方案:在 Exchange Server 中部署通讯簿策略Scenario: Deploying address book policies in Exchange Server

本主题中的方案介绍了以下三种最常见的组织类型中的通讯簿策略(Abp)的部署解决方案,其中多个实体(公司、政府机构、学校教室等)共享一个公用 Exchange 环境。The scenarios in this topic describe the deployment solutions for address book policies (ABPs) in three of the most common organization types where multiple entities (companies, government agencies, school classrooms, etc.) share a common Exchange environment. 在所有情况下,收件人筛选器会将收件人划分为单独的虚拟组织,后者随后将定义应用于这些虚拟组织中的用户的 Abp。In all scenarios, a recipient filter divides recipients into separate virtual organizations, which then defines the ABPs that are applied to users in those virtual organizations. 有关收件人筛选器和虚拟组织的详细信息,请参阅本主题后面的 "通讯簿策略的注意事项和最佳做法" 一节。For more information recipient filters and virtual organizations, see the Considerations and best practices for address book policies section later in this topic.

有关 Abp 的详细信息,请参阅Exchange Server 中的通讯簿策略For more information about ABPs, see Address book policies in Exchange Server. 有关 ABP 过程,请参阅Exchange Server 中的通讯簿策略的过程For ABP procedures, see Procedures for address book policies in Exchange Server.

方案1:一个 Exchange 组织中有两个单独的公司Scenario 1: Two separate companies in one Exchange organization

此方案适用于共享同一 Exchange 环境但没有共同员工或管理的公司或部门。This scenario applies to companies or divisions that share the same Exchange environment, but have no common employees or management. 此外,这些部门没有特殊的安全或隐私问题。In addition, the divisions have no special security or privacy concerns.

在这种情况下,Contoso 和 Humongous insurance 保险业是共享同一 Exchange 环境的两家独立公司。In this scenario, Contoso and Humongous Insurance are two separate companies that share the same Exchange environment. 每个公司的 ABP 允许一家公司中的员工在 Outlook 和 web 上的 Outlook (以前称为 Outlook Web App)中的全局地址列表(GAL)中仅查看同一公司的成员。An ABP for each company lets employees in one company see only members of the same company in the global address list (GAL) in Outlook and Outlook on the web (formerly known as Outlook Web App). 所有通讯组都属于一个公司或另一个公司,并且没有通讯组包含两个公司的成员。All distribution groups belong to one company or the other, and no distribution group contains members from both companies.

两家公司和一个 Exchange 组织

下表描述了可以 Abp 中所需的 GAL、脱机通讯簿(OAB)、会议室列表和地址列表:The GAL, offline address book (OAB), room list, and address lists that are required inn the ABPs for this scenario are described in the this table:

ABP 元素ABP element ContosoContoso Humongous insurance 保险业Humongous Insurance
全局地址列表Global address list GAL_CONGAL_CON GAL_HIGAL_HI
脱机通讯簿Offline address book OAB_CONOAB_CON OAB_HIOAB_HI
会议室列表Room list AL_CON_RoomsAL_CON_Rooms AL_HI_RoomsAL_HI_Rooms
地址列表Address Lists AL_CON_GroupsAL_CON_Groups
AL_CON_UsersAL_CON_Users
AL_CON_ContactsAL_CON_Contacts
AL_HI_GroupsAL_HI_Groups
AL_HI_UsersAL_HI_Users
AL_HI_ContactsAL_HI_Contacts

方案2:在一个 Exchange 组织中共享 CEO 的两家公司Scenario 2: Two companies sharing a CEO in one Exchange organization

此方案适用于共享 Exchange 环境的公司或部门,并且在上层管理中仅有共同的员工。This scenario applies to companies or divisions that share Exchange environment, and the only employees in common are in upper management.

在此方案中,Fabrikam 和 Tailspin 玩具是同一 Exchange 环境中的独立公司,这些公司共享同一 CEO,这两家公司是唯一一个共同的人。In this scenario, Fabrikam and Tailspin Toys are separate companies in the same Exchange environment that share the same CEO, who is the only person in common between the two companies. 此方案使用具有以下要求的三个 Abp:This scenario uses three ABPs that have the following requirements:

  • 一家公司中的员工在浏览 GAL 时只能看到其公司中的收件人,并且两家公司的员工可以在 GAL 和通讯组中看到 CEO。Employees in one company can only see recipients in their company when they browse the GAL, and employees in both companies can see the CEO in the GAL and in distribution groups.

