Difference between revisions of "Setting Up Free Busy Interop with Exchange 2007"

Line 1: Line 1:
 
'''Note:'''
 
'''Note:'''
 
*These instructions assumes that MS Exchange 2007 & Zimbra Collaboration Suite have been installed using the "DEFAULT" configurations. Please modify wherever necessary according to your target system’s configurations/settings.
 
*These instructions assumes that MS Exchange 2007 & Zimbra Collaboration Suite have been installed using the "DEFAULT" configurations. Please modify wherever necessary according to your target system’s configurations/settings.
*MS Exchange 2007 System obtains free/busy information by using Availability service instead of public folder which was used by Exchange 2003 (The availability service obtains the user’s free/busy information from its mailbox directly). However Zimbra Collaboration Suite’s interoperability with MS Exchange System is based on the “legacyExchangeDN” attribute which assumes that the Free/Busy information is published into the public folder using WebDAV. If your MS Exchange 2007 System does not have a Free/Busy folder then you can create a new one using the following Exchange 2007 Management Shell (EMS) Command:  [PS] C:\>New-Publicfolder -name "EX:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" –path "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY"   
+
*MS Exchange 2007 System obtains free/busy information by using Availability service instead of public folder which was used by Exchange 2003 (The availability service obtains the user’s free/busy information from its mailbox directly). However Zimbra Collaboration Suite’s interoperability with MS Exchange System is based on the “legacyExchangeDN” attribute which assumes that the Free/Busy information is published into the public folder using WebDAV. If your MS Exchange 2007 System does not have a Free/Busy folder then you can create a new one using the following Exchange 2007 Management Shell (EMS) Command:   
 +
<pre style="color:blue">[PS] C:\>New-Publicfolder -name "EX:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" –path  
 +
"\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY"</pre> 
 +
   
 
*You will also need to ensure that the Exchange 2007 CAS server is forwarding WebDAV service requests to the backend Exchange 2007 Mailbox server.  
 
*You will also need to ensure that the Exchange 2007 CAS server is forwarding WebDAV service requests to the backend Exchange 2007 Mailbox server.  
  
Line 10: Line 13:
 
:[1]. Create a Service Account on MS Exchange 2007. Call it "zimbra".
 
:[1]. Create a Service Account on MS Exchange 2007. Call it "zimbra".
 
:*You may do this by using the following EMS Command:   
 
:*You may do this by using the following EMS Command:   
::''[PS] C:\>$password = Read-Host "Enter password" -AsSecureString ''
+
<pre style="color:blue">[PS] C:\>$password = Read-Host "Enter password" -AsSecureString
 
   
 
   
::''[PS] C:\> New-Mailbox -Name 'USER_NAME' -Alias 'USER_ALIAS' -OrganizationalUnit '<OrganizationalUnitIdParameter>’ -UserPrincipalName 'USER_ALIAS@EXCHANGE_DOMAIN' -SamAccountName 'USER_ALIAS' -FirstName 'USER_FIRST_NAME' -Initials 'USER_INITIALS' -LastName 'USER_LAST_NAME' –Password $password -ResetPasswordOnNextLogon $false -Database '<DatabaseIdParameter>'''  
+
[PS] C:\> New-Mailbox -Name 'USER_NAME' -Alias 'USER_ALIAS' -OrganizationalUnit '<OrganizationalUnitIdParameter>’ -
 +
UserPrincipalName 'USER_ALIAS@EXCHANGE_DOMAIN' -SamAccountName 'USER_ALIAS' -FirstName 'USER_FIRST_NAME' -
 +
Initials 'USER_INITIALS' -LastName 'USER_LAST_NAME' –Password $password -ResetPasswordOnNextLogon $false -Database
 +
'<DatabaseIdParameter>' </pre>  
  
::''Example:''
+
<pre style="color:red">Example:  
::''[PS] C:\>$password = Read-Host "Enter password" –AsSecureString Enter password: ******''
+
[PS] C:\>$password = Read-Host "Enter password" –AsSecureString Enter password: ******
  
