Exchange Server 中的通讯簿策略Address book policies in Exchange Server

使用通讯簿策略 (ABP),管理员可以将用户分入特定组,从而提供组织全局地址列表 (GAL) 的自定义视图。Address book policies (ABPs) lets administrators segment users into specific groups to provide customized views of the organization's global address list (GAL). ABP 的目标是为需要多个 Gal 的本地组织提供更简单的 GAL 分段(也称为gal 隔离)机制。The goal of an ABP is to provide a simpler mechanism for GAL segmentation (also known as GAL segregation) in on-premises organizations that require multiple GALs.

ABP 包含以下这些元素:An ABP contains these elements:

  • 一个 GAL。One GAL. 有关 Gal 的详细信息,请参阅全局地址列表For more information about GALs, see Global address lists.

  • 一个脱机通讯簿 (OAB)。One offline address book (OAB). 有关 Oab 的详细信息,请参阅Exchange Server 中的脱机通讯簿For more information about OABs, see Offline address books in Exchange Server.

  • 一个会议室列表。One room list. 请注意,此聊天室列表是用于指定聊天室(包含筛选器RecipientDisplayType -eq 'ConferenceRoomMailbox')的自定义地址列表。Note that this room list is a custom address list that specifies rooms (contains the filter RecipientDisplayType -eq 'ConferenceRoomMailbox'). 它不是使用_RoomList_开关在new-distributiongroupnew-distributiongroup cmdlet 上创建的会议室查找器。It's not a room finder that you create with the RoomList switch on the New-DistributionGroup or Set-DistributionGroup cmdlet. 有关详细信息,请参阅创建和管理会议室邮箱For more information, see Create and manage room mailboxes.

  • 一个或多个地址列表。One or more address lists. 有关地址列表的详细信息,请参阅自定义地址列表For more information about address lists, see Custom address lists.

有关涉及 Abp 的过程,请参阅Exchange Server 中的通讯簿策略的过程For procedures involving ABPs, see Procedures for address book policies in Exchange Server.

注意Notes:

ABP 的工作原理How ABPs work

下面的关系图展示了 ABP 的工作原理。用户分配有通讯簿策略 A,其中包含组织内可用的一部分地址列表。创建 ABP 并将它分配给用户后,ABP 限定了用户能够查看的地址列表范围。The following diagram shows how ABPs work. The user is assigned Address Book Policy A that contains a subset of address lists that are available in the organization. When the ABP is created and assigned to the user, the ABP becomes the scope of the address lists that the user is able to view.

通讯簿策略概述

当用户连接到邮箱服务器上的客户端访问(前端)服务时,ABP 生效。如果更改 ABP,更新后的 ABP 在用户重启或重新连接客户端应用时生效,或在重启邮箱服务器(具体来说是后端服务中的 Microsoft Exchange RPC 客户端访问服务)时生效。APBs take effect when a user connects to the Client Access (frontend) services on a Mailbox server. If you change an ABP, the updated APB takes effect when a user restarts or reconnects their client app, or you restart the Mailbox server (specifically, the Microsoft Exchange RPC Client Access service in the backend services).

通讯簿策略路由代理Address Book Policy Routing agent

在不使用 ABP 的 Exchange 组织中,如果用户在 Outlook 或 Web 上的 Outlook中创建电子邮件,并将邮件发送给组织中的另一个收件人,将发生下列情况:In an Exchange organization that doesn't use ABPs, the following things occur when a user creates an email message in Outlook or Outlook on the web and sends the message to another recipient in the organization:

  1. The email address resolves to the user's display name. For example, if you type sardor@contoso.com in the To field, the SMTP email address resolves to Sarah Dorsey.The email address resolves to the user's display name. For example, if you type sardor@contoso.com in the To field, the SMTP email address resolves to Sarah Dorsey.

  2. 在名称解析后,可以双击用户名,从而查看收件人的联系人卡片。联系人卡片显示收件人的联系信息,如办公室和电话号码。After the name resolves, you can view the recipient's contact card by double-clicking on the user's name. The contact card shows the recipient's contact information, such as office and phone number.

