Exchange Server 混合部署Exchange Server hybrid deployments

摘要:规划 Exchange 混合部署需要了解的内容。Summary: What you need to know to plan an Exchange hybrid deployment.

混合部署使组织可以将随其现有内部部署 Microsoft Exchange 组织提供的功能丰富的体验和管理控制扩展到云。混合部署可在内部部署 Exchange 组织与 Microsoft Office 365 中的 Exchange Online 之间提供单个 Exchange 组织的无缝观感。此外,混合部署还可以充当中间步骤,以完全移动到 Exchange Online 组织。A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online in Microsoft Office 365. In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization.

Exchange 混合部署功能Exchange hybrid deployment features

混合部署支持以下功能:A hybrid deployment enables the following features:

  • 内部部署组织与 Exchange Online 组织之间的安全邮件路由。Secure mail routing between on-premises and Exchange Online organizations.

  • 使用共享域命名空间的邮件路由。例如,内部部署与 Exchange Online 组织都使用 @contoso.com SMTP 域。Mail routing with a shared domain namespace. For example, both on-premises and Exchange Online organizations use the @contoso.com SMTP domain.

  • 统一全局地址列表 (GAL),也称为"共享地址簿"。A unified global address list (GAL), also called a "shared address book."

  • 内部部署组织与 Exchange Online 组织之间的忙/闲状态共享和日历共享。Free/busy and calendar sharing between on-premises and Exchange Online organizations.

  • 集中控制入站和出站邮件流。可以将所有入站和出站 Exchange Online 邮件配置为通过内部部署 Exchange 组织路由。Centralized control of inbound and outbound mail flow. You can configure all inbound and outbound Exchange Online messages to be routed through the on-premises Exchange organization.

  • 用于内部部署和 Exchange Online 组织的单个 Web 上的 Outlook URLA single Outlook on the web URL for both the on-premises and Exchange Online organizations.

  • 可以将现有内部部署邮箱移到 Exchange Online 组织。如果需要,还可以将 Exchange Online 邮箱移回内部部署组织。The ability to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed.

  • 使用内部部署 Exchange 管理中心 (EAC) 集中管理邮箱。Centralized mailbox management using the on-premises Exchange admin center (EAC).

  • 内部部署组织和 Exchange Online 组织之间的邮件跟踪、邮件提醒和多邮箱搜索。Message tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations.

  • 内部部署 Exchange 邮箱基于云的邮件存档。Cloud-based message archiving for on-premises Exchange mailboxes. Exchange Online Archiving 可以与混合部署一起使用。Exchange Online Archiving can be used with a hybrid deployment. 了解 exchange online 存档中的存档功能的 Exchange online 存档的详细信息。Learn more about Exchange Online Archiving at Archive Features in Exchange Online Archiving.

Exchange 混合部署的注意事项Exchange hybrid deployment considerations

在实施 Exchange 混合部署之前,请考虑以下事项:Consider the following before you implement an Exchange hybrid deployment:

  • 混合部署要求:在配置混合部署之前,您需要确保您的内部部署组织满足成功部署所需的所有先决条件。Hybrid deployment requirements: Before you configure a hybrid deployment, you need to make sure your on-premises organization meets all of the prerequisites required for a successful deployment. 有关详细信息,请参阅混合部署先决条件For more information, see Hybrid deployment prerequisites.

  • Exchange ActiveSync 客户端:将邮箱从内部部署 Exchange 组织移动到 Exchange online 时,访问该邮箱的所有客户端都需要更新以使用 Exchange online;这包括 Exchange ActiveSync 设备。Exchange ActiveSync clients: When you move a mailbox from your on-premises Exchange organization to Exchange Online, all of the clients that access the mailbox need to be updated to use Exchange Online; this includes Exchange ActiveSync devices. 大多数 Exchange ActiveSync 客户端现在都会在邮箱移到 Exchange Online 中时自动重新配置,但是,某些旧的设备可能不会正确升级。Most Exchange ActiveSync clients will now be automatically reconfigured when the mailbox is moved to Exchange Online, however some older devices might not update correctly. 有关详细信息,请参阅Exchange ActiveSync 设备设置与 exchange 混合部署For more information, see Exchange ActiveSync device settings with Exchange hybrid deployments.

  • 邮箱权限迁移:内部部署邮箱权限(如 "代理发送"、"完全访问"、"代表发送" 和 "文件夹权限")将迁移到 Exchange Online。Mailbox permissions migration: On-premises mailbox permissions such as Send As, Full Access, Send on Behalf, and folder permissions, that are explicitly applied on the mailbox are migrated to Exchange Online. 不会迁移继承(非明确)邮箱权限和授予给 Exchange Online 中未启用邮件的对象的权限。Inherited (non-explicit) mailbox permissions and permissions granted to objects that aren't mail enabled in Exchange Online are not migrated. 在迁移之前,请务必明确授予所有权限,并确保所有对象都启用邮件。You should ensure all permissions are explicitly granted and all objects are mail enabled prior to migration. 因此,需要进行规划以在 Office 365 中配置这些权限(若适用于你的组织)。Therefore, you have to plan for configuring these permissions in Office 365 if applicable for your organization. 在代理发送权限情况下,如果尝试代理发送的用户和资源没有同时移动,则需要使用 Add-RecipientPermission cmdlet 在 Exchange Online 中显式添加代理发送权限。In the case of Send As permissions, if the user and the resource attempting to be sent as aren't moved at the same time, you'll need to explicitly add the Send As permission in Exchange Online using the Add-RecipientPermission cmdlet.

