Exchange 2007 中的属性集

  • 项目

 

适用于: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007

上一次修改主题: 2007-03-19

早期版本的 Microsoft Exchange Server 并不很依赖于属性集在域分区中应用权限。尽管这在典型部署中并不是问题,但是对于委派所有任务的分布式环境,这可能会成为一个问题。这些环境中的管理员必须为邮件收件人的大量属性委派权限,以便可以在权限最低访问模型中委派相应的任务。根据 Active Directory 目录服务服务器的版本,可能会导致访问控制列表 (ACL) 严重膨胀,从而增大 Ntds.dit 文件的大小。

Exchange Server 2007 通过对大多数邮件收件人属性使用属性集来改善管理委派。

什么是属性集?

属性集是一组 Active Directory 属性。通过设置一个访问控制条目 (ACE),而不必设置每个属性的 ACE,就可以控制对这组 Active Directory 属性的访问权。此外,属性只能是一个属性集的成员。

例如,Personal-Information 属性集包含街道地址和电话号码等属性。这两个属性都是用户对象的属性。

Exchange Server 2003 中的属性集

在 Exchange Server 2003 中,Exchange 架构扩展进程在内置的 Active Directory 属性集(Personal Information 和 Public Information)中添加了许多与 Exchange 有关的邮件收件人属性。在域准备阶段,为 Exchange Enterprise Servers 域本地安全组委派了在域分区上访问这些属性集的权限,以便收件人更新服务 (RUS) 可以更新对象。下表列出 Personal Information 和 Public Information 属性集中的属性。

Public Information 属性集

 

allowedAttributes

allowedAttributesEffective

allowedChildClasses

allowedChildClassesEffective

altRecipient

altRecipientBL

altSecurityIdentities

attributeCertificate

authOrig

authOrigBL

autoReply

autoReplyMessage

cn

co

company

deletedItemFlags

delivContLength

deliverAndRedirect

deliveryMechanism

delivExtContTypes

department

description

directReports

displayNamePrintable

distinguishedName

division

dLMemberRule

dLMemDefault

dLMemRejectPerms

dLMemRejectPermsBL

dLMemSubmitPerms

dLMemSubmitPermsBL

dnQualifier

enabledProtocols

expirationTime

extensionAttribute1

extensionAttribute10

extensionAttribute11

extensionAttribute12

extensionAttribute13

extensionAttribute14

extensionAttribute15

extensionAttribute2

extensionAttribute3

extensionAttribute4

extensionAttribute5

extensionAttribute6

extensionAttribute7

extensionAttribute8

extensionAttribute9

extensionData

folderPathname

 

formData

forwardingAddress

givenName

heuristics

hideDLMembership

homeMDB

homeMTA

importedFrom

initials

internetEncoding

kMServer

language

languageCode

legacyExchangeDN

mail

mailNickname

manager

mAPIRecipient

mDBOverHardQuotaLimit

mDBOverQuotaLimit

mDBStorageQuota

mDBUseDefaults

msDS-AllowedToDelegateTo

msDS-Approx-Immed-Subordinates

msDS-Auxiliary-Classes

msExchADCGlobalNames

msExchALObjectVersion

msExchAssistantName

msExchConferenceMailboxBL

msExchControllingZone

msExchCustomProxyAddresses

msExchExpansionServerName

msExchFBURL

msExchHideFromAddressLists

msExchHomeServerName

msExchIMACL

msExchIMAddress

msExchIMAPOWAURLPrefixOverride

msExchIMMetaPhysicalURL

msExchIMPhysicalURL

msExchIMVirtualServer

msExchInconsistentState

msExchLabeledURI

msExchMailboxFolderSet

msExchMailboxGuid

msExchMailboxSecurityDescriptor

msExchMailboxUrl

msExchMasterAccountSid

msExchOmaAdminExtendedSettings

msExchOmaAdminWirelessEnable

msExchOriginatingForest

msExchPfRootUrl

 

