Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

You can set up federated delegation (formerly known as federated sharing) in a Microsoft Exchange Server 2010 on-premises environment.

Using federated delegation, users in your on-premises Exchange organization can share information with recipients in other Exchange organizations that are also configured for federated delegation. This connection is established by creating organization relationships between the two organizations or by using a sharing policy, which allows users to create sharing relationships on an individual basis.

Federated delegation uses the Microsoft Federation Gateway, a cloud-based service offered by Microsoft, as the trust broker between your on-premises Exchange 2010 organization and other federated Exchange 2010 organizations.

Looking for other management tasks related to federated delegation? Check out Managing Federated Delegation.

Domain Namespace Requirements

To set up federated delegation for your on-premises Exchange 2010 organization, you must configure a domain proof of ownership record for any domains used for user e-mail accounts or for hosting user accounts in Microsoft Outlook Live or Microsoft Online Services.

Step 1: Create a federation trust with the Microsoft Federation Gateway

You can use the EMC or the Shell to create a federation trust. For detailed instructions, see Create a Federation Trust.

Step 2: Create TXT records for federated delegation

To provide proof of ownership of a registered Internet domain, you must create a text (TXT) record in the public Domain Name System (DNS) zone for each primary e-mail or SMTP proxy domain you want to federate. For example, if your primary SMTP domain is contoso.com, you would create a TXT record for contoso.com.

You can use DNS Manager or the DNSCmd command to create a TXT record for federation. For detailed instructions, see Create a TXT Record for Federation.

Step 3: Configure the domains for federated delegation

You also need to add the primary SMTP domain as a federated domain for your Exchange organization.

Note:
To participate in federated delegation, users who aren't using contoso.com as their e-mail address domain need to have contoso.com added as a proxy address domain to their account or have their e-mail address domain added as an additional federated domain.

This command uses the Shell to add the domain used in the contoso.com example.

Copy Code
 
Add-FederatedDomain -DomainName contoso.com

You can use the EMC or the Shell to configure domains for federated delegation. For detailed instructions, see Manage Federation.

Step 4: Create an Autodiscover DNS record

You need to add an alias canonical name (CNAME) resource record to your public-facing DNS. The new CNAME record should point to an Internet-facing Client Access server that's running the Autodiscover service.

In the previous Contoso example, the new CNAME record would specify autodiscover.contoso.com as the host name. For organizations using Microsoft DNS, you can add a CNAME record by using either DNS Manager or the DNSCmd command. For detailed instructions, see Add an Alias (CNAME) Resource Record to a Zone.

Step 5: Create an organization relationship

You can use the EMC or the Shell to create an organization relationship. For detailed instructions, see Create an Organization Relationship.