  • CEO 可以查看两家公司中的所有收件人,并能够创建跨两个公司的通讯组,并且这些组在每个公司的 GAL 中都是可见的。The CEO can see all recipients in both companies, is able to create distribution groups that span both companies, and the groups are visible in each company's GAL. 但是,组成员只能查看其各自公司的其他成员(其他公司的组成员处于隐藏状态)。However, group members only see other members from their respective company (group members from the other company are hidden).

  • 查看 CEO 的组成员身份的员工将只能查看其公司中的组。Employees who look at the CEO's group membership will only see groups in their company. 他们不会看到其他公司中的组。They won't see groups in the other company.

  • 每个公司都有一个名为 "高级领导" 的通讯组,其中包括对该公司和 CEO 的管理。Each company has a distribution group named Senior Leadership that includes the management of that company and the CEO.

  • 三个 Abp 的名称分别为: ABP_FAB、ABP_TAIL 和 ABP_CEO。The names of the three ABPs are: ABP_FAB, ABP_TAIL, and ABP_CEO.

两个公司一个 CEO

此表中描述了此方案的 Abp 中所需的 GAL、OAB、会议室列表和地址列表:The GAL, OAB, room list, and address lists that are required in the ABPs for this scenario are described in the this table:

ABP 元素ABP element FabrikamFabrikam Tailspin ToysTailspin Toys CEOCEO
名称Name ABP_FABABP_FAB AB_TAILAB_TAIL ABP_CEOABP_CEO
全局地址列表Global address list GAL_FABGAL_FAB GAL_TAILGAL_TAIL 默认全局通讯簿Default Global Address Book
脱机通讯簿Offline address book OAB_FABOAB_FAB OAB_TAILOAB_TAIL 默认脱机通讯簿Default Offline Address Book
会议室地址列表Room address list AL_FAB_RoomsAL_FAB_Rooms AL_TAIL_RoomsAL_TAIL_Rooms 所有会议室All Rooms
地址列表Address lists AL_FAB_Users_DGsAL_FAB_Users_DGs
AL_FAB_ContactsAL_FAB_Contacts
AL_TAIL_Users_DGsAL_TAIL_Users_DGs
AL_TAIL_ContactsAL_TAIL_Contacts
AL_FAB_Users_DGsAL_FAB_Users_DGs
AL_FAB_ContactsAL_FAB_Contacts
AL_TAIL_Users_DGsAL_TAIL_Users_DGs
AL_TAIL_ContactsAL_TAIL_Contacts

有关在此方案中创建所需元素的完整演练,请参阅本主题末尾的 "方案2:两家公司在一个 Exchange 组织中共享 CEO" 一节中的详细部署步骤For a complete walkthrough of creating the required elements for this scenario, see the Detailed deployment steps for Scenario 2: Two companies sharing a CEO in one Exchange organization section at the end of this topic.

方案 3:教育Scenario 3: Education

此方案适用于需要在其中划分课堂会议室以确保学生隐私的学校或大学,并且具有以下要求:This scenario is applicable to schools or universities where a division of class rooms is necessary to ensure the privacy of the students, and has the following requirements:

  • 每个班级的学生只能查看其班级中的其他学生、自己的教师以及校长。Students in each class can only see other students in their class, their teacher, and the principal.

  • 教师只能在自己的班级中查看学生。Teachers can only see students in their own classes.

  • 教师可以查看主体和所有其他教师。Teachers can see the principal and all other teachers.

  • 为与每个类关联的父和教职员创建通讯组。Distribution groups are created for the parents and faculty that are associated with each class.

通讯簿策略教育方案

此表中描述了此方案的 Abp 中所需的 GAL、OAB、会议室列表和地址列表:The GAL, OAB, room list, and address lists that are required in the ABPs for this scenario are described in the this table:

ABP 元素ABP element Students_ClassAStudents_ClassA Teachers_ClassATeachers_ClassA PrincipalPrincipal
全局地址列表Global address list GAL_StudentsClassAGAL_StudentsClassA GAL_TeachersClassAGAL_TeachersClassA GAL_EveryoneGAL_Everyone
脱机通讯簿Offline address book OAB_StudentsClassAOAB_StudentsClassA OAB_TeachersClassAOAB_TeachersClassA 默认脱机通讯簿Default Offline Address Book
会议室地址列表Room address list AL_BlankRoomAL_BlankRoom AL_BlankRoomAL_BlankRoom 所有会议室All Rooms
地址列表Address Lists AL_ClassAAL_PrincipalAL_ClassAAL_Principal AL_ClassAAL_AllTeachersAL_AllGroupsAL_PrincipalAL_ClassAAL_AllTeachersAL_AllGroupsAL_Principal AL_ClassAAL_ClassA
AL_ClassBAL_ClassB
AL_AllTeachersAL_AllTeachers
AL_AllStudentsAL_AllStudents
AL_AllGroupsAL_AllGroups

