Export (0) Print
Expand All

Configure server-to-server authentication between SharePoint 2013 and Exchange Server 2013

SharePoint 2013
 

Applies to: SharePoint Server 2013 Standard, SharePoint Server 2013 Enterprise, SharePoint Foundation 2013

Topic Last Modified: 2013-12-18

Summary:Learn how to configure server-to-server authentication between SharePoint 2013 and Exchange Server 2013.

Server-to-server authentication enables you to share resources that live on various servers in a SharePoint farm and access services, such as Exchange Server 2013 and Lync Server 2013, which are distributed among servers. Server-to-server authentication in SharePoint 2013 also supports resource sharing and access with additional services that are compliant with the server-to-server authentication protocol.

The configuration details in this article are about how to configure server-to-server authentication between SharePoint 2013 and Exchange Server 2013.

ImportantImportant:
Web applications that include server-to-server authentication endpoints for incoming server-to-server requests, or that make outgoing server-to-server requests must be configured to use Secure Sockets Layer (SSL). For information about how to create a web application to use SSL, see Create claims-based web applications in SharePoint 2013.
NoteNote:
Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

This configuration has the following steps:

  • Configure the SharePoint 2013 server to trust the Exchange Server 2013 server

  • Configure permissions on the SharePoint 2013 server

  • Configure the Exchange Server 2013 server to trust the SharePoint 2013 server

ImportantImportant:
Complete the procedures in the order in which they are presented in this article.
To configure the SharePoint 2013 server to trust the Exchange Server 2013 server
  1. Verify that you are a member of the Administrators group on the server on which you are running Windows PowerShell cmdlets.

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. Start the SharePoint 2013 Management Shell.

    • For Windows Server 2008 R2:

      • In the SharePoint 2013 environment, on the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

    • For Windows Server 2012:

      • In the SharePoint 2013 environment, on the Start screen, click SharePoint 2013 Management Shell.

        If SharePoint 2013 Management Shell is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. At the Windows PowerShell command prompt, type the following commands:

    New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://<HostName>/autodiscover/metadata/json/1" -Name "<FriendlyName>"
    

    Where:

    • <HostName> is the name or address of the Exchange Server 2013 server.

    • <FriendlyName> is a friendly name for the Exchange Server 2013 server.

To configure permissions on the SharePoint 2013 server
  • At the Windows PowerShell command prompt, type the following commands:

    $exchange=Get-SPTrustedSecurityTokenIssuer
    $app=Get-SPAppPrincipal -Site http://<HostName> -NameIdentifier $exchange.NameId
    $site=Get-SPSite http://<HostName>
    Set-SPAppPrincipalPermission -AppPrincipal $app -Site $site.RootWeb -Scope sitesubscription -Right fullcontrol -EnableAppOnlyPolicy
    

    Where:

    • <HostName> is the name or address of the SharePoint 2013 server.

To configure the Exchange Server 2013 server to trust the SharePoint 2013 server
  1. Start the Exchange Management Shell.

    • For Windows Server 2008 R2:

      • In the Exchange Server 2013 environment, on the Start menu, click All Programs, click Microsoft Exchange Server 2013, and then click Exchange Management Shell.

    • For Windows Server 2012:

      • In the Exchange Server 2013 environment, on the Start screen, click Exchange Management Shell.

        If Exchange Management Shell is not on the Start screen:

      • Right-click Computer, click All apps, and then click Exchange Management Shell.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  2. At the Windows PowerShell command prompt, type the following commands:

    cd c:\'Program Files'\Microsoft\'Exchange Server'\V15\Scripts
    .\Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl https://<HostName>/_layouts/15/metadata/json/1 -ApplicationType SharePoint
    

    Where:

    • <HostName> is the name and port of any SSL-enabled web application of the SharePoint farm.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft