Configure the Availability Service for Cross-Forest Topologies

 

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

The Availability service improves information workers' free/busy information by providing secure, consistent, and up-to-date free/busy information to clients who are running Microsoft Office Outlook 2007. By default, this service is installed with Microsoft Exchange Server 2010. In cross-forest topologies where all connecting clients are running Outlook 2007, the Availability service is the only method of retrieving free/busy information. You can use the Exchange Management Shell to configure the Availability service for cross-forest topologies.

Note

You can't use the EMC to configure the Availability service for cross-forest topologies.

Note

The terms Source forest and Target forest are used in this topic to identify each forest. These terms are defined as follows:

  • Source forest   Exchange forest from which the Availability Service makes the free/busy inquiry

  • Target forest   Exchange forest from which the free/busy information is being retrieved

Looking for other management tasks related to the Availability service? Check out Managing the Availability Service.

Using the Availability Service in Trusted and Untrusted Forests

You can use the Availability service in cross-forest topologies across trusted or untrusted forests. The type of free/busy information that's available depends on if you're using a trusted or untrusted forest.

Trusted Forests   In trusted forests, you can configure the Availability service to retrieve free/busy information on a per-user basis. When the Availability service is configured to retrieve free/busy information on a per-user basis, the service can make cross-forest requests on behalf of a particular user. This allows a user in a remote forest to retrieve detailed free/busy information for someone who is not in the same forest.

Untrusted Forests   In untrusted forests, you can configure the Availability service only to retrieve free/busy information on an organization-wide basis. When the Availability service makes free/busy cross-forest requests at the organizational level, free/busy information is returned for each user in the organization. In untrusted forests, it isn't possible to control the level of free/busy information that's returned on a per-user basis.

Note

You can add a maximum of 100 address spaces.

Configure Active Directory for Cross-Forest Topologies

To configure Active Directory in Microsoft Windows for a cross-forest topology, you must install and configure GAL Synchronization (GALSync). For information about how to install and configure the GALSync feature in Microsoft Identity Integration Server (MIIS), see the following resources:

Note

If you want to use the PerUserFB parameter together with the Add-AvailabilityAddressSpace cmdlet, GALSync must be configured to synchronize the msExchMasterAccountSid attribute for the contacts and mail users that are synchronized to the target forest. This is not required for OrgWideFB.

If you're running Office Outlook 2003 or an earlier version, you must use the Microsoft Exchange Inter-Organization Replication tool to synchronize free/busy information across multiple forests. For more information about the Microsoft Exchange Inter-Organization Replication tool, see Microsoft Exchange Server Inter-Organization Replication.

Note

To use the Microsoft Exchange Inter-Organization Replication tool, a Microsoft Exchange Server 2003 server or a Microsoft Exchange Server 2007 server must be the target server. The Microsoft Exchange Inter-Organization Replication tool is not supported when a Microsoft Exchange Server 2010 server is the target server.

noteNote:
Microsoft Exchange Server 2010 Service Pack 2 (SP2) Update Rollup 1 uses the external URL for Exchange Web Services to connect to the target forest. The external URL for Exchange Web Services cannot be returned by the AutoDiscover service if Outlook Anywhere is not enabled in the target forest. In this case, the cross-forest lookup fails.
To work around this issue, enable Outlook Anywhere in the target forest, and then verify that the external URL for Exchange Server Web Services is configured correctly.
  1. Enable Outlook Anywhere in the target forest. For information about how to enable Outlook Anywhere, see Enable Outlook Anywhere.

  2. Configure the external URL for Exchange Web Services for the target forest. To do this, run the following command in Windows PowerShell for Exchange: Set-WebServicesVirtualDirectory -identity “server_name\EWS (Default Web Site)” -ExternalURL https://mail.contoso.com/ews/Exchange.asmx

    Note

    In this command, contoso is a placeholder for the appropriate domain name.

  3. Enable Outlook Anywhere for the organization mailboxes that should make incoming remote availability requests.

    Note

    If an administrator disables Outlook Anywhere on an individual mailbox, that mailbox's information cannot be retrieved by a remote forest because Autodiscover will not return an Exchange Web Services ExternalURL for that mailbox.