  • 对跨界邮箱权限的支持: Exchange 混合部署支持使用完全访问权限,并代表位于本地 Exchange 组织中的邮箱和位于 Office 365 中的邮箱之间的发送权限。Support for cross-premises mailbox permissions: Exchange hybrid deployments support the use of the Full Access and Send on Behalf Of permissions between mailboxes located in an on-premises Exchange organization and mailboxes located in Office 365. "发送方式"权限需要其他步骤。Additional steps are required for Send As permissions. 此外,可能需要一些额外的配置来支持跨界邮箱权限,具体取决于在本地组织中安装的 Exchange 版本。Also, some additional configuration may be required to support cross-premises mailbox permissions depending on the version of Exchange installed in your on-premises organization. 有关详细信息,请参阅 Exchange 混合部署中的权限配置 Exchange 以支持混合部署中的委派邮箱权限中的委派邮箱权限For more information, see Delegate mailbox permissions in Permissions in Exchange hybrid deployments and Configure Exchange to support delegated mailbox permissions in a hybrid deployment.

  • 脱离:作为日常收件人管理的一部分,您可能必须将 Exchange Online 邮箱移回到您的本地环境中。Offboarding: As part of ongoing recipient management, you might have to move Exchange Online mailboxes back to your on-premises environment.

有关如何在基于 Exchange 2010 的混合部署中移动邮箱的详细信息,请参阅Move an Exchange Online mailbox to the on-premises organizationFor more information about how to move mailboxes in an Exchange 2010-based hybrid deployment, see Move an Exchange Online mailbox to the on-premises organization.

有关如何在基于 Exchange 2013 或更高版本的混合部署中移动邮箱的详细信息,请参阅在混合部署中的内部部署组织和 Exchange Online 组织之间移动邮箱For more information about how to move mailboxes in hybrid deployments based on Exchange 2013 or newer, see Move mailboxes between on-premises and Exchange Online organizations in hybrid deployments.

  • 邮箱转发设置:可以将邮箱设置为自动将发送给它们的邮件转发到另一个邮箱。Mailbox forwarding settings: Mailboxes can be set up to automatically forward mail sent to them to another mailbox. 虽然 Exchange Online 支持邮箱转发,但转发配置未随邮箱迁移一起复制到 Exchange Online 中。While mailbox forwarding is supported in Exchange Online, the forwarding configuration isn't copied to Exchange Online when the mailbox is migrated there. 将邮箱迁移到 Exchange Online 前,请务必先导出各个邮箱的转发配置。Before you migrate a mailbox to Exchange Online, make sure you export the forwarding configuration for each mailbox. 转发配置存储在每个邮箱DeliverToMailboxAndForwardForwardingAddress、和ForwardingSmtpAddress属性中。The forwarding configuration is stored in the DeliverToMailboxAndForward, ForwardingAddress, and ForwardingSmtpAddress properties on each mailbox.

Exchange 混合部署组件Exchange hybrid deployment components

混合部署涉及多个不同的服务和组件:A hybrid deployment involves several different services and components:

  • Exchange 服务器:如果要配置混合部署,必须在您的内部部署组织中配置至少一个 Exchange 服务器。Exchange servers: At least one Exchange server needs to be configured in your on-premises organization if you want to configure a hybrid deployment. 如果您运行 Exchange 2013 或更低版本,您需要至少安装一台运行邮箱角色和客户端访问角色的服务器。If you're running Exchange 2013 or older, you need to install at least one server running the Mailbox and Client Access roles. 如果您运行 Exchange 2016 或更新版本,至少必须安装一台运行邮箱角色的服务器。If you're running Exchange 2016 or newer, at least one server running the Mailbox role needs to be installed. 如果需要,也可以在外围网络中安装 Exchange 边缘传输服务器,并支持与 Office 365 的安全邮件流。If needed, Exchange Edge Transport servers can also be installed in a perimeter network and support secure mail flow with Office 365.

    备注

    我们不支持在外围网络中安装运行邮箱服务器角色或客户端访问服务器角色的 Exchange 服务器。We don't support the installation of Exchange servers running the Mailbox or Client Access server roles in a perimeter network.

  • Microsoft office 365: office 365 服务将 Exchange Online 组织作为其订阅服务的一部分包括在其中。Microsoft Office 365: The Office 365 service includes an Exchange Online organization as a part of its subscription service. 配置混合部署的组织需要为迁移到 Exchange Online 组织或者在 Exchange Online 组织中创建的每个邮箱购买一个许可证。Organizations configuring a hybrid deployment need to purchase a license for each mailbox that's migrated to or created in the Exchange Online organization.

  • "混合配置" 向导: Exchange 包括 "混合配置" 向导,该向导为您提供了在内部部署 Exchange 和 Exchange Online 组织之间配置混合部署的简化的过程。Hybrid Configuration wizard: Exchange includes the Hybrid Configuration wizard which provides you with a streamlined process to configure a hybrid deployment between on-premises Exchange and Exchange Online organizations.

    有关详细信息,请参阅 "混合配置"向导Learn more at Hybrid Configuration wizard.

  • AZURE AD 身份验证系统: Azure Active DIRECTORY (AD)身份验证系统是一项基于云的免费服务,充当本地 exchange 2016 组织与 Exchange Online 组织之间的信任代理。Azure AD authentication system: The Azure Active Directory (AD) authentication system is a free cloud-based service that acts as the trust broker between your on-premises Exchange 2016 organization and the Exchange Online organization. 配置混合部署的本地组织必须具有与 Azure AD 身份验证系统之间的联合信任。On-premises organizations configuring a hybrid deployment must have a federation trust with the Azure AD authentication system. 可手动创建联合信任作为配置内部部署 Exchange 组织和其他联合 Exchange 组织之间的联合共享功能的一部分,或使用混合配置向导配置混合部署的一部分。The federation trust can either be created manually as part of configuring federated sharing features between an on-premises Exchange organization and other federated Exchange organizations or as part of configuring a hybrid deployment with the Hybrid Configuration wizard. Office 365 租户的 Azure AD 身份验证系统联合信任是在激活 Office 365 服务帐户时自动配置的。A federation trust with the Azure AD authentication system for your Office 365 tenant is automatically configured when you activate your Office 365 service account.

    有关详细信息,请参阅:什么是 AZURE AD Connect?Learn more at: What is Azure AD Connect?.

  • Azure Active Directory 同步: azure ad 同步使用 Azure ad Connect 将已启用邮件的对象的本地 Active Directory 信息复制到 Office 365 组织,以支持统一全局地址列表(GAL)和用户身份验证。Azure Active Directory synchronization: Azure AD synchronization uses Azure AD Connect to replicate on-premises Active Directory information for mail-enabled objects to the Office 365 organization to support the unified global address list (GAL) and user authentication. 配置混合部署的组织需要在单独的内部部署服务器上部署 Azure AD Connect 以将您的内部部署 Active Directory 与 Office 365 同步。Organizations configuring a hybrid deployment need to deploy Azure AD Connect on a separate, on-premises server to synchronize your on-premises Active Directory with Office 365.

    有关详细信息,请参阅: AZURE AD Connect 的先决条件Learn more at: Prerequisites for Azure AD Connect.

混合部署示例Hybrid deployment example

看一下下面的情况。这是一个拓扑示例,概述了典型的 Exchange 2016 部署。Contoso, Ltd. 是一个单林单域组织,安装了两台域控制器和一台 Exchange 2016 服务器。远程 Contoso 用户使用 Web 上的 Outlook 通过 Internet 连接到 Exchange 2016 以检查其邮箱和访问其 Outlook 日历。Take a look at the following scenario. It's an example topology that provides an overview of a typical Exchange 2016 deployment. Contoso, Ltd. is a single-forest, single-domain organization with two domain controllers and one Exchange 2016 server installed. Remote Contoso users use Outlook on the web to connect to Exchange 2016 over the Internet to check their mailboxes and access their Outlook calendar.

在配置带有 Office 365 的混合部署之前所进行的本地 Exchange 部署

假设您是 Contoso 的网络管理员,同时对配置混合部署感兴趣。您部署与配置符合要求的 Active Directory 同步服务器,同时还决定使用 Azure AD Connect 密码同步功能让用户对其内部部署网络帐户和其 Office 365 帐户使用相同的凭据。完成混合部署先决条件,以及使用混合配置向导选择了混合部署的选项之后,新的拓扑具有以下配置:Let's say that you're the network administrator for Contoso, and you're interested in configuring a hybrid deployment. You deploy and configure a required Azure AD Connect server and you also decide to use the Azure AD Connect password synchronization feature to let users use the same credentials for both their on-premises network account and their Office 365 account. After you complete the hybrid deployment prerequisites and use the Hybrid Configuration wizard to select options for the hybrid deployment, your new topology has the following configuration:

  • 用户将使用相同的用户名和密码登录到内部部署组织和 Exchange Online 组织("单一登录")。Users will use the same username and password for logging on to the on-premises and Exchange Online organizations ("single sign-on").

  • 位于内部部署组织和 Exchange Online 组织中的用户邮箱将使用相同的电子邮件地址域。例如,位于内部部署组织和 Exchange Online 组织中的邮箱都将在用户电子邮件地址中使用 @contoso.com。User mailboxes located on-premises and in the Exchange Online organization will use the same email address domain. For example, mailboxes located on-premises and mailboxes located in the Exchange Online organization will both use @contoso.com in user email addresses.

  • 所有出站邮件都将通过内部部署组织传递到 Internet。内部部署组织控制所有邮件传输,并充当 Exchange Online 组织的中继("集中邮件传输")。All outbound mail is delivered to the Internet by the on-premises organization. The on-premises organization controls all messaging transport and serves as a relay for the Exchange Online organization ("centralized mail transport").

  • 内部部署组织用户和 Exchange Online 组织用户可以相互共享日历忙/闲信息。为这两个组织配置的组织关系还将启用跨内部部署邮件跟踪、邮件提示和邮件搜索。On-premises and Exchange Online organization users can share calendar free/busy information with each other. Organization relationships configured for both organizations also enable cross-premises message tracking, MailTips, and message search.

  • 内部部署用户和 Exchange Online 用户使用相同的 URL 通过 Internet 连接到其邮箱。On-premises and Exchange Online users use the same URL to connect to their mailboxes over the Internet.

在配置带有 Office 365 的混合部署之后所进行的本地 Exchange 部署

如果将 Contoso 的现有组织配置与混合部署配置进行比较,可以看到通过配置混合部署,添加了支持其他通信和功能的服务器和服务,这些通信和功能在内部部署组织和 Exchange Online 组织之间共享。下面概述了混合部署相对于初始内部部署 Exchange 组织所发生的变化。If you compare Contoso's existing organization configuration and the hybrid deployment configuration, you'll see that configuring a hybrid deployment has added servers and services that support additional communication and features that are shared between the on-premises and Exchange Online organizations. Here's an overview of the changes that a hybrid deployment has made from the initial on-premises Exchange organization.