若要使用 ABP,且不希望 ABP 中的用户查看彼此的潜在私人信息,可以启用通讯簿策略路由代理。ABP 路由代理是控制如何在组织中解析收件人的传输代理。在安装并配置 ABP 路由代理后,由不同 ABP 分配到各个 GAL 的用户无法查看各自的联系人卡片(对各自显示为外部收件人)。If you're using ABPs, and you don't want the users in the ABPs to view each other's potentially private information, you can turn on the Address Book Policy Routing agent. The ABP Routing agent is a Transport agent that controls how recipients are resolved in your organization. When the ABP Routing agent is installed and configured, users that are assigned to different GALs by different ABPs can't view each other's contact cards (they appear as external recipients to each other).

有关如何打开 ABP 路由代理的详细信息,请参阅使用 Exchange 命令行管理程序安装和配置通讯簿策略路由代理For details about how to turn on the ABP Routing agent, see Use the Exchange Management Shell to install and configure the Address Book Policy Routing Agent.

ABP 示例ABP example

在下面的关系图中,Fabrikam 和 Tailspin Toys 共用同一个 Exchange 组织和同一个 CEO。CEO 是这两家公司唯一共用的员工。In the following diagram, Fabrikam and Tailspin Toys share the same Exchange organization and the same CEO. The CEO is the only employee common to both companies.

两个公司一个 CEO

建议的配置包括三个 ABP:The suggested configuration includes three ABPs:

  • 一个 ABP 分配给 Fabrikam 员工。One ABP is assigned to Fabrikam employees. ABP 中的 GAL 和地址列表包括 Fabrikam 员工和 CEO。The GAL and address lists in the ABP include Fabrikam employees and the CEO.

  • 一个 ABP 被分配给 Tailspin 玩具员工。One ABP is assigned to Tailspin Toys employees. ABP 中的 GAL 和地址列表包括 Tailspin 玩具员工和 CEO。The GAL and address lists in the ABP include Tailspin Toys employees and the CEO.

  • 还有一个 ABP 只分配给 CEO。One ABP is assigned to only the CEO. ABP 中的(默认) GAL 和地址列表包括所有员工(Fabrikam、Tailspin 玩具和 CEO)。The (default) GAL and address lists in the ABP include all employees (Fabrikam, Tailspin Toys, and the CEO).

根据此配置,ABP 有助于强制执行下面这些要求:Based on this configuration, the ABPs help to enforce these requirements:

  • Tailspin Toys 中的用户在浏览 GAL 时只能看到 Tailspin Toys 员工和 CEO。The users in Tailspin Toys can only see Tailspin Toys employees and the CEO when they browse the GAL.

  • Fabrikam 中的用户在浏览 GAL 时只能看到 Fabrikam 员工和 CEO。The users in Fabrikam can only see Fabrikam employees and the CEO when they browse the GAL.

  • 浏览 GAL 时,CEO 可以查看所有 Fabrikam 和 Tailspin Toys 员工。The CEO can see all Fabrikam and Tailspin Toys employees when she browses the GAL.

  • 查看 CEO 的组成员资格的用户只能看到属于其公司的组,看不到属于另一家公司的组。Users who view the CEO's group membership can see only groups that belong to their company. They can't see groups that belong to the other company.

用于 Entourage 和 Outlook for Mac 用户的 AbpABPs for Entourage and Outlook for Mac users

Abp 不能用于从企业网络中连接到其邮箱的 Entourage 和 Outlook for Mac 用户,因为 Entourage 和 Outlook for Mac 直接连接到全局编录服务器以查询 Active Directory (绕过 Abp)。ABPs won't function for Entourage and Outlook for Mac users who connect to their mailboxes from inside the corporate network, because Entourage and Outlook for Mac connect directly to a global catalog server to query Active Directory (which bypasses the ABPs). 但是,从公司网络外部连接到其邮箱的 Entourage 和 Outlook for Mac 客户端可以使用 OAB 或 Exchange Web 服务(EWS),这将允许用户基于分配的 ABP 搜索 GAL。However, Entourage and Outlook for Mac clients that connect to their mailboxes from outside the corporate networks can use an OAB or Exchange Web Services (EWS), which allows them to search the GAL based on the assigned ABP. 若要了解有关管理 Outlook for Mac 2011 的详细信息,请参阅规划 For outlook For mac 2011To learn more about administering Outlook for Mac 2011, see Planning for Outlook for Mac 2011.