I am sure only very few companies will be going for the federated sharing feature introduced in Exchange 2010. It makes sense to deploy it in acquisitions/mergers situation or when the company wants to run the acquired company as a separate entity, but still be able to share free/busy, calendar and contacts information. This feature is not something that exchange admins will be using on a day to day basis, but I have been getting number of questions regarding the feature & hence though of writing about the things to know/consider.
- Federated trust is easy to setup. You can use either EMC or shell for the same.
- You can share free/busy info, calendar and contacts with another user in a federated organization.
- Admin has full control on what can be shared, default being free/busy information.
- Attachments in a meeting request in a user’s calendar cannot be accessed by a federated user, even when the calendar is shared. No information leaks!
- Federated sharing doesn’t work with organizations with non-exchange messaging systems like Lotus Notes.
- You cannot setup federated sharing between an organization that runs Exchange 2010 with one that runs 2007 SP2.
- You can setup federated trust even if you have a mixed environment with 2007 SP2 & 2010 servers, provided that you have atleast one 2010 CAS. Additional config necessary.
- Certificates from internal CAs cannot be used to setup a federated trust.
- Neither can exchange 2010 self signed certificate be used, atleast now.
- Only commercial certificates from CAs approved by Microsoft Federation Gateway can be used. Check one of my previous article
- Federated sharing doesn’t need any service accounts or directory replication.
SUBSCRIBE FOR DAILY ARTICLE UPDATES VIA EMAIL
Get the published articles delivered straight to your inbox. Your details will not be passed to any third party company.
Deepak Khandelwal December 25, 2009 at 1:31 pm
Thanks rajith, Useful to know.
Rajith Jose Enchiparambil December 30, 2009 at 9:41 am
Thanks for the comment Deepak.
Tommy March 1, 2010 at 10:54 am
Thanks for that. Very helpful… but
does it mean exactly this mixed environement or any like 2003 / 2010
Rajith Jose Enchiparambil March 1, 2010 at 10:57 am
Hi Tommy,
You can't have federation with a 2003 & 2010 forest. Purely 2010 feature, though you can make it work even if you have a mix of 2007 SP2 & 2010 in one forest and pure 2010 in another.
Tommy March 1, 2010 at 11:04 am
Thank you for your (very fast) help!
Scott July 17, 2010 at 2:14 pm
My company is EX2010 and my sister company is EX2007. We have a domain trust between us.
Can I set up Federated sharing to an EX2007 org?
Rajith Jose Enchiparambil July 18, 2010 at 9:06 pm
Hi Scott,
You cannot setup federated sharing between an organization that runs Exchange 2010 with one that runs 2007 SP2.
You can setup federated trust even if you have a mixed environment with 2007 SP2 & 2010 servers, provided that you have atleast one 2010 CAS.
Scott July 19, 2010 at 12:34 am
Ok, thank you!
Rajith Jose Enchiparambil July 19, 2010 at 9:00 am
No problem Scott.