msExchPFTreeType

msExchPoliciesExcluded

msExchPoliciesIncluded

msExchPolicyEnabled

msExchPolicyOptionList

msExchPreviousAccountSid

msExchProxyCustomProxy

msExchQueryBaseDN

msExchRecipLimit

msExchRequireAuthToSendTo

msExchResourceGUID

msExchResourceProperties

msExchTUIPassword

msExchTUISpeed

msExchTUIVolume

msExchUnmergedAttsPt

msExchUseOAB

msExchUserAccountControl

msExchVoiceMailboxID

name

notes

o

objectCategory

objectClass

objectGUID

oOFReplyToOriginator

otherMailbox

ou

pOPCharacterSet

pOPContentFormat

protocolSettings

proxyAddresses

publicDelegatesBL

replicatedObjectVersion

replicationSensitivity

replicationSignature

reportToOriginator

reportToOwner

securityProtocol

servicePrincipalName

showInAddressBook

sn

submissionContLength

supportedAlgorithms

systemFlags

targetAddress

telephoneAssistant

textEncodedORAddress

title

unauthOrig

unauthOrigBL

unmergedAtts

userPrincipalName

Personal Information 属性集

 

assistant

c

facsimileTelephoneNumber

homePhone

homePostalAddress

info

internationalISDNNumber

ipPhone

l

mobile

mSMQDigests

mSMQSignCertificates

otherFacsimileTelephoneNumber

otherHomePhone

 

otherIpPhone

otherMobile

otherPager

otherTelephone

pager

personalTitle

physicalDeliveryOfficeName

postalAddress

postalCode

postOfficeBox

preferredDeliveryMethod

primaryInternationalISDNNumber

primaryTelexNumber

publicDelegates

 

registeredAddress

st

street

streetAddress

telephoneNumber

teletexTerminalIdentifier

telexNumber

thumbnailPhoto

userCert

userCertificate

userSharedFolder

userSharedFolderOther

userSMIMECertificate

x121Address

但是,在通过委派权限来管理邮件收件人之后,许多 Active Directory 管理员没有使用这些属性集为 Exchange 管理员委派权限,因为这些属性集提供对许多其他与 Exchange 无关的属性的访问权限。

Exchange 2007 中的属性集

Exchange 2007 通过为 Exchange Server 单独创建两个新的属性集(而不是依赖于现有的 Active Directory 属性集)来利用属性集。Exchange 2007 中进行了下列多项改进:

  • 不再依赖于默认的 Active Directory 属性集。Exchange 特定的属性集可以应对以后的 Active Directory 属性集版本中进行潜在更改的不确定性。

  • 通过 Exchange 架构扩展创建的属性是 Exchange 特定的属性集的唯一成员。

  • 使用 Exchange 特定的属性集可以创建和部署专门用于管理 Exchange 邮件收件人数据的委派安全权限模型。

在架构扩展阶段,Exchange 2007 执行多项操作。其中包括:

  • 使用新的类和属性来扩展架构。

  • 创建 Exchange Information 和 Exchange Personal Information 属性集。

  • 为 Exchange Information 和 Exchange Personal Information 属性集添加相应的属性。

以前添加到 Personal Information 或 Public Information 属性集中的 Exchange 2003 属性将相应地移动到 Exchange 特定属性集。

由于在属性集之间移动了属性,所以,在旧版环境中实现 Exchange 2007 时,必须更新 Exchange 2003 收件人权限结构。为此,可以执行 setup /PrepareLegacyExchangePermissions 命令或 setup /PrepareSchema 命令。有关 setup /PrepareLegacyExchangePermissions 命令执行的操作的详细信息,请参阅准备旧版 Exchange 权限

Exchange Information 属性集包含下表中列出的属性。此外,经过身份验证的用户对此属性集具有读取权限,这样,可以查找有关邮件收件人的特定信息,例如使用 Microsoft Office Outlook 中的通讯簿。

Exchange Information 属性集

 

altRecipient

altRecipientBL

attributeCertificate

authOrig

authOrigBL

autoReply

autoReplyMessage

deletedItemFlags

delivContLength

deliverAndRedirect

deliveryMechanism

delivExtContTypes

dLMemberRule

dLMemDefault

dLMemRejectPerms

dLMemRejectPermsBL

dLMemSubmitPerms

dLMemSubmitPermsBL

dnQualifier

enabledProtocols

expirationTime

extensionAttribute1

extensionAttribute10

extensionAttribute11

extensionAttribute12

extensionAttribute13

extensionAttribute14

extensionAttribute15

extensionAttribute2

extensionAttribute3

extensionAttribute4

extensionAttribute5

extensionAttribute6

extensionAttribute7

extensionAttribute8

extensionAttribute9

extensionData

folderPathname

formData

forwardingAddress

heuristics

hideDLMembership

homeMDB

homeMTA

importedFrom

internetEncoding

kMServer

language

languageCode

mailNickname

mAPIRecipient

mDBOverHardQuotaLimit

mDBOverQuotaLimit

 