配置Configuration 混合部署前Before hybrid deployment 混合部署之后After hybrid deployment
邮箱位置Mailbox location 邮箱仅位于内部部署组织中。Mailboxes on-premises only. 内部部署邮箱与 Office 365 中的邮箱。Mailboxes on-premises and in Office 365.
邮件传输Message transport 内部部署邮箱服务器处理所有入站和出站邮件路由。On-premises Mailbox servers handle all inbound and outbound message routing. 内部部署邮箱服务器处理内部部署组织与 Office 365 组织之间的内部邮件路由。On-premises Mailbox servers handle internal message routing between the on-premises and Office 365 organization.
Web 上的 OutlookOutlook on the web 内部部署邮箱服务器接收所有 Web 上的 Outlook 请求并显示邮箱信息。On-premises Mailbox servers receive all Outlook on the web requests and displays mailbox information. 内部部署邮箱服务器将 Web 上的 Outlook 请求重定向到内部部署 Exchange 2016 邮箱服务器或提供登录 Office 365 的链接。On-premises Mailbox servers redirect Outlook on the web requests to either on-premises Exchange 2016 Mailbox servers or provides a link to log on to Office 365.
用于两个组织的统一 GALUnified GAL for both organizations 不适用;仅限单个组织。Not applicable; single organization only. 内部部署 Active Directory 同步服务器将已启用邮件的对象的 Active Directory 信息复制到 Office 365。On-premises Active Directory synchronization server replicates Active Directory information for mail-enabled objects to Office 365.
用于两个组织的单一登录Single-sign on used for both organizations 不适用;仅限单个组织。Not applicable; single organization only. 内部部署 Active Directory 和 Office 365 对位于内部部署或 Office 365 中的邮箱使用相同的用户名和密码。On-premises Active Directory and Office 365 use the same username and password for mailboxes located either on-premises or in Office 365.
与 Azure AD 身份验证系统建立的组织关系和联合信任Organization relationship established and a federation trust with Azure AD authentication system 可以配置与 Azure AD 身份验证系统的信任关系以及与其他联合 Exchange 组织的组织关系。Trust relationship with th Azure AD authentication system and organization relationships with other federated Exchange organizations may be configured. 必须与 Azure AD 身份验证系统建立信任关系。内部部署与 Office 365 之间建立组织关系。Trust relationship with the Azure AD authentication system is required. Organization relationships are established between the on-premises and Office 365.
忙/闲共享Free/busy sharing 仅在内部部署用户之间共享忙/闲信息。Free/busy sharing between on-premises users only. 在内部部署用户之间和 Office 365 用户之间共享忙/闲信息。Free/busy sharing between both on-premises and Office 365 users.

配置混合部署之前要考虑的事项Things to consider before configuring a hybrid deployment

现在,您已对什么是混合部署有了进一步的了解,该认真考虑一些重要的问题了。配置混合部署可能会影响您当前网络和 Exchange 组织中的多个方面。Now that you're a little more familiar with what a hybrid deployment is, you need to carefully consider some important issues. Configuring a hybrid deployment could affect multiple areas in your current network and Exchange organization.

目录同步和单一登录Directory synchronization and single sign-on

内部部署组织和 Office 365 组织之间的 Active Directory 同步(由运行 Azure Active Directory Connect 的服务器每三小时执行一次)是配置混合部署的一项要求。目录同步使任一组织中的收件人可以在全局地址列表中看到彼此。它还将同步用户名和密码,使用户可以在内部部署组织和 Office 365 组织中使用相同凭据登录。Active Directory synchronization between the on-premises and Office 365 organizations, which is performed every three hours by a server running Azure Active Directory Connect, is a requirement for configuring a hybrid deployment. Directory synchronization enables recipients in either organization to see each other in the global address list. It also synchronizes usernames and passwords which enables users to log in with the same credentials in both your on-premises organization and in Office 365.

备注

如果您选择使用 AD FS 配置 Azure AD Connect,默认情况下,内部部署用户的用户名和密码将仍会同步到 Office 365。但是,用户将通过 AD FS 对内部部署 Active Directory 进行身份验证,作为其主要身份验证方法。如果出于任何原因,AD FS 无法连接到您的内部部署 Active Directory,客户端将尝试回退并对同步到 Office 365 的用户名和密码进行身份验证。If you choose to configure Azure AD Connect with AD FS, usernames and passwords of on-premises users will still be synchronized to Office 365 by default. However, users will authenticate with your on-premises Active Directory via AD FS as their primary method of authentication. In the event AD FS can't connect to your on-premises Active Directory for any reason, clients will attempt to fall back and authenticate against usernames and passwords synchronized to Office 365.

Azure Active Directory 和 Office 365 的所有客户都有50000个对象(用户、启用邮件的联系人和组)的默认限制,这些对象决定了您可以在 Office 365 组织中创建的对象数。All customers of Azure Active Directory and Office 365 have a default limit of 50,000 objects (users, mail-enabled contacts, and groups) that determines how many objects you can create in your Office 365 organization. 在验证第一个域后,此限制会自动增加到500000个对象(适用于 Azure Active Directory Free)或无限数量的 Azure Active Directory 基本或高级对象。After you verify your first domain, this limit is automatically increased to 500,000 objects for Azure Active Directory Free, or an unlimited number of objects for Azure Active Directory Basic or Premium. 有关详细信息,请参阅Azure Active Directory 定价For more information, see Azure Active Directory pricing.

