Sunday, June 19, 2016

Cross-premises free/busy calendar sharing between Exchange on-premises and Exchange Online organizations

Scenario:
Federate Exchange Server on-premises and Exchange Online for calendar sharing. This specific use case is for two organizations to share Free/Busy calendar information between each other. The first organization has an Exchange Server 2010+ on premises environment. The second organization uses Office 365 with Exchange Online. Neither organization is configured for Hybrid.

Solution:
From Exchange Server 2010+ on premises EMS:

1. Create Federation Trust:

$ski = [System.Guid]::NewGuid().ToString("N")
New-ExchangeCertificate -FriendlyName "Exchange Federated Delegation" -DomainName $env:USERDNSDOMAIN -Services Federation -KeySize 2048 -PrivateKeyExportable $true -SubjectKeyIdentifier $ski
Get-ExchangeCertificate | ?{$_.friendlyname -eq "Exchange Federated Delegation"} | New-FederationTrust -Name "Microsoft Federation Gateway"

2. Create the federated domain proof encryption string for calendar sharing domain contoso.com:

Get-FederatedDomainProof -DomainName onpremisesdomain.com

3. Add domain proof as TXT record (generated in step 2) to onpremisesdomain.com public DNS domain and TXT record value is something like:

7Zyr2i/fE/M/T3AwCpitDbF30Fk/TdzXME6f7d1lDaKGthPdoS+UF94t43D2nU5hLNnIAP+5A3jJR2ik9HDPgg==

4. Once TXT record is added to public DNS then add a domain onpremisesdomain.com as a federated domain and enable federation for the Exchange organization:

Set-FederatedOrganizationIdentifier -DelegationFederationTrust "Microsoft Federation Gateway" -AccountNamespace "onpremisesdomain.com" -Enabled $true

5. Create an organization relationship with o365Domain.com Exchange Online domain:

Get-FederationInformation -DomainName "o365Domain.com" | New-OrganizationRelationship -Name "On-premises to Exchange Online" -DomainNames "o365Domain.com" -FreeBusyAccessEnabled $true -FreeBusyAccessLevel AvailabilityOnly

From Exchange Online

1. Connect to EXO in another PowerShell session or with "prefixed" session:

Import-PSSession (New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential (Get-Credential) -Authentication Basic -AllowRedirection)

2. Create a new organization relationship with Exchange Server on premises domain onpremisesdomain.com:

Get-FederationInformation -DomainName "onpremisesdomain.com" | New-OrganizationRelationship -Name "Exchange Online to on-premises" -DomainNames "onpremisesdomain.com" -FreeBusyAccessEnabled $true -FreeBusyAccessLevel AvailabilityOnly

Now it’s all done, it’s time for testing.
Some time you may notice the even after setup office 365 users may not be able to see the calendar free/busy info while it work from the other end. In this case you may need to restart IIS on on-premises exchange 2010+ CAS to get this working. Alternative path you may find under my article: Exchange Online users in Office 365 cannot see on-premises Exchange Server Free/Busy information.

References: