Configure the Availability service for cross-forest topology

Configure the Availability service for cross-forest topology:-

This article tells about how to configure freebusy sharing between two Exchange Forests.

You can use the Availability service in cross-forest topologies across trusted or untrusted forests. The type of free/busy information that’s available depends on if you’re using a trusted or untrusted forest.

Trusted forests:- In trusted forests, you can configure the Availability service to retrieve free/busy information on a per-user basis. When the Availability service is configured to retrieve free/busy information on a per-user basis, the service can make cross-forest requests on behalf of a particular user. This allows a user in a remote forest to retrieve detailed free/busy information for someone who is not in the same forest.

Untrusted forests:- In untrusted forests, you can only configure the Availability service to retrieve free/busy information on an organization-wide basis. When the Availability service makes free/busy cross-forest requests at the organizational level, free/busy information is returned for each user in the organization. In untrusted forests, it isn’t possible to control the level of free/busy information that’s returned on a per-user basis.

Getting ready for cross-forest topologies:-

GALsync is primary thing to get freebusy works between two forests.

By default, a global address list (GAL) contains mail recipients from a single forest. If you have a cross-forest environment, you can use ILM, MIIS, FIM or Custom script to ensure that the GAL in any given forest contains mail recipients from other forests (GalSync). Galsync is a mandatory step to configure Availability service between two forests.

For example, users in Forest A appear as a mail user in Forest B and vice versa. Users in the target forest can then select the mail user object that represents a recipient in another forest to send mail.

Configure Availability Service in trusted Forests:-

Here are steps to configure Availability service in trusted forests:-

Note:- I am taking example of two domain for which we need to configure Availability service (abc.com and xyz.com)

On abc.com side:-

Define free/busy access method:-

Get-ClientAccessServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights “ms-exch-epi-token-serialization” -User “xyz.com\Exchange Servers”

Export Autodiscover Configuration to xyz.com domain (This will require a service account at abc.com side).

$a=Get-Credential
Export-AutoDiscoverConfig -DomainController dc.abc.com -TargetForestDomainController dc.xyz.com -TargetForestCredential $a -MultipleExchangeDeployments $true

Run Below comand to Add availabiltiy service at xyz.com domain side so xyz.com users can see free busy for abc.com users:-

Add-AvailabilityAddressSpace -ForestName abc.com -AccessMethod PerUserFB -UseServiceAccount $true

This completes configuration at abc.com side.

Now lets configure same so abc.com users can see xyz.com users free busy. Run below on xyz side:-

Get-ClientAccessServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights “ms-exch-epi-token-serialization” -User “abc.com\Exchange Servers”

$a=Get-Credential
Export-AutoDiscoverConfig -DomainController dc.xyz.com -TargetForestDomainController dc.abc.com -TargetForestCredential $a -MultipleExchangeDeployments $true

Add-AvailabilityAddressSpace -ForestName abc.com -AccessMethod PerUserFB -UseServiceAccount $true

Configure Availability Service in untrusted Forests:-

In untursted forests have to use orgwide account so we need to run below to configure it:-

Run Below in abc.com domain:-

Set-AvailabilityConfig -OrgWideAccount “xyz.com\User”

$a = Get-Credential (Enter the credentials for xyz.com)
Add-AvailabilityAddressspace -Forestname xyz.com -Accessmethod OrgWideFB -Credential:$a

Run Below in xyz.com domain:-

Set-AvailabilityConfig -OrgWideAccount “abc.com\User”

$a = Get-Credential (Enter the credentials for abc.com)
Add-AvailabilityAddressspace -Forestname abc.com -Accessmethod OrgWideFB -Credential:$a

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.