如果选择配置 AD FS,除了运行 Azure AD Connect 的服务器,您还需要部署 Web 应用程序代理服务器。此服务器应置于外围网络中,并将充当内部 Azure AD Connect 服务器和 Internet 之间的中介。Web 应用程序代理服务器需要接受 Internet 上使用 TCP 端口 443 的客户端和服务器请求进行的连接。In addition to a server running Azure AD Connect, you'll also need to deploy a web application proxy server if you choose to configure AD FS. This server should be placed in your perimeter network and will act as an intermediary between your internal Azure AD Connect server and the Internet. The web application proxy server needs to accept connections from clients and servers on the Internet using TCP port 443.

混合部署管理Hybrid deployment management

通过单个统一管理控制台,您可以管理 Exchange 2016 的混合部署,允许同时管理您的内部部署和 Office 365 Exchange Online 组织。替换 Exchange 管理控制台和 Exchange 控制面板的 Exchange 管理中心 (EAC) 允许您连接和配置两个组织的 功能。当首次运行混合配置向导时,将提示您连接 Exchange Online 组织。您需要使用作为组织管理角色组之一的 Office 365 帐户连接 EAC 到您的 Exchange Online 组织。You manage a hybrid deployment in Exchange 2016 via a single unified management console that allows for managing both your on-premises and Exchange Online organizations. The Exchange admin center (EAC), which replaces the Exchange Management Console and the Exchange Control Panel, allows you to connect and configure features for both organizations. When you run the Hybrid Configuration wizard for the first time, you will be prompted to connect to your Exchange Online organization. You need to use an Office 365 account that is a member of the Organization Management role group to connect the EAC to your Exchange Online organization.

证书Certificates

安全套接字层 (SSL) 数字证书对配置混合部署非常重要。这些证书有助于保证内部部署混合服务器与 Exchange Online 组织之间的通信安全。证书是配置几个服务类型的要求。如果您的 Exchange 组织中已在使用数字证书,可能需要修改证书以包括其他域或者从受信任的证书颁发机构 (CA) 购买其他证书。如果未使用证书,则需要从受信任的 CA 购买一个或多个证书。Secure Sockets Layer (SSL) digital certificates play a significant role in configuring a hybrid deployment. They help to secure communications between the on-premises hybrid server and the Exchange Online organization. Certificates are a requirement to configure several types of services. If you're already using digital certificates in your Exchange organization, you may have to modify the certificates to include additional domains or purchase additional certificates from a trusted certificate authority (CA). If you aren't already using certificates, you will need to purchase one or more certificates from a trusted CA.

可在以下位置了解详细信息:混合部署的证书要求Learn more at: Certificate requirements for hybrid deployments

带宽Bandwidth

与 Internet 的网络连接会直接影响内部部署组织与 Office 365 组织之间的通信性能。尤其是在将邮箱从内部部署 Exchange 2016 服务器移到 Office 365 组织时。可用的网络带宽量以及邮箱大小和同时移动的邮箱数会导致完成邮箱移动的时间有所不同。此外,其他 Office 365 服务(例如 SharePoint Server 2016 和 Skype for Business)也可能会影响可用于邮件服务的带宽。Your network connection to the Internet will directly impact the communication performance between your on-premises organization and the Office 365 organization. This is particularly true when moving mailboxes from your on-premises Exchange 2016 server to the Office 365 organization. The amount of available network bandwidth, in combination with mailbox size and the number of mailboxes moved in parallel, will result in varied times to complete mailbox moves. Additionally, other Office 365 services, such as SharePoint Server 2016 and Skype for Business, may also affect the available bandwidth for messaging services.

将邮箱移动到 Office 365 之前,您应该完成以下事项:Before moving mailboxes to Office 365, you should:

  • 确定将移动到 Office 365 的邮箱的平均大小。Determine the average mailbox size for mailboxes that will be moved to Office 365.

  • 确定从内部部署组织连接到 Internet 的平均连接速度和吞吐速度。Determine the average connection and throughput speed for your connection to the Internet from your on-premises organization.

  • 计算预期的平均传输速度,然后相应地制定邮箱移动计划。Calculate the average expected transfer speed, and plan your mailbox moves accordingly.

可在以下位置了解详细信息:网络Learn more at: Networking

统一消息Unified Messaging

备注

统一消息在 Exchange 2019 中不可用。Unified Messaging is not available in Exchange 2019.

内部部署组织与 Office 365 组织之间的混合部署中支持统一消息 (UM)。内部部署电话解决方案必须能与 Office 365 组织进行通信。这可能需要购买其他硬件和软件。Unified Messaging (UM) is supported in a hybrid deployment between your on-premises and Office 365 organizations. Your on-premises telephony solution must be able to communicate with Office 365. This may require that you purchase additional hardware and software.

如果要将邮箱从内部部署组织移至 Office 365,并且为这些邮箱配置了 UM 功能,则应先在混合部署中配置 UM,然后再移动这些邮箱。如果先移动邮箱,然后再在混合部署中配置 UM,则这些邮箱将无法再访问 UM 功能。If you want to move mailboxes from your on-premises organization to Office 365, and those mailboxes are configured for UM, you should configure UM in your hybrid deployment prior to moving those mailboxes. If you move mailboxes before you configure UM in your hybrid deployment, those mailboxes will no longer have access to UM functionality.