通讯簿策略的注意事项和最佳实践Considerations and best practices for address book policies

以下是在组织中使用 Abp 时需要考虑的重要问题:These are the important issues to consider when you use ABPs in your organization:

  • 不能同时使用分层通讯簿 (HAB) 和 ABP。You can't use hierarchical address books (HABs) and ABPs simultaneously. 若要了解详细信息,请参阅Understanding Hierarchical Address BooksTo learn more, see Understanding Hierarchical Address Books.

  • 分配了 ABP 的用户需要存在于为 ABP 指定的 GAL 中。A user that's assigned an ABP needs to exist in the GAL that's specified for the ABP.

  • 如果您在组织中创建 Abp,但不向某些用户分配 ABP,则这些收件人可以看到_所有_地址列表。If you create ABPs in your organization and don't assign an ABP to some users, those recipients can see all address lists.

  • 若要将收件人划分为虚拟组织,建议使用CustomAttribute1对收件人的CustomAttribute15属性。To divide recipients into virtual organizations, we recommend using the CustomAttribute1 to CustomAttribute15 attributes on recipients. 这些属性的工作方式要比其他预先固定的条件属性(如Company部门StateOrProvince )更好,因为:These attributes work better than the other pre-canned conditional attributes such as Company, Department, or StateOrProvince because:

    • 并非所有收件人类型都支持公司部门StateOrProvince属性(例如,通讯组、动态通讯组和已启用邮件的公用文件夹)。Not all recipient types support the Company, Department or StateOrProvince attributes (for example, distribution groups, dynamic distribution groups, and mail-enabled public folders).

    • CustomAttribute1 to CustomAttribute15属性不能由用户自己的邮箱配置,并且完全受管理员控制。The CustomAttribute1 to CustomAttribute15 attributes aren't configurable by users on their own mailboxes, and are entirely under the control of administrators.

    • 甚至支持公司部门StateOrProvince属性的收件人类型需要不同的 cmdlet 来配置它们。Even recipient types that support the Company, Department or StateOrProvince attributes require different cmdlets to configure them.

      例如,若要为邮箱、邮件用户或邮件联系人的公司部门StateOrProvince配置值,则不能使用设置邮箱MailUserenable-mailcontact cmdlet。For example, to configure values for Company, Department or StateOrProvince on mailboxes, mail users, or mail contacts, you can't use the Set-Mailbox, Set-MailUser, or Set-MailContact cmdlets. 相反,您需要使用 "设置用户" 和 "设置联系人" cmdlet。Instead, you need to use the Set-User and Set-Contact cmdlets. 相比之下, CustomAttribute1 to _CustomAttribute15_参数在所有收件人类型的** * **相应的 Set cmdlet 中可用。In contrast, the CustomAttribute1 to CustomAttribute15 parameters are available on the corresponding Set-* cmdlets for all recipient types.

      有关收件人筛选的详细信息,请参阅边缘传输服务器上的收件人筛选For more information about recipient filtering, see Recipient filtering on Edge Transport servers.

  • 通过 LDAP 直接访问 Active Directory 的客户端应用程序将绕过内置在 Abp 中的逻辑。Client applications that access Active Directory directly through LDAP will bypass the logic that's built into ABPs.

  • 在 ABP 中指定的 GAL 必须至少包含在 ABP 中指定的所有地址列表(包括房间地址列表)(如果 ABP 包含其他地址列表,则为 "确定")。At a minimum, the GAL that's specified in an ABP must contain all address lists (including the room address list) that are specified in the ABP (it's OK if the ABP contains additional address lists). 不要创建包含的收件人少于同一 ABP 中的地址列表的 GAL。Don't create a GAL that contains fewer recipients than the address lists in the same ABP.

  • 我们建议您不要创建跨虚拟组织边界的通讯组。We recommend against creating distribution groups that cross virtual organization boundaries. 包含多个虚拟组织的成员的组将导致以下问题:Groups that contain members of multiple virtual organizations lead to these issues:

    • 如果组成员向通讯组发送邮件时,将会看到所有组成员的电子邮件地址(如果它们请求送达回执或已读回执)。A group member will see the email addresses of all group members if they request a delivery receipt or a read receipt when they send a message to the distribution group.