::''[PS] C:\>New-Mailbox -Name 'zimbra' -Alias 'zimbra' -OrganizationalUnit 'exchange2k7.local/Users' -UserPrincipalName 'zimbra@exchange2k7.local' -SamAccountName 'zimbra' -FirstName 'zimbra' -Initials '' -LastName '' -Password $password -ResetPasswordOnNextLogon $false -Database 'win2k3r2\First Storage Group\Mailbox Database'''
+
 
 +
[PS] C:\>New-Mailbox -Name 'zimbra' -Alias 'zimbra' -OrganizationalUnit 'exchange2k7.local/Users' -UserPrincipalName
 +
'zimbra@exchange2k7.local' -SamAccountName 'zimbra' -FirstName 'zimbra' -Initials '' -LastName '' -Password $password -
 +
ResetPasswordOnNextLogon $false -Database 'win2k3r2\First Storage Group\Mailbox Database'</pre>
 
    
 
    
 
:*Alternatively you could first create an Active Directory user object "zimbra" (in the "USERS" container) and then assign a mailbox on the Exchange 2007 System by using the following EMS Command:   
 
:*Alternatively you could first create an Active Directory user object "zimbra" (in the "USERS" container) and then assign a mailbox on the Exchange 2007 System by using the following EMS Command:   
  
::''[PS] C:\> Enable-Mailbox -Identity '< OrganizationalUnitIdParameter>/USER_NAME' -Alias ' USER_ALIAS' -Database '<DatabaseIdParameter>’ ''  
+
<pre style="color:blue">[PS] C:\> Enable-Mailbox -Identity '< OrganizationalUnitIdParameter>/USER_NAME' -Alias ' USER_ALIAS' -Database
 +
'<DatabaseIdParameter>’</pre>
 +
 
 +
 
 +
<pre style="color:red">Example:
 +
[PS] C:\>Enable-Mailbox -Identity 'exchange2k7.local/Users/zimbra' -Alias 'zimbra' -Database 'win2k3r2\First Storage
 +
Group\Mailbox Database'</pre>
  
::''Example:''
 
::''[PS] C:\>Enable-Mailbox -Identity 'exchange2k7.local/Users/zimbra' -Alias 'zimbra' -Database 'win2k3r2\First Storage Group\Mailbox Database' 
 
  
 
::If you are more comfortable with AD/Exchange GUI interface then use the same to complete either of the above mentioned steps according to your requirement.''  
 
::If you are more comfortable with AD/Exchange GUI interface then use the same to complete either of the above mentioned steps according to your requirement.''  
Line 42: Line 55:
 
:[3]. Modify the Zimbra System’s config using the “zmprov modifyConfig” to use the settings from the MS Exchange 2007 System.  
 
:[3]. Modify the Zimbra System’s config using the “zmprov modifyConfig” to use the settings from the MS Exchange 2007 System.  
 
:*Exchange Service Account Credentials:  
 
:*Exchange Service Account Credentials:  
::''zmprov mcf zimbraFreebusyExchangeAuthUsername [Exchange 2007 Service Account Name]''
+
<pre style="color:blue">zmprov mcf zimbraFreebusyExchangeAuthUsername [Exchange 2007 Service Account Name]
::''zmprov mcf zimbraFreebusyExchangeAuthPassword [Exchange 2007 Service Account Password]''
+
zmprov mcf zimbraFreebusyExchangeAuthPassword [Exchange 2007 Service Account Password]</pre>
  
::''Example:''
+
<pre style="color:red">Example:
::''[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeAuthUsername zimbra''
+
[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeAuthUsername zimbra  
::''[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeAuthPassword z1mbr4 ''
+
[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeAuthPassword z1mbr4</pre>
  
 
:*Exchange Authentication Schema:  
 
:*Exchange Authentication Schema:  
::''zmprov mcf zimbraFreebusyExchangeAuthScheme [basic or form]''  
+
<pre style="color:blue">zmprov mcf zimbraFreebusyExchangeAuthScheme [basic or form]</pre>  
  
::''Example:''
+
<pre style="color:red">Example:
::''[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeAuthScheme basic''
+
[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeAuthScheme basic</pre>
  
 
::''Note: The Exchange Auth Schema is either “basic” or “form”. When “basic”, the authentication to the Exchange 2007 System happen using HTTP basic authentication. When “form”, the authentication to Exchange 2007 System happen using HTML form based authentication.''   
 
