22 C
Dubai
Wednesday, December 18, 2024

How to Configure Cross forest Availability Service (Free/Busy,Autodiscover) – Exchange 2010 to Exchange 2010

Configuring Free/busy across forest is always a typical task to do.

But Creating Federation trust became much easier to share free busy across forest as a permanent solution

Understanding Federated Delegation

Still some scenarios require Exporting Free/busy to the other forest to build a coexistence between forests.

Lets see how to do it.

There are some other methods where we can configure Cross forest Free/busy without Active Directory trust, which will be covered in later posts

image

First Two Way Transitive Trust is configured between these forests

when target Forest resolves the Source domain for Free/busy it should resolve “Autodiscover.CareExchange.in”  to your source forest client access server

I am try to do a Test email auto configuration from (TargetForest) CareExchange.in to a Mail Contact ”Galsync1@careExchange.in

you can see “Autodiscover.CareExchange.in” resolves through DNS to the Source forest Client Access Server

image

In my case , I have Configured DNS forwarders from Target DNS server Forwarding my unfulfilled requests to Source DNS server,Where I have a HOST A record in the source domain already “Autodiscover.careexchange.in” Resolving to my source Exchange Client access server

image

Once That part is done.

You can use a GALsync to have your Mailboxes synced from source forest(Careexchange.in) as contacts in the Target forest (TargetExchange.in)

You can use ILM,FIM 2010 or you can use 3rd party NetSec Galsync which will get your the contacts synced from Source to Target.

Now you got to add your AvailabilityAddressSpace on the source forest

Step1:

Run the Below Command on the Source Forest

Add-AvailabilityAddressSpace -ForestName TargetExchange.in -AccessMethod PerUserFB -UseServiceAccount $true

image

image

Step2 :

Giving “ms-exch-epi-token-serialization” permission to the Source Exchange Servers over the Target Forest

Run the Below Command on the Target Forest

Get-ClientAccessServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights "ms-exch-epi-token-serialization" -User "CareExchange\Exchange Servers"

Step 3:

Run this command in the Source forest (CareExchange.in) to export the SCP from the Source forest to the Target forest

So that the Target forest will have the Free busy information of the Source forest

Save the Credentials of the Target forest.

$Target=Get-Credential

Please Type “DomainName\Username” and Password

Now run

Export-AutodiscoverConfig -TargetForestDomainController "Targetdc.targetexchange.in" -TargetForestCredential $Target -MultipleExchangeDeployments $true

image

Now Autodiscover information has been Exported from from source forest(Careexchange.in) to the Target forest (TargetExchange.in)

Now able to use autodiscover & Access free busy without any issues

image

 

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles

26 COMMENTS

  1. I simply want to mention I’m newbie to blogs and actually savored you’re web page. More than likely I’m want to bookmark your blog . You surely have good article content. Thank you for sharing your webpage.

  2. Thanks for sharing excellent informations. Your web-site is so cool. I am impressed by the details that you’ve on this blog. It reveals how nicely you understand this subject. Bookmarked this website page, will come back for extra articles. You, my pal, ROCK! I found simply the information I already searched all over the place and simply could not come across. What an ideal web-site.

  3. I was very delighted to find this site on google.I wanted to say thank you to you with regard to this good post!! I undoubtedlyappreciated every little bit of it and I’ve you bookmarked to have a look at new stuff you post.

  4. can you please get me the steps to configure cross forest availability when there is no trust created between two forest

  5. Hello Satheshwaran, I appreciate your blog a lot, it was very helpfully to me!
    Maybe you can me in my very complicated scenario: I have an old forest in production domainA with esxchange 2010 and a full new setup with a new forest domainB with trust in place, conditional forwarders and I`ve done a succesfully mailbox migration following your guide. The big problem is that I need co-existence during migration and we have 6 smtp external name space with completely different domain names. there is a way to set up mail flow between exchange servers like the routing group in 2003-2010 migration and functional autodiscovery service (to redirect mail to the already moved mailbox in the new forest) and also have the same smtp external space in both forests?
    Thank you in advance!
    Ovidiu

    • Hi Ovidiu,

      Coexistence setup is completely possible in your scenario.

      Place Connectors on Exchange 2003 and send out the emails to exchange 2010, Then place your external iP of one domain to Exchange 2010 and start moving your domains one by one. Make sure you test it well.

