管理 Microsoft 365 用户帐户Manage Microsoft 365 user accounts

您可以通过几种不同的方式管理 Microsoft 365 用户帐户,具体取决于您的配置。You can manage Microsoft 365 user accounts in several different ways, depending on your configuration. 你可以在 Active Directory 域服务 (AD DS) 中或在 Azure Active Directory (Azure AD) 管理门户中管理 Microsoft 365 管理中心PowerShell、active directory 域服务中的用户帐户。You can manage user accounts in the Microsoft 365 admin center, PowerShell, in Active Directory Domain Services (AD DS), or in the Azure Active Directory (Azure AD) admin portal.

一旦购买 Microsoft 365,Microsoft 365 管理中心和 PowerShell 便可用于管理帐户。As soon as you purchase Microsoft 365, the Microsoft 365 admin center and PowerShell can be used to manage accounts. 管理云身份时,组织中的每个人都有单独的用户帐户名和密码。When managing cloud identities, every person in your organization has a separate user account name and password. 如果要与本地基础结构集成并将用户帐户与 Microsoft 365 同步,可以使用 Azure AD Connect 为单一登录 (SSO) 功能提供标识和密码的同步。If you want to integrate with your on-premises infrastructure and have user accounts synchronized with Microsoft 365, you can use Azure AD Connect to provide synchronization of identities and passwords for single sign-on (SSO) functionality.

规划将管理用户帐户的位置和方式Plan for where and how you will manage your user accounts

如何管理用户帐户的位置和方式取决于要用于 Microsoft 365 的标识模型。Where and how you can manage your user accounts depends on the identity model you want to use for your Microsoft 365. 这两个整体模型为仅云和混合模式。The two overall models are cloud-only and hybrid.

仅限云Cloud-only

在 Microsoft 365 管理中心中创建和管理用户。You create and manage users in the Microsoft 365 admin center. 您还可以使用 PowerShell 或 Azure AD 管理中心。You can also use PowerShell or the Azure AD admin center.

混合Hybrid

用户帐户与 AD DS 中的 Microsoft 365 同步,因此您必须使用内部部署 AD DS 工具来管理用户帐户。User accounts are synchronized with Microsoft 365 from AD DS, so you must use on-premises AD DS tools to manage user accounts.

管理帐户Managing Accounts

在决定您的组织创建和管理帐户的方式时,请考虑以下要求:When deciding which way your organization will create and manage accounts, consider the following requirements:

  • 目录同步软件需要安装在本地环境中的服务器上,以连接 Microsoft 365 和 AD DS 之间的标识。The directory synchronization software needs to be installed on servers within your on-premises environment to connect the identities between Microsoft 365 and your AD DS.

  • 任何目录同步选项(包括 SSO 选项)都要求 AD DS 属性满足标准。Any directory synchronization option, including SSO options, requires that your AD DS attributes meet standards. 准备目录同步到 Microsoft 365中描述了在目录中使用的属性和清除 ((如果有任何) 需要)的具体说明。The specifics of what attributes are used in your directory and what cleanup (if any) is needed are described in Prepare for directory synchronization to Microsoft 365.

  • 规划如何创建 Microsoft 365 帐户。Plan how you are going to create Microsoft 365 accounts.

下表列出了不同的帐户管理工具。The following table lists the different account management tools.

工具Tool 注释Notes
Microsoft 365 管理中心Microsoft 365 admin center
单独或批量添加用户Add users individually or in bulk
提供一个简单的 web 界面来添加和更改用户帐户。Provides a simple web interface to add and change user accounts.
如果启用了目录同步,则无法用于更改用户 (位置和许可证分配可以设置) 。Can't be used to change users if directory synchronization is enabled (location and license assignment can be set).
不能与 SSO 选项一起使用。Can't be used with SSO options.
Windows PowerShellWindows PowerShell
使用 Windows PowerShell 管理 Microsoft 365Manage Microsoft 365 with Windows PowerShell
允许您使用 Windows PowerShell 脚本在批量用户中添加用户。Allows you to add users in bulk users by using a Windows PowerShell script.
可用于将位置和许可证分配给帐户,而不考虑帐户的创建方式。Can be used to assign location and licenses to accounts, regardless of how the accounts are created.
批量导入Bulk import
同时添加多个用户Add several users at the same time
允许您导入 CSV 文件以将一组用户添加到 Microsoft 365。Allows you to import a CSV file to add a group of users to Microsoft 365.
不能与 SSO 选项一起使用。Can't be used with SSO options.
Azure ADAzure AD
你可以使用 Microsoft 365 订阅获取 Azure AD 的免费版本。You get a free edition of Azure AD with your Microsoft 365 subscription. 您可以为云用户执行自助密码重置等功能,并使用免费版本自定义登录和访问面板页。You can perform functions like self-service password reset for cloud users, and customization of the Sign-in and Access Panel pages by using the free edition. 若要获取增强的功能,您可以升级到基本版本、Azure AD 高级 P1 或 Azure AD Premium P2。To get enhanced functionality, you can upgrade to the basic edition, Azure AD Premium P1, or Azure AD Premium P2. 有关支持的功能的列表,请参阅 AZURE AD 版本See Azure AD editions for the list of supported features.
目录同步Directory synchronization
将本地标识与 Azure AD 集成Integrating your on-premises identities with Azure AD
对于使用或不使用密码同步进行目录同步,请将 AZURE AD Connect 与 express 设置结合使用。For directory synchronization with or without password synchronization, use Azure AD Connect with express settings.
对于多个林和 SSO 选项,请使用 自定义安装的 AZURE AD ConnectFor multiple forests and SSO options, use Custom Installation of Azure AD Connect.
提供启用 SSO 所需的基础结构。Provides the infrastructure that's necessary to enable SSO.
对许多混合方案(如暂存迁移和混合 Exchange)是必需的Required for many hybrid scenarios such as staged migration and hybrid Exchange
从 AD DS 同步安全和启用邮件的组。Synchronizes security and mail-enabled groups from your AD DS.
  • 无论您打算如何将用户帐户添加到 Microsoft 365,您都需要管理多个帐户功能,例如分配许可证、指定位置等。Regardless of how you intend to add the user accounts to Microsoft 365, you need to manage several account features, such as assigning licenses, specifying location, and so on. 可以从 Microsoft 365 管理中心对这些功能进行管理,也可以 使用 PowerShell 创建用户帐户These features can be managed long-term from the Microsoft 365 admin center or you can also create user accounts with PowerShell.

    如果选择通过管理中心添加和管理所有用户,您将指定位置,并在创建 Microsoft 365 帐户的同时分配许可证。If you choose to add and manage all your users through the admin center, you will specify the location and assign licenses at the same time as creating the Microsoft 365 account. 因此,不需要进行大量规划。As a result, not much planning is required.

    重要

    在 Microsoft 365 中创建帐户,而不向 SharePoint Online 分配许可证 (,例如) 意味着帐户所有者可以查看 Microsoft 365 中心,但不能访问公司订阅中的任何服务。Creating accounts in Microsoft 365 without assigning a license (to SharePoint Online, for example) means that the account owner can view the Microsoft 365 center but can't access any of the services within your company's subscription. 分配位置和许可证后,帐户将复制到您分配的服务或服务。After you assign a location and the license, the account is replicated to the service or services that you assigned. 用户可以登录到其帐户并使用您分配给他们的服务。The user can sign in to their account and use the services that you assigned to them.

另请参阅See also

Microsoft 365 管理中心Microsoft 365 admin center

PowerShellPowerShell