::''Note: The Exchange Auth Schema is either “basic” or “form”. When “basic”, the authentication to the Exchange 2007 System happen using HTTP basic authentication. When “form”, the authentication to Exchange 2007 System happen using HTML form based authentication.''   
  
 
:*URL to Exchange 2007 CAS server:
 
:*URL to Exchange 2007 CAS server:
::''zmprov mcf zimbraFreebusyExchangeURL https://[URL of CAS server]''  
+
<pre style="color:blue">zmprov mcf zimbraFreebusyExchangeURL https://[URL of CAS server]
 +
</pre>  
  
::''Example:''
+
<pre style="color:red">Example:
::''[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeURL https://win2k3r2.exchange2k7.local''
+
[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeURL https://win2k3r2.exchange2k7.local</pre>
  
 
:*Exchange legacyExchangeDN attribute:
 
:*Exchange legacyExchangeDN attribute:
::''zmprov mcf zimbraFreebusyExchangeUserOrg “/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)”''
+
<pre style="color:blue">zmprov mcf zimbraFreebusyExchangeUserOrg “/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)”</pre>
  
::''Example:''
+
<pre style="color:red">Example:
::''[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeUserOrg “/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)”''
+
[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeUserOrg “/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)”</pre>
  
  
Line 77: Line 91:
  
 
:[1]. Allow the Service Account ("zimbra") to update the Exchange Free-Busy folder. You may do this by using the following EMS Command:   
 
:[1]. Allow the Service Account ("zimbra") to update the Exchange Free-Busy folder. You may do this by using the following EMS Command:   
::''[PS] C:\> add-publicfolderclientpermission -identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" –user <Service_Account_USER_NAME> -accessrights owner''
+
<pre style="color:blue">[PS] C:\> add-publicfolderclientpermission -identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" –user <Service_Account_USER_NAME> -accessrights owner</pre>
 
    
 
    
::''Example:''
+
<pre style="color:red">Example:
::''[PS] C:\> add-publicfolderclientpermission -identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" -user zimbra -accessrights owner''  
+
[PS] C:\> add-publicfolderclientpermission -identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" -user zimbra -accessrights owner</pre>  
  
 
:[2]. Make Exchange 2007 aware of the presence of “Public Folders” in the Zimbra domain. You may do this by using the following EMS Command:   
 
:[2]. Make Exchange 2007 aware of the presence of “Public Folders” in the Zimbra domain. You may do this by using the following EMS Command:   
::''[PS] C:\> Add-AvailabilityAddressSpace -forestname <ZIMBRA SYSTEMS's FQDN> -accessmethod publicfolder ''
+
<pre style="color:blue">[PS] C:\> Add-AvailabilityAddressSpace -forestname <ZIMBRA SYSTEMS's FQDN> -accessmethod publicfolder</pre> 
::''Example:''
+
 
::''[PS] C:\>Add-AvailabilityAddressSpace -forestname zimbra.local -accessmethod publicfolder''
+
<pre style="color:red">Example:
 +
[PS] C:\>Add-AvailabilityAddressSpace -forestname zimbra.local -accessmethod publicfolder</pre> 
 
   
 
   
 
:[3]. Create a "Zimbra" OU in Active Directory. Make sure all your Zimbra users are created as “Exchange 2007 Mail Contact Objects” in this OU. As a BEST PRACTICE, to reduce the risk of a collision in namespace a suffix can be added to denote a Zimbra account (i.e. “_zimbra”). Also for each of the mail-contact objects that you create here please set one of the available/not-set “Exchange Extension Attributes (extensionAttribute1 to extensionAttribute15)” to an optional tag (say “_zimbra”). You may use ADSIEDIT utility to set this attribute. Also please ensure that the same extension attribute is set for all the zimbra contact objects.   
 
:[3]. Create a "Zimbra" OU in Active Directory. Make sure all your Zimbra users are created as “Exchange 2007 Mail Contact Objects” in this OU. As a BEST PRACTICE, to reduce the risk of a collision in namespace a suffix can be added to denote a Zimbra account (i.e. “_zimbra”). Also for each of the mail-contact objects that you create here please set one of the available/not-set “Exchange Extension Attributes (extensionAttribute1 to extensionAttribute15)” to an optional tag (say “_zimbra”). You may use ADSIEDIT utility to set this attribute. Also please ensure that the same extension attribute is set for all the zimbra contact objects.   
  