    • 当某些组成员没有有效的数字 Id 时,发送到通讯组的加密邮件可能会导致问题。Encrypted messages that are sent to the distribution group can cause issues when some group members don't have valid digital IDs. 例如,假设通讯组包含来自代理人 A 的三个成员和代理 B 中的两个成员。此外,代理 A 中的一个成员和代理 B 中的两个成员都有无效的数字 Id。For example, suppose a distribution group contains three members from Agency A, and two members from Agency B. Furthermore, one of the members from Agency A and two of the members in Agency B have invalid digital IDs. 如果来自代理 A 的成员将加密邮件发送到通讯组,则会收到一条警告,指出有三个收件人没有有效的数字标识。If a member from Agency A sends an encrypted messages to the distribution group, they'll receive a warning that there are three recipients without valid digital IDs. 但是,只有 "代理 A" 中的成员的电子邮件地址才会显示在警告消息中。However, only the email address for the member in Agency A will appear in the warning message.

    • Abp 不适用于使用 "获取组" cmdlet 的所有用户或进程,因此这些用户将看到他们有权访问的任何组的所有成员。ABPs don't apply to all users or processes that use the Get-Group cmdlet, so these users will see all members of any group that they have access to.

      由于此问题,我们建议您阻止用户在 Outlook 或 web 上的 Outlook 中管理自己的组。Because if this issue, we recommend that you prevent users from managing their own groups in Outlook or Outlook on the web. 若要执行此操作,请从用户中删除 MyDistributionGroupMembership RBAC 角色分配。To do this, remove the MyDistributionGroupMembership RBAC role assignment from the users. 有关详细信息,请参阅管理角色分配策略For more information, see Manage role assignment policies.

      如果允许用户使用 Outlook 或 web 上的 Outlook 来管理组,则对组所有者的完全组成员资格列表的可见性必须为 "确定"。If you allow users to use Outlook or Outlook on the web to manage groups, visibility to the full group membership list must be OK for the group owners.

  • 所有 ABP 都必须包含一个房间地址列表。All ABPs must contain a room address list. 但是,如果您的组织不使用房间地址列表,则可以创建空房间地址列表。However, if your organization doesn't use room address lists, you can create an empty room address list.

    注意: ABP 所需的会议室列表是一个用于指定聊天室(包含筛选器)的地址列表 RecipientDisplayType -eq 'ConferenceRoomMailbox'Note: The room list that's required for an ABP is an address list that specifies rooms (contains the filter RecipientDisplayType -eq 'ConferenceRoomMailbox'). 它不是使用_RoomList_开关在新的-new-distributiongroupnew-distributiongroup cmdlet 上创建的会议室查找器通讯组。It's not a room finder distribution group that you create with the RoomList switch on the New-DistributionGroup or Set-DistributionGroup cmdlets. 有关详细信息,请参阅创建和管理会议室邮箱For more information, see Create and manage room mailboxes.

  • 部署 ABP 不会阻止一个虚拟组织中的用户向另一个虚拟组织中的用户发送电子邮件。Deploying ABPs doesn't prevent users in one virtual organization from sending email to users in another virtual organization. 如果要阻止用户在虚拟组织之间发送电子邮件,我们建议您创建邮件流规则(也称为传输规则),以查找在收件人之间发送的邮件。If you want to prevent users from sending email across virtual organizations, we recommend that you create a mail flow rule (also known as a transport rule) that looks for messages sent between the recipients. 例如,为了防止 Contoso 用户接收来自 Fabrikam 用户的邮件,反之亦然,但仍允许 Fabrikam 的高级领导团队向 Contoso 用户发送邮件,您可以在 Exchange 命令行管理程序中创建以下邮件流规则:For example, to prevent Contoso users from receiving messages from Fabrikam users and vice-versa, but still allow Fabrikam's senior leadership team to send messages to Contoso users, you can create the following mail flow rule in the Exchange Management Shell:

    New-TransportRule -Name "Ethical Wall: Contoso-Fabrikam" -BetweenMemberOf1 "AllFabrikamEmployees" -BetweenMemberOf2 "AllContosoEmployees" -DeleteMessage -ExceptIfFrom seniorleadership@fabrikam.com
    

    有关邮件流规则的详细信息,请参阅Exchange Server 中的邮件流规则For more information about mail flow rules, see Mail flow rules in Exchange Server.

