[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3614
  • Last Modified:

Has anyone used the Add-AvailabilityAddressSpace cmdlet to allow free/busy lookups across untrusted forests?

Two Exchange 2007 organizations in untrusted forests.  With the Exchange Availibility Service, we should be able to use the Add-AvailabilityAddressSpace cmdlet to allow the lookup of free/busy information across forests.  

http://technet.microsoft.com/en-us/library/bb125182(EXCHG.80).aspx

The article above describes the steps required to make this happen.  I'm looking for someone to provide a little guidance and real world use of the cmdlet.
0
rsdtech
Asked:
rsdtech
  • 6
  • 4
1 Solution
 
rsdtechAuthor Commented:
No comments after a day, so I increased the point value.

Anyone, anyone, Bueller?
0
 
rsdtechAuthor Commented:
OK. more points.

The commands described on the Microsoft link seem straight forward, but I'd really like to hear from someone that has done this and knows of any gotchas.

Thanks
0
 
Exchange_GeekCommented:
*******
Cross-forest availability can be across trusted or untrusted forests.  The granularity of free/busy
information is determined by whether cross-forest free/busy has been configured as per-user or
org-wide.  Per-user free/busy is possible only in a trusted cross-forest topology and makes it
possible for Availability Service to make cross-forest requests on behalf of a particular user.   This
essentially makes it possible for a user in a remote forest can grant more granular or detailed free-
busy to a cross-forest user.  On the other hand, with org-wide free/busy, Availability Service can
make cross-forest requests only on behalf of a particular organization.  With org-wide free/busy, a
users default free/busy information is returned and it is not possible to control the granularity of
free/busy information given to users in the other forest.

********
Please read this to clear your doubts.

Scroll down to topic "Configuring Cross-Forest Availability Service"
http://www.exchangeninjas.com/AvailabilityServiceFAQ
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
rsdtechAuthor Commented:
From that page and the Managing CA document from MS.

UNTRUSTED CROSS-FOREST
On the cross-forest (target) CAS:
Set the orgwide account on the availability-config object:

set-availabilityconfig -orgwideaccount "mail.foo.com\orgwide_user" (for example)

Add the availability address space config object for the other forest. First check what the
msExchAvailabilityOrgWideAccount is on the Availability Configuration object on the target
forest - these are the credentials you need to specify with get-credential:

$a = get-credential  (enter the credentials for orgwide_user in domain mail.foo.com)

add-availabilityaddressspace -forestname <remote forest  mail.foo.com, for example>
-accessmethod orgwidefb -credential:$a

If I'm reading it correctly,  My domain is domain1, my user is user1.  The untrusted domain is domain2, the user is user2.  

I need to run: set-availabilityconfig -orgwideaccount "domain1\user1"

On the other forest, he needs to run - set-availabilityconfig -orgwideaccount "domain2\user2"

and then each of us needs to run:

$a = get-credential  (enter the credentials for user1 in domain1)

add-availabilityaddressspace -forestname "Domain1" -accessmethod orgwidefb -credential:$a (for his domain)

and

$a = get-credential  (enter the credentials for user2 in domain2)

add-availabilityaddressspace -forestname "Domain2" -accessmethod orgwidefb -credential:$a (in my domain)

The user accounts can be any user account in the domain?
0
 
Exchange_GeekCommented:
  • On a Client Access server in the target forest, run the following command to set the organization-wide account on the availability configuration object to configure the access level for free/busy information:
    Copy Code

    Set-AvailabilityConfig -OrgWideAccount "Domain1.com\User"
  • Run the following commands to add the Availability address space configuration object for the source forest:
    Copy Code

    $a = get-credential  (Enter the credentials for organization-wide user in Domain1.com domain)
    Add-AvailabilityAddressspace -Forestname Domain1.com -Accessmethod OrgWideFB -Credential:$a
Ref: http://technet.microsoft.com/en-us/library/bb125182.aspx

0
 
Exchange_GeekCommented:
Domain1 was referred to what you set the example as.

"If I'm reading it correctly,  My domain is domain1, my user is user1.  The untrusted domain is domain2, the user is user2"
0
 
rsdtechAuthor Commented:
In working through this, I've discovered that I had autodiscover and certificate issues that needed to be resolved before this could work.  I've corrected those issues on my domain and am working with the admins in the other domain to correct thier issues.  They should have thier new cert in a day or so and I'll begin testing again.

I'm not sure if this alone is enough to share the free/busy across forests, though.  Is this going to require
MIIS or IIFP?
0
 
Exchange_GeekCommented:
MIIS and IIFP is ideally used for GAL sharing - so if you want to see people across to use GAL - thats what MIIS is primarily required for.
0
 
rsdtechAuthor Commented:
Thanks for your help.  In the end, having correctly applied UCC certificates was the biggest issue.  Both Exchange servers had single name certs for OWA, but nothing for autodiscover.  We both purchased UCC certs from GoDaddy and once applied the commands you provided allows us to now see Free/Busy info across the untrusted forests.  
0
 
rsdtechAuthor Commented:
Thanks to Exchange Geek for helping out.  The biggest issue in making this work was properly applied UCC certificates on both Exchange servers.  We both had single name certificates for OWA, but nothing for autodiscover.  Getting autodiscover to function both inside and outside of the network is critical in getting this to work.  Once autodiscover was functioning correctly for both organizations, the Set-AvailabilityConfig and Add-AvailabilityAddressspace cmdlets were all that was needed to see Free/Busy information across untrusted forests.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now