有关详细信息,请参阅:在混合部署中设置统一消息Learn more at: Set Up Unified Messaging in a Hybrid Deployment

信息权限管理Information Rights Management

通过信息权限管理 (IRM),用户可将 Active Directory 权限管理服务 (AD RMS) 模板应用于其发送的邮件。AD RMS 模板可通过允许用户控制谁可打开受权限保护的邮件及其打开邮件后可对邮件执行什么操作,从而帮助防止信息泄漏。Information Rights Management (IRM) enables users to apply Active Directory Rights Management Services (AD RMS) templates to messages that they send. AD RMS templates can help prevent information leakage by allowing users to control who can open a rights-protected message, and what they can do with that message after it's been opened.

混合部署中的 IRM 需要进行规划、手动配置 Office 365 组织,并要了解客户端应根据其邮箱是位于内部部署组织还是 Exchange Online 组织中而如何使用 AD RMS 服务器。IRM in a hybrid deployment requires planning, manual configuration of the Office 365 organization, and an understanding of how clients use AD RMS servers depending on whether their mailbox is in the on-premises or Exchange Online organization.

有关详细信息,请参阅: IRM In Exchange 混合部署Learn more at: IRM in Exchange hybrid deployments

移动设备Mobile devices

混合部署中支持移动设备。如果现有服务器已经启用 Exchange ActiveSync,它们会继续将来自移动设备的请求重定向到位于内部部署邮箱服务器的邮箱。对于连接到从内部部署组织移到 Office 365 的现有邮箱的设备,将会自动更新 Exchange ActiveSync 配置文件以连接至大多电话上的 Office 365。支持 Exchange ActiveSync 的所有移动设备应与混合部署兼容。Mobile devices are supported in a hybrid deployment. If Exchange ActiveSync is already enabled on your existing servers, they'll continue to redirect requests from mobile devices to mailboxes located on the on-premises Mailbox server. For mobile devices connecting to existing mailboxes that are moved from the on-premises organization to Office 365, Exchange ActiveSync profiles will automatically be updated to connect to Office 365 on most phones. All mobile devices that support Exchange ActiveSync should be compatible with a hybrid deployment.

可在以下位置了解详细信息:移动电话Learn more at: Mobile Phones

客户端要求Client requirements

建议您的客户端使用 Outlook 2016 或 Outlook 2013,以便在混合部署中实现最佳体验和性能。Outlook 2010 之前的客户端在混合部署中或者 Office 365 中不受支持。We recommend that your clients use Outlook 2016 or Outlook 2013 for the best experience and performance in the hybrid deployment. Pre-Outlook 2010 clients aren't supported in hybrid deployments or with Office 365.

Office 365 的许可Licensing for Office 365

若要在 Office 365 中创建邮箱或将邮箱移至 Office 365,需要注册用于企业的 Office 365 并且必须具有可用的许可证。注册 Office 365 后,您将会收到特定数量的许可证,可以将这些许可证分配给新邮箱或从内部部署组织移动的邮箱。Office 365 中的每个邮箱都必须有许可证。To create mailboxes in, or move mailboxes to, Office 365, you need to sign up for Office 365 for enterprises and you must have licenses available. When you sign up for Office 365, you'll receive a specific number of licenses that you can assign to new mailboxes or mailboxes moved from the on-premises organization. Each mailbox in Office 365 must have a license.

防病毒和反垃圾邮件服务Antivirus and anti-spam services

对于移至 Office 365 的邮箱,系统会自动通过 Exchange Online Protection (EOP) 为其提供防病毒和反垃圾邮件保护,一种 Office 365 提供的服务。如果选择通过 EOP 服务路由所有传入的 Internet 邮件,则可能需要为您的内部部署用户购买其他 EOP 许可证。我们建议您仔细评估您的 Office 365 中的 EOP 保护是否也适合满足内部部署组织的防病毒和反垃圾邮件需要。如果您已经实施了内部部署组织保护,则可能需要升级或配置您的内部部署防病毒和反垃圾邮件解决方案,以期在整个组织中实现最大程度的保护。Mailboxes moved to Office 365 are automatically provided with antivirus and anti-spam protection by Exchange Online Protection (EOP), a service provided by Office 365. You may need to purchase additional EOP licenses for your on-premises users if you chose to route all incoming Internet mail through the EOP service. We recommend that you carefully evaluate whether the EOP protection in your Office 365 is also appropriate to meet the antivirus and anti-spam needs of your on-premises organization. If you have protection in place for your on-premises organization, you may need to upgrade or configure your on-premises antivirus and anti-spam solutions for maximum protection across your organization.

可在以下位置了解详细信息:Anti-Spam and Anti-Malware ProtectionLearn more at: Anti-Spam and Anti-Malware Protection

公用文件夹Public folders

Office 365 支持公用文件夹,同时内部部署公共文件夹可迁移到 Office 365。此外,Office 365 中的公共文件夹可以移动到内部部署 Exchange 2016 组织。内部部署和 Office 365 用户均可以使用 Web 上的 Outlook、Outlook 2016、Outlook 2013 或 Outlook 2010 SP2或更新版本访问位于两个组织中的公用文件夹。配置混合部署时不会改变现有的内部部署公用文件夹配置和对内部部署邮箱的访问权限。Public folders are supported in Office 365, and on-premises public folders can be migrated to Office 365. Additionally, public folders in Office 365 can be moved to the on-premises Exchange 2016 organization. Both on-premises and Office 365 users can access public folders located in either organization using Outlook on the web, Outlook 2016, Outlook 2013, or Outlook 2010 SP2 or newer. Existing on-premises public folder configuration and access for on-premises mailboxes doesn't change when you configure a hybrid deployment.

