none
Free/Busy between two Trusted AD Forests running Exchnage 2007

    问题

  • Hi,

    We have two AD forests with a two way trust. Both are running Exchange 2007 and using 3rd party certs (not self signed)

    I would like to be able to view free/busy across both forest but am having trouble getting this to work.
    The article I am reading is :  http://technet.microsoft.com/en-us/library/bb125182%28EXCHG.80%29.aspx

    What I have does so far is:

    Source Forest
    - Add-AvailabilityAddressSpace -ForestName "<target forest name>" -AccessMethod PerUserFB -UseServiceAccount $true

    My questions are:

    - Do I have to ask the Mail admin in the target forest to execute the command for anything to work?

    Get-ClientAccessServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights "ms-exch-epi-token-serialization" -User "Sourceforest\Exchange Servers"


    - Do I have to create a DNS record so we can resolve autodiscover in the external forest ?
      The article above says you can use DNS instead of exporting the SCP but what format does it take ? I read something about  as SRV records not working across forests ??

    I ran the following command to test ....

    [PS] C:\>Test-OutlookWebServices -Identity sourceforestuser@companyA.com -TargetAddress destinationforestuser@companyB.com | FL


    Id      : 1003
    Type    : Information
    Message : About to test AutoDiscover with the e-mail address sourceforestuser@companyA.com.

    Id      : 1006
    Type    : Information
    Message : The Autodiscover service was contacted at https://nymail.sourcecompany.com/Autodiscover/Autodiscover.xml.

    Id      : 1011
    Type    : Error
    Message : The receipent address destinationforestuser@companyB.com is invalid. Please check your command parameters.

    Id      : 1016
    Type    : Success
    Message : [EXCH]-Successfully contacted the AS service at https://nymail.sourcecompany.com/EWS/Exchange.asmx. The elapsed time was 46 milliseconds.

    Id      : 1015
    Type    : Success
    Message : [EXCH]-Successfully contacted the OAB service at https://nymail.sourcecompany.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

    Id      : 1005
    Type    : Error
    Message : When accessing https://nymail.sourcecompany.com/UnifiedMessaging/Service.asmx the error "RemoteCertificateNameMismatch:CN=nymail.sourcecompany.com

    Id      : 1014
    Type    : Success
    Message : [EXCH]-Successfully contacted the UM service at https://nymail.sourcecompany.com/UnifiedMessaging/Service.asmx. The elapsed time was 15 milliseconds.

    Id      : 1011
    Type    : Error
    Message : The receipent address destinationforestuser@companyB.com is invalid. Please check your command parameters.

    Id      : 1016
    Type    : Success
    Message : [EXPR]-Successfully contacted the AS service at https://nymail.sourcecompany.com/EWS/Exchange.asmx. The elapsed time was 15 milliseconds.

    Id      : 1015
    Type    : Success
    Message : [EXPR]-Successfully contacted the OAB service at https://nymail.sourcecompany.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

    Id      : 1014
    Type    : Information
    Message : [EXPR]-The UM is not configured for this user.

    Id      : 1017
    Type    : Success
    Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://nymail.sourcecompany.com/Rpc. The elapsed time was 15 milliseconds.

    Id      : 1006
    Type    : Success
    Message : The Autodiscover service was tested successfully.





    • 已编辑 hubbardt 2012年4月25日 17:49
    2012年4月25日 17:41

全部回复

  • I would use Federation Service (It's free) to achieve your requirements
    http://technet.microsoft.com/en-us/library/dd638083.aspx 
    http://technet.microsoft.com/en-us/library/dd335047.aspx

    Gulab Prasad,
    MCITP: Exchange Server 2010 | MCITP: Exchange Server 2007
    MCITP: Lync Server 2010 | MCITP: Windows Server 2008
    My Blog | Z-Hire Employee Provisioning App

    2012年4月26日 11:47
  • Looks good but we are running Exchange 2007. I mistakenly said earlier that the target forest are also running Exchange 2007, they are actually using Exchange 2010.

    So we have an Exchange 2007 (us) and an Exchange 2010 (them) forest wishing to share free/busy and GAL.

    We have a trust in place.


    • 已编辑 hubbardt 2012年4月26日 14:21
    2012年4月26日 14:20
  • Hi,

    We have two AD forests with a two way trust. Both are running Exchange 2007 and using 3rd party certs (not self signed)

    I would like to be able to view free/busy across both forest but am having trouble getting this to work.
    The article I am reading is :  http://technet.microsoft.com/en-us/library/bb125182%28EXCHG.80%29.aspx

    What I have does so far is:
    ......


    - Do I have to ask the Mail admin in the target forest to execute the command for anything to work?

    Get-ClientAccessServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights "ms-exch-epi-token-serialization" -User "Sourceforest\Exchange Servers"

    Yes.

    - Do I have to create a DNS record so we can resolve autodiscover in the external forest ?

    The article above says you can use DNS instead of exporting the SCP but what format does it take ? I read something about as SRV records not working across forests ??

    Using DNS method is used for non-trust exist forests environment.

    Not matter which method we use, we must make sure the external Autodiscover url of target forest be available, and don't forger the internal availability service url must also be available. so a DNS record should be created.


    Fiona Liao

    TechNet Community Support

    2012年4月28日 5:36
    版主