox enabled usertest in Forest 1 2. Copy the value of ObjectSid attribute of User2 in forest 2 to the msExchMasterAccountSid attribute of the create usertest account in Forest 1. You can use Adsiedit.msc tool to edit the attributes 3. Disable the mailbox enabled usertest 4. Logon User1 mailbox by using Outlook, add reviewer permission of the calendar folder to usertest account 5. User PFDavAdmin tool to check calendar permission of User1, please check whether the User2 in forest2 has been listed. 6. If the User2 has been listed, please check whether the User2 is able to gather detailed Free/Busy information and whether the other users in Forest can only retrieve the default Free/Busy status. Mike

We are using IIFP with AD-GAL sync/ Contacts are created for other user forests / Trust exists / Sync is working fine and free busy works fine too. The per user FB config is done in Ex2K7 orgs.you state in your reply" When trust exists between forests, mailbox owners can specify the detailed level ofaccess granted to those principles represented by these contacts making free/busy queries against their calendar."i guess that was my original question - How?In the Outlook GUI for calendar permissions - i cannot adda contact from the GAL (represented by the user in forest 2) for permissions. So in my case only the default or anonymous permission level is applied to all users in the other forest.The other steps you stated - i have tried as we are relying on IIFP/GALSYNC.May be you can eloborate more and calrify if this is supposed to work?TIAPATILPPrakash

Hi, Assume the UserA in OrgA needs get detailed Free/Busy Information to UserB in OrgB while other users in OrgA get default Free/Busy Information to UserB Please attempt following method: 1. Create a Linked Mailbox in OrgB called UserAinOrgA and linked to UserA in OrgA 2. Logon UserBs mailbox by using Outlook 3. Set UserAinOrgA has reviewer permission to the Calendar folder of UserB 4. Use PFDavAdmin tool to check the Calendar folder permission of UserB, the OrgA/UserA should be listed and have Reviewer permission 5. Please check whether the UserA is able to get detailed Free/Busy information of UserBwhile other users in OrgA only get the default Free/Busy information Mike

ok. i see - you are asking to use linked mailboxes which is not what we want. How is that relevant in our requirements where we are not creating linked mailboxes.PATILPPrakash

Hi, Currently, I do not find other methods regarding your requirement. I would like to explain that when the Per-user cross-forest availability service is configured, the callers SID is included in the request and send to the target Availability service. The Availability service will gather the Free/Busy information based on the callers SID and the level of detail granted to the caller by the calendar owner. When we create a Linked Mailbox, the msExchMasterAccountSid attribute is configured on the disabled user object on the Resource Forest by using the associated Users SID in the User Forest. As the linked mailbox is a disabled user, when you set calendar permission by using the disabled user, the msExchMasterAccountSid is used instead of the ObjectSID. Mike

Ok. i guess then that the cross forest per user FB is only applicable to resource forest scenario's.Thanks for your answers.Prakash