  • 若要在 Skype for Business 或 Lync 客户端中配置类似于通讯簿策略的功能,您可以为特定用户设置msRTCSIP-msrtcsip-groupingid属性。To configure a feature that's similar to address book policies in the Skype for Business or Lync client, you can set the msRTCSIP-GroupingID attribute for specific users. 有关详细信息,请参阅Partitionbyou 被替换为 msRTCSIP-msrtcsip-groupingidFor details, see PartitionByOU Replaced with msRTCSIP-GroupingID.

方案2的详细部署步骤2:在一个 Exchange 组织中共享 CEO 的两家公司Detailed deployment steps for Scenario 2: Two companies sharing a CEO in one Exchange organization

本部分将引导您完成方案2的部署步骤:在一个 Exchange 组织中共享 CEO 的两家公司This section walks you through the deployment steps for Scenario 2: Two companies sharing a CEO in one Exchange organization. 如果您想起,Fabrikam 和 Tailspin 玩具是共享同一 CEO 的独立公司。If you recall, Fabrikam and Tailspin Toys are separate companies that share the same CEO.

若要了解如何在本地 Exchange 组织中打开 Exchange 命令行管理程序,请参阅 Open the Exchange Management ShellTo learn how to open the Exchange Management Shell in your on-premises Exchange organization, see Open the Exchange Management Shell.

步骤1:安装并配置通讯簿策略路由代理Step 1: Install and configure the Address Book Policy Routing Agent

ABP 路由代理使分配了不同的 Gal 的用户显示为外部收件人。The ABP Routing Agent makes users that are assigned different GALs appear as external recipients to each other. 有关详细说明,请参阅使用 Exchange 命令行管理程序安装和配置通讯簿策略路由代理For detailed instructions, see Use the Exchange Management Shell to install and configure the Address Book Policy Routing Agent.

步骤2:定义您的虚拟组织Step 2: Define your virtual organizations

在这种情况下, CustomAttribute15属性定义了虚拟组织: FAB Fabrikam 收件人的值、Tailspin 玩具收件人的值以及 CEO 的值 TAIL CEO ,这是必需的,因此 Fabrikam 和 Tailspin 用户可以看到 ceo。In this scenario, the CustomAttribute15 attribute defines the virtual organizations: the value FAB for Fabrikam recipients, the value TAIL for Tailspin Toys recipients, and the value CEO for the CEO, which is required so Fabrikam and Tailspin users can see the CEO. 如果您不在 Fabrikam 和 Tailspin 玩具虚拟组织中包括 CEO,CEO 可以看到所有人,但没有人可以看到 CEO。If you don't include the CEO in the Fabrikam and Tailspin Toys virtual organizations, the CEO can see everyone, but no one can see the CEO. 有关收件人筛选的详细信息,请参阅边缘传输服务器上的收件人筛选For more information about recipient filtering, see Recipient filtering on Edge Transport servers.

若要设置 Fabrikam 和 Tailspin 玩具邮箱、通讯组、动态通讯组、邮件联系人和邮件用户的CustomAttribute15属性值,请使用以下语法:To set the CustomAttribute15 attribute value for the Fabrikam and Tailspin Toys mailboxes, distribution groups, dynamic distribution groups, mail contacts, and mail users, use the following syntax:

$<VariableName> = Get-<RecipientType> -ResultSize Unlimited | where PrimarySMTPAddress -match <fabrikam.com | tailspintoys.com>
$<VariableName> | foreach {Set-<RecipientType> -Identity ($_.GUID).ToString() -CustomAttribute15 <FAB | TAIL>

注意Notes:

  • 如果两个组织中有类似的用户名(例如,julia@fabrikam.com 和 julia@contoso.com),则对_Identity_参数使用收件人的 GUID 值有助于避免发生冲突。Using the recipient's GUID value for the Identity parameter can help avoid collisions if there are similar usernames in both organizations (for example, julia@fabrikam.com and julia@contoso.com).

  • Cmdlet 名称的有效值为 <RecipientType> "邮箱"、"new-distributiongroup"、"get-dynamicdistributiongroup"、"enable-mailcontact" 和 "MailUser"。The valid <RecipientType> values for the cmdlet names are Mailbox, DistributionGroup, DynamicDistributionGroup, MailContact, and MailUser. 您需要分别为每个收件人类型配置CustomAttribute15属性值。You need to configure the CustomAttribute15 attribute value for each recipient type separately.