 
:*You may create a mail-enable user by using the following EMS Command:   
 
:*You may create a mail-enable user by using the following EMS Command:   
::''[PS] C:\> New-MailContact -ExternalEmailAddress 'SMTP:<Email Address of the Zimbra User on the Zimbra System>' -Name '<Zimbra User’s corresponding Contact Object Name on the AD>' -Alias '<Zimbra User’s corresponding Alias on the AD>' -OrganizationalUnit '<EXCHANGE 2007 FQDN>/<Zimbra OU on AD>' -FirstName 'CONTACT_FIRST_NAME' -Initials 'CONTACT_INITIALS' -LastName 'CONTACT_LAST_NAME' ''
+
<pre style="color:blue">[PS] C:\> New-MailContact -ExternalEmailAddress 'SMTP:<Email Address of the Zimbra User on the Zimbra System>' -Name '<Zimbra User’s corresponding Contact Object Name on the AD>' -Alias '<Zimbra User’s corresponding Alias on the AD>' -OrganizationalUnit '<EXCHANGE 2007 FQDN>/<Zimbra OU on AD>' -FirstName 'CONTACT_FIRST_NAME' -Initials 'CONTACT_INITIALS' -LastName 'CONTACT_LAST_NAME' </pre>
  
::''Example:''
+
<pre style="color:red">Example:
::''New-MailContact -ExternalEmailAddress 'SMTP:testuser1@zimbra.local' -Name 'testuser1_zimbra' -Alias 'testuser1_zimbra' -OrganizationalUnit 'exchange2k7.local/Zimbra' -FirstName 'testuser1_zimbra' -Initials '' -LastName '' ''
+
New-MailContact -ExternalEmailAddress 'SMTP:testuser1@zimbra.local' -Name 'testuser1_zimbra' -Alias 'testuser1_zimbra' -OrganizationalUnit 'exchange2k7.local/Zimbra' -FirstName 'testuser1_zimbra' -Initials '' -LastName ''   </pre>
  
 
:*Alternatively you could first create an Active Directory contact object as "USER_Zimbra" (in the "Zimbra" OU) and then mail-enable that contact on the Exchange 2007 System by using the following EMS Command:   
 
:*Alternatively you could first create an Active Directory contact object as "USER_Zimbra" (in the "Zimbra" OU) and then mail-enable that contact on the Exchange 2007 System by using the following EMS Command:   
  
::''[PS] C:\> Enable-MailContact -Identity '<EXCHANGE 2007 FQDN>/<Zimbra OU on AD>/<Zimbra User’s corresponding Contact Object Name on the AD>' -ExternalEmailAddress 'SMTP:<Email Address of the Zimbra User on the Zimbra System>' -Alias 'Zimbra User’s corresponding Alias on the AD' ''
+
<pre style="color:blue">[PS] C:\> Enable-MailContact -Identity '<EXCHANGE 2007 FQDN>/<Zimbra OU on AD>/<Zimbra User’s corresponding Contact Object Name on the AD>' -ExternalEmailAddress 'SMTP:<Email Address of the Zimbra User on the Zimbra System>' -Alias 'Zimbra User’s corresponding Alias on the AD' </pre>
  
::''Example:
+
<pre style="color:red">Example:
::'' [PS] C:\>Enable-MailContact -Identity 'exchange2k7.local/Zimbra/testuser2_zimbra' -ExternalEmailAddress 'SMTP:testuser2@zimbra.local' -Alias 'testuser2_zimbra' ''
+
[PS] C:\>Enable-MailContact -Identity 'exchange2k7.local/Zimbra/testuser2_zimbra' -ExternalEmailAddress 'SMTP:testuser2@zimbra.local' -Alias 'testuser2_zimbra'</pre>
  
 
==== On the Zimbra System: ====
 
==== On the Zimbra System: ====
  
 
:[4]. Configure the zimbra user account to push its free/busy status to the Exchange 2007 System.  
 
