Let's see how the basic principles of federation and federated delegation and the various components and fundamentals of federated
delegation in Exchange Server 2010 all fit together. We'll do this by
covering the various federation scenarios in an Exchange Server 2010
environment, and the advantages and drawbacks to each of them.
The common component in all of these scenarios is the creation of a federation trust, for the purposes of this discussion, we will
assume that the trust is in place and configured for all accepted
domains in the organization.
1. Free/Busy Access
delegation provides a lot of new functionality with many advantages,
the "killer app" is probably providing seamless, basic free/busy
information—much like your users are accustomed to seeing when
scheduling meetings with other internal users. This is configured at
the organization level on a per-external organization basis, with one
organization relationship in place with each external organization you
want to share free/busy information with. This provides the other
organization access to your Availability service at the level of detail
specified. You can also restrict which internal users' free/busy data
is accessible by specifying a security distribution group; only members
of that group will have their free/busy data accessible via the
organization relationship. Organization relationships are discussed in detail in the "Organization Relationship" section of this chapter.
The organization-level prerequisites to enabling two-way free/busy access between organizations are:
Both organizations must be running Exchange Server 2010 Client Access servers.
organizations must have federation trusts created and configured for
the SMTP domains of the users who will be accessing free/busy between
the organizations. The creation and management of federation trusts is
discussed in detail in the "Federated Trust" section of this chapter.
parties must have created and configured an organization relationship
with the other organization as discussed in the "Organization
Relationship" section of this chapter.
Exchange Server 2010 Client Access servers are a prerequisite, users'
mailboxes do not have to be on Exchange Server 2010 Mailbox servers.
Mailboxes on Exchange Server 2007 SP2 can use federated delegation by
configuring Exchange Server 2007 SP2 Client Access servers to proxy
availability requests to Exchange Server 2010 Client Access with the Add-AvailabilityAddressSpace cmdlet. For example, to proxy the contoso.com address space, the cmdlet would be:
Add-AvailabilityAddressSpace -ForestName contoso.com _-AccessMethod
When the prerequisites and client requirements are in place, your users can access free/busy
information for users in the other organization by entering the user's
SMTP address in the Scheduling Assistant within a new or existing
Outlook Web App or Outlook 2010 meeting request, as shown in Figure 1.
Outlook versions prior to Outlook 2007 cannot be used because the
free/busy lookup across organizations uses the availability service,
and no free/busy information is posted to public folders.
Figure 1. Accessing free/busy from a user in an external organization
Program Manager, Microsoft Corporation, Redmond, WA
The only prerequisites for
Outlook Web App and Outlook 2010 clients to access free/busy
information across Exchange Server 2010 organizations is for both
organizations to have federation trusts established and to have organization
relationships in place with each other. Users of Outlook 2007, however,
can't specify recipients in external organizations by SMTP address to
display availability information; they are restricted to selecting
recipients from the GAL. This means that GAL synchronization must be in
place between the organizations for Outlook 2007 users to be able to
perform free/busy lookups for users in federated domains.
Establishing GAL synchronization
between organizations is a complex undertaking on both a business and
technical level, so we recommend that organizations deploy Office 2010
to allow for cross-organization free/busy access, or consider utilizing
Outlook Web App for this functionality.