locked
Cross Forest calendar Delegation. RRS feed

  • Question

  • Hi,

    I have two forests with two exchange Orgs, one is Ex2010 and the other is Ex2013.

    I have a two way trust and the availability service running for free/busy which is working fine.

    I now want to find a way of getting calendars accessed/edited from the other domain. I have read that we can do this without FIM by editing the attributes of the contact making it a cross-forest contact. I have done this and I still get permission denied when trying to edit a calendar although I could select the contact as a delegate in the sharing calendar domain.

    I have followed several articles and I still get the error, any ideas?

    Wednesday, June 15, 2016 1:48 PM

Answers

  • Hello! Check this: https://blogs.technet.microsoft.com/neiljohn/2011/10/12/exchange-server-2010-cross-forest-delegation/

    scientia potentia est
    My blog

    • Marked as answer by PCookman Wednesday, August 31, 2016 10:24 AM
    Wednesday, June 15, 2016 4:13 PM

All replies

  • Hello! Check this: https://blogs.technet.microsoft.com/neiljohn/2011/10/12/exchange-server-2010-cross-forest-delegation/

    scientia potentia est
    My blog

    • Marked as answer by PCookman Wednesday, August 31, 2016 10:24 AM
    Wednesday, June 15, 2016 4:13 PM
  • Hi, Thank you but this is what I followed, I am missing something somewhere as I get no access when trying to access the calendar.
    Wednesday, June 15, 2016 5:03 PM
  • Can you post result of cmdlets from article?

    And post attribute of users:

    • mAPIRecipient 
    • msExchMasterAccountSID 
    • msExchOriginatingForest 
    • msExchRecipientDisplayType 
    • msExchRecipientTypeDetails 
    • proxyAddresses


    scientia potentia est
    My blog

    Wednesday, June 15, 2016 7:01 PM
  • Thank you for your help.

    I have domainA and domainB

    UserA in DomainA.local and userB.local in domainB
    Trust inplace and free/busy working fine, email flow is fine to.
    The contacts are canually added both sides.
    I have only added these attributes to usera contact in domainb, userb then delegates to usera contact.
    I also added userb to sharing policy in domainb.
    usera in domaina can see calendar but not edit.

    Below attributes of usera contact in domainb

    mAPIRecipient = Set to True
    msExchMasterAccountSID = set to objectsid from domaina usera
    msExchOriginatingForest = domaina.local
    msExchRecipientDisplayType = -1073741818
    msExchRecipientTypeDetails = 32768
    proxyAddresses = many addresses from domainb policy but the SMTP is set to usera@domaina.com which is the external address

    As soon as I set these attributes on usera contact in doaminb, usera in domaina looses access to freebusy information to everyone in domainb.

    If I delete the contact and create a basic fresh one, freebusy returns.
    • Edited by PCookman Wednesday, June 15, 2016 8:42 PM
    Wednesday, June 15, 2016 8:41 PM
  • To add to this the freebusy dies as soon as the msexchmasteraccountsid is added.
    Thursday, June 16, 2016 8:20 AM