:[4]. Configure the zimbra user account to push its free/busy status to the Exchange 2007 System.  
::''zmprov ma <Zimbra Account> zimbraForeignPrincipal ad: <Exchange mail contact>''
+
<pre style="color:blue">
 +
zmprov ma <Zimbra Account> zimbraForeignPrincipal ad: <Exchange mail contact></pre> 
  
::''Example:
+
<pre style="color:red">Example:
::''[zimbra@zimbra /]$ zmprov ma testuser1@zimbra.local zimbraForeignPrincipal ad:testuser1_zimbra ''
+
[zimbra@zimbra /]$ zmprov ma testuser1@zimbra.local zimbraForeignPrincipal ad:testuser1_zimbra </pre>
  
  
Line 120: Line 136:
 
Modify the Zimbra Domain’s config using the “zmprov modifyDomain” to get a unified view of the GAL (consisting of GAL users from both Exchange 2007 System & Zimbra System).
 
Modify the Zimbra Domain’s config using the “zmprov modifyDomain” to get a unified view of the GAL (consisting of GAL users from both Exchange 2007 System & Zimbra System).
  
::''zmprov md <Zimbra Domain> zimbraGalMode both''
+
<pre style="color:blue">zmprov md <Zimbra Domain> zimbraGalMode both
::''zmprov md <Zimbra Domain> zimbraGalMaxResults <Integer Value>''
+
zmprov md <Zimbra Domain> zimbraGalMaxResults <Integer Value>
::''zmprov md <Zimbra Domain> zimbraGalLdapURL ldap://<FQDN of the Active Directory>:3268''
+
zmprov md <Zimbra Domain> zimbraGalLdapURL ldap://<FQDN of the Active Directory>:3268
::''zmprov md <Zimbra Domain> zimbraGalLdapFilter (&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*))(! (msExchHideFromAddressLists=TRUE))(! (<Exchange Extension Attribute Number>=<Optional Tag Set on Exchange 2007 System >))(mailNickname=*)(|(objectClass=user)(objectClass=contact)(objectClass=msExchSystemMailbox)''(objectClass=msExchDynamicDistributionList)(objectClass=group)(objectClass=publicFolder)))''
+
zmprov md <Zimbra Domain> zimbraGalLdapFilter (&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*))(! (msExchHideFromAddressLists=TRUE))(! (<Exchange Extension Attribute Number>=<Optional Tag Set on Exchange 2007 System >))(mailNickname=*)(|(objectClass=user)(objectClass=contact)(objectClass=msExchSystemMailbox)''(objectClass=msExchDynamicDistributionList)(objectClass=group)(objectClass=publicFolder)))
::''zmprov md <Zimbra Domain> zimbraGalAutoCompleteLdapFilter adAutoComplete''
+
zmprov md <Zimbra Domain> zimbraGalAutoCompleteLdapFilter adAutoComplete
::''zmprov md <Zimbra Domain> zimbraGalLdapSearchBase <AD base DN>''
+
zmprov md <Zimbra Domain> zimbraGalLdapSearchBase <AD base DN>
::''zmprov md <Zimbra Domain> zimbraGalLdapBindDn <UserPrincipalName of the Zimbra Service Account created on the AD>''
+
zmprov md <Zimbra Domain> zimbraGalLdapBindDn <UserPrincipalName of the Zimbra Service Account created on the AD>
::''zmprov md <Zimbra Domain> zimbraGalLdapBindPassword <Password of the Zimbra Service Account>''
+
zmprov md <Zimbra Domain> zimbraGalLdapBindPassword <Password of the Zimbra Service Account>
 