此示例 FAB 在所有 Fabrikam 邮箱上设置CustomAttribute15属性的值。This example sets the value FAB for the CustomAttribute15 attribute on all Fabrikam mailboxes.

$FAB_MBX = Get-Mailbox -ResultSize Unlimited | where PrimarySMTPAddress -match fabrikam.com
$FAB_MBX | foreach {Set-Mailbox -Identity ($_.GUID).ToString() -CustomAttribute15 FAB}

步骤3:为通讯簿策略创建必需的元素Step 3: Create the required elements for the address book policies

创建地址列表Create address lists

此组织需要四个自定义地址列表:This organization requires four custom address lists:

  • AL_FAB_Users_DGsAL_FAB_Users_DGs

  • AL_FAB_ContactsAL_FAB_Contacts

  • AL_TAIL_Users_DGsAL_TAIL_Users_DGs

  • AL_TAIL_ContactsAL_TAIL_Contacts

本示例将创建名为 AL_FAB_Users_DGs 的地址列表,其中包含所有 Fabrikam 用户、通讯组、动态通讯组_和_CEO。This example creates the address list named AL_FAB_Users_DGs that contains all Fabrikam users, distribution groups, and dynamic distribution groups and the CEO.

New-AddressList -Name "AL_FAB_Users_DGs" -RecipientFilter "((RecipientType -eq 'UserMailbox') -or (RecipientType -eq 'MailUniversalDistributionGroup') -or (RecipientType -eq 'DynamicDistributionGroup')) -and (CustomAttribute15 -eq 'FAB') -or (CustomAttribute15 -eq 'CEO')"

本示例将创建名为 AL_FAB_Contacts 的地址列表,该列表中包含所有 Fabrikam 邮件联系人。This example creates the address list named AL_FAB_Contacts that contains all Fabrikam mail contacts.

New-AddressList -Name "AL_FAB_Contacts" -RecipientFilter "(RecipientType -eq 'MailContact') -and (CustomAttribute15 -eq 'FAB')"

本示例将创建名为 AL_TAIL_Users_DGs 的地址列表,其中包含所有 Tailspin 玩具用户、通讯组、动态通讯组_和_CEO。This example creates the address list named AL_TAIL_Users_DGs that contains all Tailspin Toys users, distribution groups, and dynamic distribution groups and the CEO.

New-AddressList -Name "AL_TAIL_Users_DGs" -RecipientFilter "((RecipientType -eq 'UserMailbox') -or (RecipientType -eq 'MailUniversalDistributionGroup') -or (RecipientType -eq 'DynamicDistributionGroup')) -and (CustomAttribute15 -eq 'TAIL') -or (CustomAttribute15 -eq 'CEO')"

本示例创建名为 AL_TAIL_Contacts 的地址列表,其中包含所有 Tailspin 玩具邮件联系人。This example creates the address list named AL_TAIL_Contacts that contains all Tailspin Toys mail contacts.

New-AddressList -Name "AL_TAIL_Contacts" -RecipientFilter "(RecipientType -eq 'MailContact') -and (CustomAttribute15 -eq 'TAIL')"

有关详细信息,请参阅创建地址列表For more information, see Create address lists.

创建会议室列表Create room lists

此组织需要两个自定义会议室列表:This organization requires two custom room lists:

  • AL_FAB_RoomsAL_FAB_Rooms

  • AL_TAIL_RoomsAL_TAIL_Rooms

本示例将为 Fabrikam 会议室邮箱创建名为 AL_FAB_Rooms 的会议室列表。This example creates the room list named AL_FAB_Rooms for Fabrikam room mailboxes.

New-AddressList -Name AL_FAB_Rooms -RecipientFilter "(Alias -ne $null) -and (CustomAttribute15 -eq 'FAB') -and (RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')"

本示例将为 Tailspin 玩具会议室邮箱创建一个名为 AL_TAIL_Rooms 的会议室列表。This example creates a room list named AL_TAIL_Rooms for Tailspin Toys room mailboxes.

New-AddressList -Name AL_TAIL_Rooms -RecipientFilter "(Alias -ne $null) -and (CustomAttribute15 -eq 'TAIL') -and (RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')"

注意:如果组织不具有任何会议室邮箱,则本示例将创建名为 AL_BlankRoom 的空白会议室列表(ABP 需要会议室列表,即使它是空的):Note: This example creates a blank room list named AL_BlankRoom if the organization doesn't have any room mailboxes (an ABP requires a room list, even if it's empty):

New-AddressList -Name AL_BlankRoom -RecipientFilter "(Alias -ne $null) -and ((RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox'))"

有关创建地址列表的详细信息,请参阅创建地址列表For more information about creating address lists, see Create address lists.