可在以下位置了解详细信息:Public FoldersLearn more at: Public Folders

辅助功能Accessibility

有关可能适用于此检查表中的过程的键盘快捷方式的信息,请参阅Exchange 管理中心的键盘快捷方式For information about keyboard shortcuts that may apply to the procedures in this checklist, see Keyboard shortcuts for the Exchange admin center.

关键术语Key terminology

以下列表提供了与 Exchange 2013 中的混合部署关联的核心组件的定义。The following list provides you with definitions of the core components associated with hybrid deployments in Exchange 2013.

集中邮件传输centralized mail transport

混合配置选项,其中所有 Exchange Online 入站和出站 Internet 邮件都通过内部部署 Exchange 组织路由。The hybrid configuration option in which all Exchange Online inbound and outbound Internet messages are routed via the on-premises Exchange organization. 此路由选项在混合配置向导中配置。This routing option is configured in the Hybrid Configuration wizard. 有关详细信息,请参阅 Transport options in Exchange hybrid deploymentsFor more information, see Transport options in Exchange hybrid deployments.

共存域coexistence domain

一种接受域,添加到内部部署组织中用于 Office 365 服务的混合邮件流和自动发现请求。An accepted domain added to the on-premises organization for hybrid mail flow and Autodiscover requests for the Office 365 service. 此域将作为辅助代理域添加到在混合配置向导中为其选择了 "域" 的 " PrimarySmtpAddress " 模板的任何电子邮件地址策略中。This domain is added as a secondary proxy domain to any email address policies which have PrimarySmtpAddress templates for domains selected in the Hybrid Configuration wizard. 默认情况下,此域是 <域>.mail.onmicrosoft.com。By default, this domain is <domain>.mail.onmicrosoft.com.

_HybridConfiguration_Active Directory 对象HybridConfiguration Active Directory object

内部部署组织中的 Active Directory 对象,其中包含按混合配置向导中选择的内容定义的所需混合部署配置参数。The Active Directory object in the on-premises organization that contains the desired hybrid deployment configuration parameters defined by the selections chosen in the Hybrid Configuration wizard. 混合配置引擎在配置内部部署和 Exchange Online 设置时使用这些参数来启用混合功能。The Hybrid Configuration Engine uses these parameters when configuring on-premises and Exchange Online settings to enable hybrid features. 每次运行 "混合配置" 向导时, _HybridConfiguration_对象的内容都会重置。The contents of the HybridConfiguration object are reset each time the Hybrid Configuration wizard is run.

混合配置引擎hybrid configuration engine

混合配置引擎 (HCE) 运行配置和更新混合部署所需的核心操作。The Hybrid Configuration Engine (HCE) runs the core actions necessary for configuring and updating a hybrid deployment. HCE 将_HybridConfiguration_ Active Directory 对象的状态与当前的内部部署 Exchange 和 Exchange Online 配置设置进行比较,然后执行任务以将部署配置设置与_HybridConfiguration_ Active Directory 对象中定义的参数相匹配。The HCE compares the state of the HybridConfiguration Active Directory object with current on-premises Exchange and Exchange Online configuration settings and then executes tasks to match the deployment configuration settings to the parameters defined in the HybridConfiguration Active Directory object. 有关详细信息,请参阅 混合配置引擎For more information, see Hybrid Configuration Engine.

混合配置向导 (HCW)hybrid configuration wizard (HCW)

Exchange 提供的一种自适应工具,可指导管理员完成内部部署组织和 Exchange Online 组织之间的混合部署配置。An adaptive tool offered in Exchange that guides administrators through configuring a hybrid deployment between their on-premises and Exchange Online organizations. 向导定义_HybridConfiguration_对象中的混合部署配置参数,并指示混合配置引擎运行所需的配置任务,以启用定义的混合功能。The wizard defines the hybrid deployment configuration parameters in the HybridConfiguration object and instructs the Hybrid Configuration Engine to run the necessary configuration tasks to enable the defined hybrid features. 有关详细信息,请参阅 "混合配置"向导For more information, see Hybrid Configuration wizard.

基于 Exchange 2010 的混合部署Exchange 2010-based hybrid deployment

一种混合部署,配置时使用 Exchange Server 2010 Service Pack 3 (SP3) 内部部署服务器作为 Office 365 和 Exchange Online 服务连接终结点。一种混合部署选项,适用于内部部署 Exchange 2010、Exchange Server 2007 和 Exchange Server 2003 组织。A hybrid deployment configured using Service Pack 3 (SP3) for Exchange Server 2010 on-premises servers as the connecting endpoint for the Office 365 and Exchange Online services. A hybrid deployment option for on-premises Exchange 2010, Exchange Server 2007, and Exchange Server 2003 organizations.

基于 Exchange 2013 的混合部署Exchange 2013-based hybrid deployment

一种混合部署,配置时使用 2013 内部部署服务器作为 Office 365 和 Exchange Online 服务连接终结点。一种混合部署选项,适用于内部部署 Exchange 2013、Exchange 2010 和 Exchange 2007 组织。A hybrid deployment configured using Exchange 2013 on-premises servers as the connecting endpoint for the Office 365 and Exchange Online services. A hybrid deployment option for on-premises Exchange 2013, Exchange 2010, and Exchange 2007 organizations.