+
</pre>
  
::''Example:''
+
<pre style="color:red">Example:
::''[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalMode both''
+
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalMode both
::''[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalMaxResults 100''
+
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalMaxResults 100
::''[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapURL ldap://win2k3r2.exchange2k7.local:3268''
+
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapURL ldap://win2k3r2.exchange2k7.local:3268''
::''[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapFilter (&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*))(! (msExchHideFromAddressLists=TRUE))(! (extensionAttribute1=_zimbra))(mailNickname=*)(|(objectClass=user)(objectClass=contact)(objectClass=msExchSystemMailbox)(objectClass=msExchDynamicDistributionList)(objectClass=group)(objectClass=publicFolder)))''
+
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapFilter (&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*))(! (msExchHideFromAddressLists=TRUE))(! (extensionAttribute1=_zimbra))(mailNickname=*)(|(objectClass=user)(objectClass=contact)(objectClass=msExchSystemMailbox)(objectClass=msExchDynamicDistributionList)(objectClass=group)(objectClass=publicFolder)))
::''[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalAutoCompleteLdapFilter adAutoComplete''
+
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalAutoCompleteLdapFilter adAutoComplete
::''[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapSearchBase dc=exchange2k7,dc=local''
+
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapSearchBase dc=exchange2k7,dc=local
::''[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapBindDn administrator@exchange2k7.local''
+
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapBindDn administrator@exchange2k7.local
::''[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapBindPassword z1mbr4''
+
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapBindPassword z1mbr4</pre>
  
  

Revision as of 00:48, 11 February 2011

Note:

  • These instructions assumes that MS Exchange 2007 & Zimbra Collaboration Suite have been installed using the "DEFAULT" configurations. Please modify wherever necessary according to your target system’s configurations/settings.
  • MS Exchange 2007 System obtains free/busy information by using Availability service instead of public folder which was used by Exchange 2003 (The availability service obtains the user’s free/busy information from its mailbox directly). However Zimbra Collaboration Suite’s interoperability with MS Exchange System is based on the “legacyExchangeDN” attribute which assumes that the Free/Busy information is published into the public folder using WebDAV. If your MS Exchange 2007 System does not have a Free/Busy folder then you can create a new one using the following Exchange 2007 Management Shell (EMS) Command:
[PS] C:\>New-Publicfolder -name "EX:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" –path 
"\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY"
  • You will also need to ensure that the Exchange 2007 CAS server is forwarding WebDAV service requests to the backend Exchange 2007 Mailbox server.


I. Exchange Free/Busy Lookup from Zimbra

On the Exchange 2007 System:

[1]. Create a Service Account on MS Exchange 2007. Call it "zimbra".
  • You may do this by using the following EMS Command:
[PS] C:\>$password = Read-Host "Enter password" -AsSecureString
 
[PS] C:\> New-Mailbox -Name 'USER_NAME' -Alias 'USER_ALIAS' -OrganizationalUnit '<OrganizationalUnitIdParameter>’ -
UserPrincipalName 'USER_ALIAS@EXCHANGE_DOMAIN' -SamAccountName 'USER_ALIAS' -FirstName 'USER_FIRST_NAME' -
Initials 'USER_INITIALS' -LastName 'USER_LAST_NAME' –Password $password -ResetPasswordOnNextLogon $false -Database
 '<DatabaseIdParameter>' 
Example: 
[PS] C:\>$password = Read-Host "Enter password" –AsSecureString Enter password: ******


[PS] C:\>New-Mailbox -Name 'zimbra' -Alias 'zimbra' -OrganizationalUnit 'exchange2k7.local/Users' -UserPrincipalName
 'zimbra@exchange2k7.local' -SamAccountName 'zimbra' -FirstName 'zimbra' -Initials '' -LastName '' -Password $password -
ResetPasswordOnNextLogon $false -Database 'win2k3r2\First Storage Group\Mailbox Database'
  • Alternatively you could first create an Active Directory user object "zimbra" (in the "USERS" container) and then assign a mailbox on the Exchange 2007 System by using the following EMS Command:
[PS] C:\> Enable-Mailbox -Identity '< OrganizationalUnitIdParameter>/USER_NAME' -Alias ' USER_ALIAS' -Database
 '<DatabaseIdParameter>’


Example:
[PS] C:\>Enable-Mailbox -Identity 'exchange2k7.local/Users/zimbra' -Alias 'zimbra' -Database 'win2k3r2\First Storage
 Group\Mailbox Database'


If you are more comfortable with AD/Exchange GUI interface then use the same to complete either of the above mentioned steps according to your requirement.


[2]. Use the ADSIEDIT tools on the AD/Exchange server to find out the legacyExchangeDN attribute of the Service Account. You would need this while configuring the settings on the Zimbra System. You may find out the legacyExchangeDN by following this method.
  1. On the AD/Exchange Server, click START > Run > Type adsiedit.msc
  2. Select your Domain’s Node and expand the tree until you reach the node “CN=Users”. Now expand this node to find the container “CN=<Your Service Account Name>” (e.g. “CN=zimbra”).
  3. Right click the container described in [2.] and select “Properties” to open the properties screen.
  4. Browse the attributes to find the legacyExchangeDN attribute. Click on “Edit”.
  5. From the “String Attribute Editor” window obtain (copy) the part of the string appearing before “/cn=Recipients/cn=<Your Service Account Name>”. The copied string should look something like “/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)”. Keep this string safe; we will use it further down to configure the Zimbra System.
  6. Close all the windows, keep in mind not to modify any attribute values appearing in the ADSIEDIT Interface.


On the Zimbra System:

[3]. Modify the Zimbra System’s config using the “zmprov modifyConfig” to use the settings from the MS Exchange 2007 System.
  • Exchange Service Account Credentials:
zmprov mcf zimbraFreebusyExchangeAuthUsername [Exchange 2007 Service Account Name]
zmprov mcf zimbraFreebusyExchangeAuthPassword [Exchange 2007 Service Account Password]
Example:
[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeAuthUsername zimbra 
[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeAuthPassword z1mbr4
  • Exchange Authentication Schema:
zmprov mcf zimbraFreebusyExchangeAuthScheme [basic or form]
Example:
[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeAuthScheme basic
Note: The Exchange Auth Schema is either “basic” or “form”. When “basic”, the authentication to the Exchange 2007 System happen using HTTP basic authentication. When “form”, the authentication to Exchange 2007 System happen using HTML form based authentication.
  • URL to Exchange 2007 CAS server:
zmprov mcf zimbraFreebusyExchangeURL https://[URL of CAS server]
Example:
[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeURL https://win2k3r2.exchange2k7.local
  • Exchange legacyExchangeDN attribute:
zmprov mcf zimbraFreebusyExchangeUserOrg “/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)”
Example:
[zimbra@zimbra /]$ zmprov mcf zimbraFreebusyExchangeUserOrg “/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)”


II. Zimbra Free/Busy Lookup from Exchange

On the Exchange 2007 System:

Ensure that the Service Account has been created on the Exchange 2007 System as per description provided in section I. [1]. above.

[1]. Allow the Service Account ("zimbra") to update the Exchange Free-Busy folder. You may do this by using the following EMS Command:
[PS] C:\> add-publicfolderclientpermission -identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" –user <Service_Account_USER_NAME> -accessrights owner
Example:
[PS] C:\> add-publicfolderclientpermission -identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" -user zimbra -accessrights owner
[2]. Make Exchange 2007 aware of the presence of “Public Folders” in the Zimbra domain. You may do this by using the following EMS Command:
[PS] C:\> Add-AvailabilityAddressSpace -forestname <ZIMBRA SYSTEMS's FQDN> -accessmethod publicfolder
Example:
[PS] C:\>Add-AvailabilityAddressSpace -forestname zimbra.local -accessmethod publicfolder
[3]. Create a "Zimbra" OU in Active Directory. Make sure all your Zimbra users are created as “Exchange 2007 Mail Contact Objects” in this OU. As a BEST PRACTICE, to reduce the risk of a collision in namespace a suffix can be added to denote a Zimbra account (i.e. “_zimbra”). Also for each of the mail-contact objects that you create here please set one of the available/not-set “Exchange Extension Attributes (extensionAttribute1 to extensionAttribute15)” to an optional tag (say “_zimbra”). You may use ADSIEDIT utility to set this attribute. Also please ensure that the same extension attribute is set for all the zimbra contact objects.
  • You may create a mail-enable user by using the following EMS Command:
[PS] C:\> New-MailContact -ExternalEmailAddress 'SMTP:<Email Address of the Zimbra User on the Zimbra System>' -Name '<Zimbra User’s corresponding Contact Object Name on the AD>' -Alias '<Zimbra User’s corresponding Alias on the AD>' -OrganizationalUnit '<EXCHANGE 2007 FQDN>/<Zimbra OU on AD>' -FirstName 'CONTACT_FIRST_NAME' -Initials 'CONTACT_INITIALS' -LastName 'CONTACT_LAST_NAME' 
Example:
New-MailContact -ExternalEmailAddress 'SMTP:testuser1@zimbra.local' -Name 'testuser1_zimbra' -Alias 'testuser1_zimbra' -OrganizationalUnit 'exchange2k7.local/Zimbra' -FirstName 'testuser1_zimbra' -Initials '' -LastName ''   
  • Alternatively you could first create an Active Directory contact object as "USER_Zimbra" (in the "Zimbra" OU) and then mail-enable that contact on the Exchange 2007 System by using the following EMS Command:
[PS] C:\> Enable-MailContact -Identity '<EXCHANGE 2007 FQDN>/<Zimbra OU on AD>/<Zimbra User’s corresponding Contact Object Name on the AD>' -ExternalEmailAddress 'SMTP:<Email Address of the Zimbra User on the Zimbra System>' -Alias 'Zimbra User’s corresponding Alias on the AD' 
Example:
[PS] C:\>Enable-MailContact -Identity 'exchange2k7.local/Zimbra/testuser2_zimbra' -ExternalEmailAddress 'SMTP:testuser2@zimbra.local' -Alias 'testuser2_zimbra'

On the Zimbra System:

[4]. Configure the zimbra user account to push its free/busy status to the Exchange 2007 System.
zmprov ma <Zimbra Account> zimbraForeignPrincipal ad: <Exchange mail contact>
Example:
[zimbra@zimbra /]$ zmprov ma testuser1@zimbra.local zimbraForeignPrincipal ad:testuser1_zimbra 


III. Merge the GALs of Exchange & Zimbra Domains:

On the Exchange 2007 System:

On the Exchange 2007 System no further work needs to be done since all Zimbra accounts would now be appearing as a mail contact in the Exchange 2007 GAL.

On the Zimbra System

Modify the Zimbra Domain’s config using the “zmprov modifyDomain” to get a unified view of the GAL (consisting of GAL users from both Exchange 2007 System & Zimbra System).

zmprov md <Zimbra Domain> zimbraGalMode both
zmprov md <Zimbra Domain> zimbraGalMaxResults <Integer Value>
zmprov md <Zimbra Domain> zimbraGalLdapURL ldap://<FQDN of the Active Directory>:3268
zmprov md <Zimbra Domain> zimbraGalLdapFilter (&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*))(! (msExchHideFromAddressLists=TRUE))(! (<Exchange Extension Attribute Number>=<Optional Tag Set on Exchange 2007 System >))(mailNickname=*)(|(objectClass=user)(objectClass=contact)(objectClass=msExchSystemMailbox)''(objectClass=msExchDynamicDistributionList)(objectClass=group)(objectClass=publicFolder)))
zmprov md <Zimbra Domain> zimbraGalAutoCompleteLdapFilter adAutoComplete
zmprov md <Zimbra Domain> zimbraGalLdapSearchBase <AD base DN>
zmprov md <Zimbra Domain> zimbraGalLdapBindDn <UserPrincipalName of the Zimbra Service Account created on the AD>
zmprov md <Zimbra Domain> zimbraGalLdapBindPassword <Password of the Zimbra Service Account>  
Example:
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalMode both
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalMaxResults 100
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapURL ldap://win2k3r2.exchange2k7.local:3268''
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapFilter (&(|(cn=*%s*)(sn=*%s*)(gn=*%s*)(mail=*%s*))(! (msExchHideFromAddressLists=TRUE))(! (extensionAttribute1=_zimbra))(mailNickname=*)(|(objectClass=user)(objectClass=contact)(objectClass=msExchSystemMailbox)(objectClass=msExchDynamicDistributionList)(objectClass=group)(objectClass=publicFolder)))
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalAutoCompleteLdapFilter adAutoComplete
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapSearchBase dc=exchange2k7,dc=local
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapBindDn administrator@exchange2k7.local
[zimbra@zimbra /]$ zmprov md zimbra.local zimbraGalLdapBindPassword z1mbr4


Troubleshooting

See http://wiki.zimbra.com/index.php?title=Troubleshooting_Exchange_Freebusy_Interop


Verified Against: ZCS 5.0. Date Created: 4/28/2009
Article ID: https://wiki.zimbra.com/index.php?title=Setting_Up_Free_Busy_Interop_with_Exchange_2007 Date Modified: 2011-02-11



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search