创建 GalCreate GALs

此组织需要两个自定义 Gal:This organization requires two custom GALs:

  • GAL_FABGAL_FAB

  • GAL_TAILGAL_TAIL

本示例将为包含所有 Fabrikam 收件人的 Fabrikam 创建名为 GAL_FAB 的 GAL,_并_允许 Fabrikam 用户查看 CEO。This example creates the GAL named GAL_FAB for Fabrikam that includes all Fabrikam recipients and allows the Fabrikam users to see the CEO.

New-GlobalAddressList -Name "GAL_FAB" -RecipientFilter "(CustomAttribute15 -eq 'FAB') -or (CustomAttribute15 -eq 'CEO')"

本示例为包含所有 Tailspin 玩具收件人的 Tailspin 玩具创建名为 GAL_TAIL 的 GAL,_并_允许 Tailspin 玩具用户查看 CEO。This example creates the GAL named GAL_TAIL for Tailspin Toys that includes all Tailspin Toys recipients and allows the Tailspin Toys users to see the CEO.

New-GlobalAddressList -Name "GAL_TAIL" -RecipientFilter "(CustomAttribute15 -eq 'TAIL') -or (CustomAttribute15 -eq 'CEO')"

注意:请勿在包含来自 ABP 中地址列表缺少的收件人的 ABP 中使用 GAL。Note: Don't use a GAL in an ABP that contains recipients that are missing from address lists in the ABP. 所有地址列表的组合必须与 GAL 中的收件人相匹配。The combination of all address lists must match the recipients in the GAL.

有关详细信息,请参阅使用 Exchange 命令行管理程序创建全局地址列表For more information, see Use the Exchange Management Shell to create global address lists.

创建 OabCreate OABs

此组织需要两个自定义 Gal:This organization requires two custom GALs:

  • OAB_FABOAB_FAB

  • OAB_TAILOAB_TAIL

本示例将为包括 Fabrikam GAL 的 Fabrikam 创建名为 OAB_FAB 的 OAB。This example creates the OAB named OAB_FAB for Fabrikam that includes the Fabrikam GAL.

New-OfflineAddressBook -Name "OAB_FAB" -AddressLists "GAL_FAB"

本示例为包含 Tailspin 玩具 GAL 的 Tailspin 玩具创建名为 OAB_TAIL 的 OAB。This example creates the OAB named OAB_TAIL for Tailspin Toys that includes the Tailspin Toys GAL.

New-OfflineAddressBook -Name "OAB_TAIL" -AddressLists "GAL_TAIL"

注意: 如果您希望用户看到虚拟组织中的所有收件人,请确保在 OAB 中包含 GAL。Note: If you want users to see all recipients in the virtual organization, make sure that you include the GAL in OAB. 否则,可以通过指定 OAB 中包含的地址列表的简化列表来减小 OAB 的下载大小。Otherwise, you can reduce the download size of the OAB by specifying a reduced list of address lists that are included in the OAB.

有关详细信息,请参阅使用 Exchange 命令行管理程序创建脱机通讯簿For more information, see Use the Exchange Management Shell to create offline address books.

步骤4:创建通讯簿策略Step 4: Create the address book policies

此组织需要三个 Abp:This organization requires three ABPs:

ABP 元素ABP element FabrikamFabrikam Tailspin ToysTailspin Toys CEOCEO
名称Name ABP_FABABP_FAB ABP_TAILABP_TAIL ABP_CEOABP_CEO
全局地址列表Global address list GAL_FABGAL_FAB GAL_TAILGAL_TAIL 默认全局通讯簿Default Global Address Book
脱机通讯簿Offline address book OAB_FABOAB_FAB OAB_TAILOAB_TAIL 默认脱机通讯簿Default Offline Address Book
会议室地址列表Room address list AL_FAB_RoomsAL_FAB_Rooms AL_TAIL_RoomsAL_TAIL_Rooms 所有会议室All Rooms
地址列表Address lists AL_FAB_Users_DGsAL_FAB_Users_DGs
AL_FAB_ContactsAL_FAB_Contacts
AL_TAIL_Users_DGsAL_TAIL_Users_DGs
AL_TAIL_ContactsAL_TAIL_Contacts
AL_FAB_Users_DGsAL_FAB_Users_DGs
AL_FAB_ContactsAL_FAB_Contacts
AL_TAIL_Users_DGsAL_TAIL_Users_DGs
AL_TAIL_ContactsAL_TAIL_Contacts

本示例将创建一个名为 ABP_FAB 的 ABP,其中包含 Fabrikam 的 GAL、OAB、会议室列表和地址列表。This example creates the ABP named ABP_FAB that contains the GAL, OAB, room list and address lists for Fabrikam.

