Tools
1. Microsoft Identity Lifecycle Manager (ILM) 2007 Feature Pack 1 (FP1)
2. MIIS
3. FIM, other 3rd party dirsync tool, etc
2. Scripts
(a) This example configures the Availability service to retrieve per-user free/busy information on a Mailbox server in the target forest.
1. Microsoft Identity Lifecycle Manager (ILM) 2007 Feature Pack 1 (FP1)
2. MIIS
3. FIM, other 3rd party dirsync tool, etc
2. Scripts
(a) This example configures the Availability service to retrieve per-user free/busy information on a Mailbox server in the target forest.
Get-MailboxServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch- EPI-Token-Serialization" -User "<Remote Forest Domain>\Mailbox servers"
Add-AvailabilityAddressSpace -Forestname ContosoForest.com -AccessMethod PerUserFB -UseServiceAccount:$true(b) To configure bidirectional cross-forest availability, repeat these steps in the target forest.
If you choose to configure cross-forest availability with trust, and also choose to use a service account (instead of specifying organization-wide or per-user credentials), you must extend permissions as shown in the example in the "Use the Shell to configure trusted cross-forest availability with a service account" section. Performing that procedure in the target forest gives Mailbox servers in the source forest permission to serialize the original user context.
(c) This example configures trusted cross-forest availability with a service account.
Get-MailboxServer| Add-ADPermission -Accessrights Extendedright -Extendedright "ms-Exch-EPI-Token-Serialization" -User "<Remote Forest Domain>\Exchange servers"This example sets the organization-wide account on the availability configuration object to configure the access level for free/busy information in the target forest
Set-AvailabilityConfig -OrgWideAccount "Contoso.com\User"This example adds the Availability address space configuration object for the source forest.
$a = Get-Credential (Enter the credentials for organization-wide user in Contoso.com domain) Add-AvailabilityAddressspace -Forestname Contoso.com -Accessmethod OrgWideFB -Credential:$aFrom Microsoft Technet : http://technet.microsoft.com/en-us/library/bb125182(v=exchg.150).aspxfrom Blog :http://blogs.technet.com/b/ucedsg/archive/2010/04/22/how-does-federated-calendar-sharing-work-in-exchange-2010.aspxFour things needed to get you started:1) Obtain a X.509 certificate from a Trusted Root CA (GoDaddy, Entrust, etc) for use with Microsoft Federation Gateway (MFG) for signing and encrypting delegation tokens. (more here). Here is a list of Trusted Root CAs that MFG is aware of here.2) Create a Federation Trust using cmdlet with the MFG (more here):New-FederationTrust3) Provide domain ownership by creating a DNS TXT record similar to (more here):Contoso.com IN TXT AppId = 1C24) Add your SMTP domains (other Exchange Orgs) and add Federated domains to trust calendar information with (other org must accept) using cmdlet (more here):Set-FederatedOrganizationIdentifier - to enable your SMTP domains for federation sharing with the MFGAdd-FederatedDomain – to add other External Orgs to share calendar information with
No comments:
Post a Comment