      • Hi Satheshwaran, in fact it was interforest exchange migration 2010 to 2010 🙂 I was succesully by following your excellent guide “crossforest migration guide exchange 2010 to 2010” without setting up a complicate coexistence scenario withtout gal sync. I`ve allready done it during a weekend (300 e-mail addresses and 220 migrated computers). It was a hell of work but successfully accomplished with your help:)
        Thank you so much!
        Ovidiu

  6. I forgot to mention that the new forest domainB does not have an separate external ip address and and mailflow should go throught domainA.

  7. Autodiscover will not work from internet, as we are not published the autodiscover URl
    we are doing testing between two internal partners

  8. Would I do these steps twice if I wanted to share contacts/free busy in both directions? The way this article is worded makes it sound like the galsync is source to target only. I need free busy shared in both directions.

    Also, right now both domains have contacts (external contacts) in their own OUs in each domain. I noticed GalSync requires tools, that aren’t exactly free. Do we need to have Galsync done prior to sharing free/busy or can users specify calendar’s without the information being in the gal?

  9. Also, does something like galsync have to be used? I can’t find a free tool that does this anywhere. Can we forgo that step and just “open a shared” calendar and manually type in the users email address after free/busy info has been setup between the two domains?

    • If you have the Mailboxes as Contacts from the Target Forest.

      Source Forest can Query the free busy of target forest.

      To have it Automated we need a Galsync. But still Creation of Contacts be manual .

  10. I did this both ways so source/target could share vise-versa. The free/busy sharing doesn’t work even though all of the commands complete without error. Both systems are on a bi-directional transitive trust and have DNS forwarding setup. Everything else works as intended. If I open a new meeting request for one of our contacts it tells me the recipients mail server could not be contacted.

  11. The commands above say forest name. So I was using the name of the forest and not the name of the shared address space (@domainhere.com). Is that correct? Or should I use the @domain.com in place of the forest.

    For example. Their domain could be NT_DOMAIN and an email address could be @domain.com. I used NT_DOMAIN in the commands (which accepted and worked even with credentials). Also, checking the auto-discover service completes without error.

  12. Okay, so upon further investigation I found this:

    Test-OutlookWebServices -Identity:

    That command works fine in all directions other than on the target forest for an account in the source. I can even go on the source and use that command against an account in the target domain and it comes back fine.

    Not sure why autodiscover isn’t working in one direction. If I figure this out I’ll post back.

  13. Would this have to be run?:
    To create the SCP in the user forest we will need to execute the following command on the Exchange server in the resource forest:

    Export-AutoDiscoverConfig -DomainController DomainControllerName -TargetForestDomainController TargetForestDomainControllerName -MultipleExchangeDeployments $true

    reference:
    http://johanveldhuis.nl/?page_id=1683&lang=en

    Basically, on the target domain, it’s not resolving accounts in the source domain via autodiscover, but the source domain can resolve accounts in the target domain via autodiscover.

    If anyone has any ideas let me know. :-/

  14. Oh well, they’ll have to go without free/busy. Autodiscover works via right clicking the Outlook icon and doing a test there. The test via that method works in both directions for accounts in the opposite forest.

    However, when I run “Test-OutlookWebServices -Identity:security@domainhere.com” in the EMS it fails:

    The operation couldn’t be performed because ‘security@domainhere.com’ couldn’t be found.
    + CategoryInfo : NotSpecified: (:) [Test-OutlookWebServices], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException,Microsoft.Excha
    nge.Management.SystemConfigurationTasks.TestOutlookWebServicesTask

    That same account tests fine with Autodiscover via Outlook. Free/busy isn’t being shared, but if I open Outlook and punch in an account in the other forest Outlook auto configures the account properly.

  15. Hi,

    ?More details: FreeBusy settings, subject and body can be displayed is not working in cross-forest using gal-sync 4.From source to target able to view but not able to view from target to source.Busy information showing but subject,body,time not showing.

  16. This worked all, however I havent been able to find out how to get the resources ( rooms) to be able to book cross forest .

    ForestA – exch 2010
    ForestB – exch 2013
    Namespace: shared user @email.com

    I have two way trust, users from forestA can see forestB users free/busy but not sure how to go about the resource (rooms)

  17. we need to run below on target forest…please correct me if i am wrong..

    Export-AutodiscoverConfig -TargetForestDomainController -TargetForestCredential $Target -MultipleExchangeDeployments $true

LEAVE A REPLY

Please enter your comment!
Please enter your name here

× How can I help you?