基于 Exchange 2016 的混合部署Exchange 2016-based hybrid deployment

一种混合部署,配置时使用 2016 内部部署服务器作为 Office 365 和 Exchange Online 服务连接终结点。一种混合部署选项,适用于内部部署 Exchange 2016、Exchange 2013 和 Exchange 2010 组织。A hybrid deployment configured using Exchange 2016 on-premises servers as the connecting endpoint for the Office 365 and Exchange Online services. A hybrid deployment option for on-premises Exchange 2016, Exchange 2013, and Exchange 2010 organizations.

安全邮件传输secure mail transport

一种自动配置的混合部署功能,可实现内部部署组织与 Exchange Online 组织之间的安全邮件传递。邮件使用传输层安全性 (TLS) 进行加密和身份验证,采用混合部署向导中选择的证书。Office 365 租户是源于内部部署组织的混合传输连接的终结点,是从 Exchange Online 到内部部署组织的混合传输连接的来源。An automatically configured feature of a hybrid deployment that enables secure messaging between the on-premises and Exchange Online organizations. Messages are encrypted and authenticated using transport layer security (TLS) with a certificate selected in the Hybrid Configuration wizard. Office 365 tenant is the endpoint for hybrid transport connections originating from the on-premises organization and the source for hybrid transport connections to the on-premises organization from Exchange Online.

Exchange 混合部署文档Exchange hybrid deployment documentation

下表包含主题链接,这将帮助您学习和管理 Microsoft Exchange 的混合部署。The following table contains links to topics that will help you learn about and manage hybrid deployments in Microsoft Exchange.

主题Topic 说明Description
"混合配置"向导Hybrid Configuration wizard 了解混合配置向导和混合配置引擎如何配置混合部署的信息。Learn how the Hybrid Configuration wizard and the Hybrid Configuration Engine configure a hybrid deployment.
混合部署先决条件Hybrid deployment prerequisites 了解混合部署先决条件的详细信息,包括兼容 Exchange Server 组织、Office 365 要求和其他内部部署配置要求。Learn more about hybrid deployment prerequisites, including compatible Exchange Server organizations, Office 365 requirements, and other on-premises configuration requirements.
混合部署的证书要求Certificate requirements for hybrid deployments 了解有关混合部署数字证书要求的详细信息。Learn more about the requirements for digital certificates in hybrid deployments.
Exchange 混合部署的传输选项Transport options in Exchange hybrid deployments 了解有关混合部署中的入站和出站邮件传输选项的详细信息。Learn more about the inbound and outbound message transport options in hybrid deployments.
Exchange 混合部署中的传输路由Transport routing in Exchange hybrid deployments 了解有关混合部署中的入站和出站邮件路由选项的详细信息。Learn more about inbound and outbound message routing options in a hybrid deployment.
Exchange 混合部署中的混合管理Hybrid management in Exchange hybrid deployments 了解有关使用 Exchange 管理中心和 Exchange 命令行管理程序管理混合部署的详细信息。Learn more about managing your hybrid deployment with the Exchange admin center and Exchange Management Shell.
Exchange 混合部署中共享的忙/闲信息Shared free/busy in Exchange hybrid deployments 了解有关混合部署中的内部部署和 Exchange Online 组织之间的日历闲/忙共享的详细信息。Learn more about calendar free/busy sharing between on-premises and Exchange Online organizations in a hybrid deployment.
Exchange 混合部署中的服务器角色Server roles in Exchange hybrid deployments 了解混合部署中的 Exchange 服务器角色如何运行的详细信息。Learn more about how the Exchange server roles function in a hybrid deployment.
Exchange 混合部署中的 IRMIRM in Exchange hybrid deployments 了解有关混合部署中的信息权限管理如何运行的详细信息。Learn more about how Information Rights Management functions in a hybrid deployment.
Exchange 混合部署中的权限Permissions in Exchange hybrid deployments 了解有关混合部署如何使用基于角色的访问控制 (RBAC) 控制权限的详细信息。Learn more about how a hybrid deployment uses Role Based Access Control (RBAC) to control permissions.
混合部署中的边缘传输服务器Edge Transport servers with hybrid deployments 了解 Exchange 边缘传输服务器以及如何在混合部署中部署和运营的详细信息。Learn more about Exchange Edge Transport servers and how they are deployed and operate in a hybrid deployment.
混合部署中的单一登录Single sign-on with hybrid deployments 了解如何使用混合部署中的密码同步和 AD FS 功能进行单一登录的详细信息。Learn more about how single sign-on using password synchronization and AD FS function in a hybrid deployment.
混合部署过程Hybrid Deployment procedures 探索创建和修改 Exchange 内部部署和 Exchange Online 组织的混合部署的程序。Explore procedures for creating and modifying hybrid deployments for your Exchange on-premises and Exchange Online organizations.
Exchange 2013 和 Exchange 2010 的混合部署Hybrid deployments with Exchange 2013 and Exchange 2010 了解有关针对 Exchange 2010 组织进行基于 Exchange 2013 的混合部署的详细信息。Learn more about Exchange 2013-based hybrid deployments with Exchange 2010 organizations.
Exchange 2013 和 Exchange 2007 的混合部署Hybrid deployments with Exchange 2013 and Exchange 2007 了解有关针对 Exchange 2007 组织进行基于 Exchange 2013 的混合部署的详细信息。Learn more about Exchange 2013-based hybrid deployments with Exchange 2007 organizations.