Use the Shell to configure per-user free/busy information in a trusted cross-forest topology

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Availability Service Permissions" entries in the Client Access Permissions topic.

This example configures the Availability service to retrieve per-user free/busy information on a Client Access server in the target forest.

Target Forest

Get-ClientAccessServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-EPI-Token-Serialization" -User "<Remote Forest Domain>\Exchange Servers"

This example defines the free/busy access method that the Availability service uses on the local Client Access server in the source forest. The local Client Access server is configured to access free/busy information from the <Target_Forest>.com forest on a per-user basis. The following example uses the service account to retrieve free/busy information.

Source Forest

Add-AvailabilityAddressSpace -Forestname <Target_Forest> -AccessMethod PerUserFB -UseServiceAccount:$true

Note

To configure bidirectional cross-forest availability, repeat these steps in the target forest.

Note

You can add a maximum of 100 address spaces.

If you choose to configure cross-forest availability with trust, and also choose to use a service account (instead of specifying organization-wide or per-user credentials), you must extend permissions, as shown in the example in the "Use the Shell to configure trusted cross-forest availability with a service account" section. Performing that procedure in the target forest gives Client Access servers in the source forest permission to serialize the original user context.

Use the Shell to configure trusted cross-forest availability with a service account

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Availability Service Permissions" entries in the Client Access Permissions topic.

This example configures trusted cross-forest availability with a service account in the source forest.

Source Forest

$a = Get-Credential (Type the credential "TargetForest\User" for organization-wide user)
Add-AvailabilityAddressSpace -ForestName <TargetForest> -AccessMethod OrgWide -Credential $a

This example configures trusted cross-forest availability with a service account in the target forest.

Note

You can add a maximum of 100 address spaces.

Target Forest

Set-AvailabilityConfig -OrgWideAccount "TargetForest\User"

For detailed information about syntax and parameters, see the following topics:

Use the Shell to configure organization-wide free/busy information in an untrusted cross-forest topology

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Availability Service Permissions" entries in the Client Access Permissions topic.

This example sets the organization-wide account on the availability configuration object to configure the access level for free/busy information in the target forest.

Target Forest

Set-AvailabilityConfig -OrgWideAccount "TargetForestDomain\User"

This example adds the Availability address space configuration object for the source forest.

Source Forest

$a = get-credential (Enter the credentials for organization-wide user in SourceForestDomain)
Add-AvailabilityAddressspace -Forestname SourceForestDomain -Accessmethod OrgWideFB -Credential:$a

Note

You can add a maximum of 100 address spaces.

Configuring Cross-Forest Availability in Forests that Include Exchange 2003

For Outlook 2007 and Exchange 2010 users to view the free/busy information of Exchange Server 2003 users in another forest, you must configure the Availability service by using the Add-AvailabilityAddressSpace cmdlet.

You only have to run this command once on any server in the Exchange 2010 forest. You can run this cmdlet from any computer running Exchange 2007 or Exchange 2010.

Use the Shell to configure cross-forest availability in forests that include Exchange 2003

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Availability Service Permissions" entries in the Client Access Permissions topic.

This example sets public folder free/busy availability in the source forest.

Source Forest

Add-AvailabilityAddressSpace -ForestName SourceForestDomain -AccessMethod PublicFolder

Note

To replicate free/busy information and public folder content between Exchange organizations you must use the Microsoft Exchange Inter-Organization Replication tool. For more information about the Microsoft Exchange Inter-Organization Replication tool, see Microsoft Exchange Server Inter-Organization Replication.

Note

You can add a maximum of 100 address spaces.

Cross-Forest Availability with Shared name space

Important

When you set up cross forest availability together with a shared name space, the availability services uses the target address on the contacts.

To configure SMTP namespace sharing, you must create an accepted domain that configured as internal relay domain for the SMTP namespace that you want to share. Then, create an SMTP connector that has the address space of the internal SMTP domain. The destination e-mail server must be a Hub Transport Server.

For more information, see Configure Exchange 2010 to Route Messages for a Shared Address Space.

Other Tasks

After you configure the Availability service for cross-forest topologies, you may also want to:

 © 2010 Microsoft Corporation. All rights reserved.