mDBStorageQuota

mDBUseDefaults

msExchADCGlobalNames

msExchALObjectVersion

msExchAssistantName

msExchConferenceMailboxBL

msExchControllingZone

msExchCustomProxyAddresses

msExchELCExpirySuspensionEnd

msExchELCExpirySuspensionStart

msExchELCMailboxFlags

msExchExpansionServerName

msExchExternalOOFOptions

msExchFBURL

msExchHideFromAddressLists

msExchHomeServerName

msExchIMACL

msExchIMAddress

msExchIMAPOWAURLPrefixOverride

msExchIMMetaPhysicalURL

msExchIMPhysicalURL

msExchIMVirtualServer

msExchInconsistentState

msExchLabeledURI

msExchMailboxFolderSet

msExchMailboxGuid

msExchMailboxOABVirtualDirectoriesLink

msExchMailboxSecurityDescriptor

msExchMailboxTemplateLink

msExchMailboxUrl

msExchMasterAccountHistory

msExchMasterAccountSid

msExchMaxBlockedSenders

msExchMaxSafeSenders

msExchMDBRulesQuota

msExchMessageHygieneSCLJunkThreshold

msExchMobileAllowedDeviceIDs

msExchMobileDebugLogging

msExchMobileMailboxFlags

msExchMobileMailboxPolicyLink

msExchOmaAdminExtendedSettings

msExchOmaAdminWirelessEnable

msExchOriginatingForest

msExchPfRootUrl

msExchPFTreeType

msExchPoliciesExcluded

msExchPoliciesIncluded

msExchPolicyEnabled

msExchPolicyOptionList

msExchPreviousAccountSid

msExchProxyCustomProxy

msExchPurportedSearchUI

 

msExchQueryBaseDN

msExchQueryFilterMetadata

msExchRecipientDisplayType

msExchRecipientTypeDetails

msExchRecipLimit

msExchRequireAuthToSendTo

msExchResourceCapacity

msExchResourceDisplay

msExchResourceGUID

msExchResourceMetaData

msExchResourceProperties

msExchResourceSearchProperties

msExchServerAdminDelegationBL

msExchTUIPassword

msExchTUISpeed

msExchTUIVolume

msExchUMAudioCodec

msExchUMDtmfMap

msExchUMEnabledFlags

msExchUMFaxId

msExchUMListInDirectorySearch

msExchUMMaxGreetingDuration

msExchUMOperatorNumber

msExchUMPinPolicyAccountLockoutFailures

msExchUMPinPolicyDisallowCommonPatterns

msExchUMPinPolicyExpiryDays

msExchUMPinPolicyMinPasswordLength

msExchUMRecipientDialPlanLink

msExchUMServerWritableFlags

msExchUMSpokenName

msExchUMTemplateLink

msExchUnmergedAttsPt

msExchUseOAB

msExchUserAccountControl

msExchUserCulture

msExchVersion

msExchVoiceMailboxID

oOFReplyToOriginator

pOPCharacterSet

pOPContentFormat

protocolSettings

publicDelegatesBL

replicatedObjectVersion

replicationSensitivity

replicationSignature

reportToOriginator

reportToOwner

securityProtocol

submissionContLength

supportedAlgorithms

targetAddress

telephoneAssistant

unauthOrig

unauthOrigBL

unmergedAtts

Exchange Personal Information 属性集包含下表中列出的属性。为了确保普通用户不能检索这些属性中存储的数据,属性将放入经过身份验证的用户无权进行读取访问的单独属性集。

Exchange Personal Information 属性集

 

msExchMessageHygieneFlags

msExchMessageHygieneSCLDeleteThreshold

msExchMessageHygieneSCLQuarantineThreshold

msExchMessageHygieneSCLRejectThreshold

msExchSafeRecipientsHash

msExchSafeSendersHash

msExchUMPinChecksum

详细信息

有关详细信息,请参阅下列主题: