Sunday, June 19, 2016

Cross-premises free/busy calendar sharing between Exchange on-premises and Exchange Online organizations

Scenario:
Federate Exchange Server on-premises and Exchange Online for calendar sharing. This specific use case is for two organizations to share Free/Busy calendar information between each other. The first organization has an Exchange Server 2010+ on premises environment. The second organization uses Office 365 with Exchange Online. Neither organization is configured for Hybrid.

Solution:
From Exchange Server 2010+ on premises EMS:

1. Create Federation Trust:

$ski = [System.Guid]::NewGuid().ToString("N")
New-ExchangeCertificate -FriendlyName "Exchange Federated Delegation" -DomainName $env:USERDNSDOMAIN -Services Federation -KeySize 2048 -PrivateKeyExportable $true -SubjectKeyIdentifier $ski
Get-ExchangeCertificate | ?{$_.friendlyname -eq "Exchange Federated Delegation"} | New-FederationTrust -Name "Microsoft Federation Gateway"

2. Create the federated domain proof encryption string for calendar sharing domain contoso.com:

Get-FederatedDomainProof -DomainName onpremisesdomain.com

3. Add domain proof as TXT record (generated in step 2) to onpremisesdomain.com public DNS domain and TXT record value is something like:

7Zyr2i/fE/M/T3AwCpitDbF30Fk/TdzXME6f7d1lDaKGthPdoS+UF94t43D2nU5hLNnIAP+5A3jJR2ik9HDPgg==

4. Once TXT record is added to public DNS then add a domain onpremisesdomain.com as a federated domain and enable federation for the Exchange organization:

Set-FederatedOrganizationIdentifier -DelegationFederationTrust "Microsoft Federation Gateway" -AccountNamespace "onpremisesdomain.com" -Enabled $true

5. Create an organization relationship with o365Domain.com Exchange Online domain:

Get-FederationInformation -DomainName "o365Domain.com" | New-OrganizationRelationship -Name "On-premises to Exchange Online" -DomainNames "o365Domain.com" -FreeBusyAccessEnabled $true -FreeBusyAccessLevel AvailabilityOnly

From Exchange Online

1. Connect to EXO in another PowerShell session or with "prefixed" session:

Import-PSSession (New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential (Get-Credential) -Authentication Basic -AllowRedirection)

2. Create a new organization relationship with Exchange Server on premises domain onpremisesdomain.com:

Get-FederationInformation -DomainName "onpremisesdomain.com" | New-OrganizationRelationship -Name "Exchange Online to on-premises" -DomainNames "onpremisesdomain.com" -FreeBusyAccessEnabled $true -FreeBusyAccessLevel AvailabilityOnly

Now it’s all done, it’s time for testing.

You may notice office 365 users are not able to see the on-prem calendar free/busy info while it's working from the other end. In this case you may need to restart IIS of on-premises Exchange Server 2010+ CAS to get this working. Alternative solution you may find at: Exchange Online users in Office 365 cannot see on-premises Exchange Server Free/Busy information.

References: