locked
Calendar sharing between two forests RRS feed

  • Question

  • Hi Everyone, this is the scenario:

    We have 2 forests , one called domain1.net and one domain2.com . There is a 2 way transitional trust between the 2 forests, with sid filtering.

    Each forest has his own Exchange 2010 installation

    We need to let the users from domain1 the ability to share their calendars to the users from domain2, and viceversa.

    When we try to do that by Outlook 2010 from the permission tab on the calendar properties and picking up the GAL entries we got :

    "one or more users cannot be added to the folder access list. Non-local users cannot be given rights on this server."

    When we try using the "Share Calendar" button from outlook we got :

    "calendar sharing is not available with the following entries because of permission settings on your network".

    The sharing works great with users in the same forest, and , from the gal, the users from the other forest are marked with the (/) simbol.

    Any Ideas ? is this due to sid filtering in place within the trust ? Is there a way to fix this ?

    Thanks in advance for your time!

    Alessandro

    Tuesday, March 27, 2012 8:35 AM

Answers

  • Ok, seeing that both where using Exchange 2010, i was presuming that you would use Exchange 2010 federated trust with the Microsoft federated broker. Which is not the case, so you are using GalSync to exchange DATA between the two forests. In that case you do not need MFG. Maybe following article series can shed some light on the matter:

    http://www.msexchange.org/articles_tutorials/exchange-server-2010/migration-deployment/deep-dive-into-rich-coexistence-between-exchange-forests-part1.html

    Why not use MFG?

     
    • Proposed as answer by Xiu Zhang Wednesday, March 28, 2012 7:32 AM
    • Marked as answer by Xiu Zhang Monday, April 2, 2012 6:27 AM
    Tuesday, March 27, 2012 1:30 PM
  • Hi,

    If you use the built-in availability service, you must configure GALSync (to represent mailbox users in the remote forest as mail-enabled user [MEU] objects in the local forest) and use the Add-AvailabilityAddressSpace cmdlet to add the respective namespace.

    You should also note that each Exchange forest should be able to connect to the availability service in the other org using the Fully Qualified Domain Name specified for the Internal URL of the Exchange Web Services virtual directory. You should establish a forest-wide trust relationship between the forests.


    Xiu Zhang

    TechNet Community Support

    • Marked as answer by Xiu Zhang Monday, April 2, 2012 6:27 AM
    Wednesday, March 28, 2012 7:32 AM

All replies

  • You have created an AD trust between the two forests. Exchange calendar sharing operates through a federated trust with a trust broker:

    more info:

    http://technet.microsoft.com/en-us/library/dd638083.aspx

    http://technet.microsoft.com/en-us/magazine/hh641445.aspx

    Tuesday, March 27, 2012 9:47 AM
  • Thanks Killerbe, but as said in my first post, the trust is in place.

    Alessandro

    Tuesday, March 27, 2012 10:04 AM
  • Have you looked at the second link i attached in earlier answer?
    Tuesday, March 27, 2012 12:37 PM
  • Yes thanks, I think I'm the the same situation described in the "Cross Forests" paragraph and we already have galsync in place, but the external smtp address for the MEU object needs to be changed. I think I do not have to deploy MFG right ?


    Tuesday, March 27, 2012 1:02 PM
  • Ok, seeing that both where using Exchange 2010, i was presuming that you would use Exchange 2010 federated trust with the Microsoft federated broker. Which is not the case, so you are using GalSync to exchange DATA between the two forests. In that case you do not need MFG. Maybe following article series can shed some light on the matter:

    http://www.msexchange.org/articles_tutorials/exchange-server-2010/migration-deployment/deep-dive-into-rich-coexistence-between-exchange-forests-part1.html

    Why not use MFG?

     
    • Proposed as answer by Xiu Zhang Wednesday, March 28, 2012 7:32 AM
    • Marked as answer by Xiu Zhang Monday, April 2, 2012 6:27 AM
    Tuesday, March 27, 2012 1:30 PM
  • Hi,

    If you use the built-in availability service, you must configure GALSync (to represent mailbox users in the remote forest as mail-enabled user [MEU] objects in the local forest) and use the Add-AvailabilityAddressSpace cmdlet to add the respective namespace.

    You should also note that each Exchange forest should be able to connect to the availability service in the other org using the Fully Qualified Domain Name specified for the Internal URL of the Exchange Web Services virtual directory. You should establish a forest-wide trust relationship between the forests.


    Xiu Zhang

    TechNet Community Support

    • Marked as answer by Xiu Zhang Monday, April 2, 2012 6:27 AM
    Wednesday, March 28, 2012 7:32 AM