New-AddressBookPolicy -Name "ABP_FAB" -AddressLists "AL_FAB_Users_DGs","AL_FAB_Contacts" -OfflineAddressBook "\OAB_FAB" -GlobalAddressList "\GAL_FAB" -RoomList "\AL_FAB_Rooms"

本示例将创建一个名为 ABP_TAIL 的 ABP,其中包含 Tailspin 玩具的 GAL、OAB、会议室列表和地址列表。This example creates the ABP named ABP_TAIL that contains the GAL, OAB, room list and address lists for Tailspin Toys.

New-AddressBookPolicy -Name "ABP_TAIL" -AddressLists "AL_TAIL_Users_DGs","AL_TAIL_Contacts" -OfflineAddressBook "\OAB_TAIL" -GlobalAddressList "\GAL_TAIL" -RoomList "\AL_TAIL_Rooms"

此示例创建包含 CEO 的 GAL、OAB、聊天室列表和地址列表的名为 ABP_CEO 的 ABP。This example creates the ABP named ABP_CEO that contains the GAL, OAB, room list and address lists for the CEO.

New-AddressBookPolicy -Name "ABP_CEO" -AddressLists "AL_FAB_Users_DGs","AL_FAB_Contacts","AL_TAIL_Users_DGs","AL_TAIL_Contacts" -OfflineAddressBook "\Default Offline Address Book" -GlobalAddressList "\Default Global Address List" -RoomList "\All Rooms"

有关详细信息,请参阅Exchange Server 中的通讯簿策略的过程For more information, see Procedures for address book policies in Exchange Server.

步骤5:将通讯簿策略分配给邮箱Step 5: Assign the address book policies to mailboxes

此示例将名为 ABP_FAB 的 ABP 分配给所有 Fabrikam 邮箱。This example assigns the ABP named ABP_FAB to all Fabrikam mailboxes.

$Fab = Get-Mailbox -ResultSize unlimited -Filter "CustomAttribute15 -eq 'FAB'"; $Fab | foreach {Set-Mailbox -Identity $_.Identity -AddressBookPolicy 'ABP_FAB'}

本示例将名为 ABP_TAIL 的 ABP 分配给所有 Tailspin 玩具邮箱。This example assigns the ABP named ABP_TAIL to all Tailspin Toys mailboxes.

$Tail = Get-Mailbox -ResultSize unlimited -Filter "CustomAttribute15 -eq 'TAIL'"; $Tail | foreach {Set-Mailbox -Identity $_.Identity -AddressBookPolicy 'ABP_TAIL'}

此示例将名为 ABP_CEO 的 ABP 分配给 CEO 命名的 Gabriela Laureano。This example assigns the ABP named ABP_CEO to the CEO named Gabriela Laureano.

Set-Mailbox -Identity "Gabriela Laureano" -AddressBookPolicy "ABP_CEO"

注意:如果用户已连接到 outlook 或 web 上的 outlook,在将 ABP 应用于其邮箱时,他们需要先关闭并重新启动其客户端应用程序,然后他们才能看到新的地址列表和 GAL。Note: If the user is already connected to Outlook or Outlook on the web when the ABP is applied to their mailbox, they'll need to close and restart their client application before they can see the new address lists and GAL.

有关详细信息,请参阅向邮箱分配通讯簿策略For more information, see Assign address book policies to mailboxes.

其他注意事项Other considerations

在创建或修改地址列表或 GAL 之后,需要更新成员身份。After you create or modify an address list or GAL, you need to update the membership.

如果地址列表包含大量收件人(我们的建议大于3000),则应使用 Exchange 命令行管理程序更新地址列表(而不是 Exchange 管理中心)。If the address list contains a large number of recipients (our recommendation is more than 3000), you should use the Exchange Management Shell to update the address list (not the Exchange admin center). 有关详细信息,请参阅更新地址列表For more information, see Update address lists.

若要更新 GAL,您始终需要使用 Exchange 命令行管理程序。To update a GAL, you always need to use the Exchange Management Shell. 有关详细信息,请参阅使用 Exchange 命令行管理程序更新全局地址列表For more information, see Use the Exchange Management Shell to update global address lists.