Applies to: Exchange Server 2013
Topic Last Modified: 2013-01-15
Microsoft Exchange Server 2013 includes features that work with Microsoft SharePoint Server 2013 and Microsoft Lync Server 2013, known as partner applications. To make sure these partner applications can access each other’s resources, you need to configure server-to-server authentication.
This topic shows you how to configure server-to-server authentication between Exchange 2013 and SharePoint 2013 so users can use the eDiscovery Center in SharePoint 2013 to search Exchange Server 2013 mailbox content. To fully enable this functionality, you must complete additional steps in SharePoint 2013. For details, see Configure eDiscovery in SharePoint 2013 .
What do you need to know before you begin?
- Estimated time to complete this task: 30 minutes.
- Procedures in this topic require specific permissions. See each
procedure for its permissions information.
- Exchange 2013 and SharePoint 2013 must be installed in the same
domain or the same forest.
- The SharePoint 2013 site must be configured to use Secure
Sockets Layer (SSL).
- The Exchange Web Services Managed API must
be installed on every server that is running SharePoint 2013. Reset
Internet Information Server after installation.
- For information about keyboard shortcuts that may apply to the
procedures in this topic, see Keyboard Shortcuts in
the Exchange Admin Center.
How do you do this?
Step 1: Configure server-to-server authentication for Exchange 2013 on a server running SharePoint Server 2013
Run the following command to create Exchange 2013 as a trusted security token issuer in SharePoint 2013.
New-SPTrustedSecurityTokenIssuer -Name Exchange -MetadataEndPoint https://<Exchange Server Name or FQDN>/autodiscover/metadata/json/1
Run the following commands to grant the Exchange service principal full control permissions to SharePoint site subscription.
$exchange=Get-SPTrustedSecurityTokenIssuer $app=Get-SPAppPrincipal -Site http://<SharePoint ServerName> -NameIdentifier $exchange.NameId $site=Get-SPSite http://<SPServerName> Set-SPAppPrincipalPermission -AppPrincipal $app -Site $site.RootWeb -Scope sitesubscription -Right fullcontrol -EnableAppOnlyPolicy
Step 2: Configure server-to-server authentication for SharePoint 2013 on a server running Exchange 2013
Perform this step on an Exchange 2013 server. You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Partner applications - configure" entry in the Sharing and Collaboration Permissions topic.
Run this command to configure the SharePoint partner application.
cd c:\'Program Files'\Microsoft\'Exchange Server'\V15\Scripts .\Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl <path to SharePoint AuthMetadataUrl> -ApplicationType SharePoint
Step 3: Add authorized users to the Discovery Management role group
Add users who need to perform an eDiscovery search using SharePoint 2013 to the Discovery Management role group in Exchange 2013. For details, see Add a User to the Discovery Management Role Group.
|Adding users to the Discovery Management role group allows them to use In-Place eDiscovery to search all Exchange 2013 mailboxes and access potentially sensitive email content in user mailboxes. By default, this permission isn’t assigned to any user, including members of the Organization Management role group. Check with your organization’s legal or HR departments before assigning this permission to any user.|