Exchange Server 中的通訊錄原則Address book policies in Exchange Server

通訊錄原則(Abp)可讓系統管理員將使用者分成特定群組,以提供組織之全域通訊清單(GAL)的自訂視圖。Address book policies (ABPs) lets administrators segment users into specific groups to provide customized views of the organization's global address list (GAL). ABP 的目標是為需要多個 Gal 的內部部署組織提供更簡單的 GAL 分割(也稱為gal 隔離)機制。The goal of an ABP is to provide a simpler mechanism for GAL segmentation (also known as GAL segregation) in on-premises organizations that require multiple GALs.

ABP 包含下列元素:An ABP contains these elements:

  • 一個 GAL。One GAL. 如需 Gal 的詳細資訊,請參閱全域通訊清單For more information about GALs, see Global address lists.

  • 一個離線通訊錄(OAB)。One offline address book (OAB). 如需 OABs 的詳細資訊,請參閱Exchange Server 中的離線通訊錄For more information about OABs, see Offline address books in Exchange Server.

  • 一個會議室清單。One room list. 請注意,此會議室清單是自訂通訊清單,可指定會議室(包含篩選 RecipientDisplayType -eq 'ConferenceRoomMailbox' )。Note that this room list is a custom address list that specifies rooms (contains the filter RecipientDisplayType -eq 'ConferenceRoomMailbox'). 這不是您使用New-DistributionGroupSet-DistributionGroup Cmdlet 的_RoomList_參數建立的會議室 finder。It's not a room finder that you create with the RoomList switch on the New-DistributionGroup or Set-DistributionGroup cmdlet. 如需詳細資訊,請參閱建立及管理會議室信箱For more information, see Create and manage room mailboxes.

  • 一個或多個通訊清單。One or more address lists. 如需通訊清單的詳細資訊,請參閱自訂通訊清單For more information about address lists, see Custom address lists.

如需 Abp 的程式,請參閱Exchange Server 中的通訊錄原則程式For procedures involving ABPs, see Procedures for address book policies in Exchange Server.

附註Notes:

Abp 的運作方式How ABPs work

下圖顯示 Abp 的運作方式。The following diagram shows how ABPs work. 使用者被指派通訊錄原則 A,其中包含組織中可用的通訊清單子集。The user is assigned Address Book Policy A that contains a subset of address lists that are available in the organization. 當 ABP 建立並指派給使用者時,ABP 會變成使用者可以查看之通訊清單的範圍。When the ABP is created and assigned to the user, the ABP becomes the scope of the address lists that the user is able to view.

通訊錄原則的概觀

當使用者連接至信箱伺服器上的用戶端存取(前端)服務時,APBs 會生效。APBs take effect when a user connects to the Client Access (frontend) services on a Mailbox server. 如果您變更 ABP,更新的 APB 會在使用者重新開機或重新連接其用戶端應用程式時生效,或重新開機信箱伺服器(特別是後端服務中的 Microsoft Exchange RPC Client Access 服務)。If you change an ABP, the updated APB takes effect when a user restarts or reconnects their client app, or you restart the Mailbox server (specifically, the Microsoft Exchange RPC Client Access service in the backend services).

通訊錄原則路由代理程式Address Book Policy Routing agent

在不使用 Abp 的 Exchange 組織中,當使用者在 Outlook 或網頁版 outlook 中建立電子郵件,並將郵件傳送給組織中的其他收件者時,會發生下列情況:In an Exchange organization that doesn't use ABPs, the following things occur when a user creates an email message in Outlook or Outlook on the web and sends the message to another recipient in the organization:

  1. 電子郵件地址會解析為使用者的顯示名稱。The email address resolves to the user's display name. 例如,如果您在 [] 欄位中輸入 [sardor@contoso.com],則 SMTP 電子郵件地址會解析為Sarah DorseyFor example, if you type sardor@contoso.com in the To field, the SMTP email address resolves to Sarah Dorsey.

  2. 名稱解析後,您可以按兩下使用者的名稱來查看收件者的連絡人卡片。After the name resolves, you can view the recipient's contact card by double-clicking on the user's name. 連絡人卡片會顯示收件者的連絡人資訊,例如辦公室和電話號碼。The contact card shows the recipient's contact information, such as office and phone number.

如果您使用的是 Abp,而您不想讓 Abp 中的使用者能夠查看對方的潛在私人資訊,您可以開啟通訊錄原則路由代理程式。If you're using ABPs, and you don't want the users in the ABPs to view each other's potentially private information, you can turn on the Address Book Policy Routing agent. ABP 路由代理程式是一種傳輸代理程式,可控制如何在組織中解析收件者。The ABP Routing agent is a Transport agent that controls how recipients are resolved in your organization. 安裝及設定 ABP 路由代理程式時,由不同 Abp 指派給不同 Gal 的使用者,無法彼此查看對方的連絡人卡片(它們會顯示為彼此的外部收件者)。When the ABP Routing agent is installed and configured, users that are assigned to different GALs by different ABPs can't view each other's contact cards (they appear as external recipients to each other).

如需如何開啟 ABP 路由代理程式的詳細資訊,請參閱使用 Exchange 管理命令介面安裝及設定通訊錄原則路由代理程式For details about how to turn on the ABP Routing agent, see Use the Exchange Management Shell to install and configure the Address Book Policy Routing Agent.

ABP 範例ABP example

在下列圖表中,Fabrikam 和 Tailspin 玩具會共用同一個 Exchange 組織和相同的 CEO。In the following diagram, Fabrikam and Tailspin Toys share the same Exchange organization and the same CEO. CEO 是兩家公司都通用的員工。The CEO is the only employee common to both companies.

兩家公司一位執行長

建議的設定包括三個 Abp:The suggested configuration includes three ABPs:

  • 一個 ABP 已指派給 Fabrikam 員工。One ABP is assigned to Fabrikam employees. ABP 中的 GAL 和通訊清單包含 Fabrikam 員工和 CEO。The GAL and address lists in the ABP include Fabrikam employees and the CEO.

  • 一個 ABP 會指派給 Tailspin 玩具員工。One ABP is assigned to Tailspin Toys employees. ABP 中的 GAL 和通訊清單包含 Tailspin 玩具員工和 CEO。The GAL and address lists in the ABP include Tailspin Toys employees and the CEO.

  • 一個 ABP 只指派給 CEO。One ABP is assigned to only the CEO. ABP 中的 [(預設值) GAL] 和 [通訊清單] 包括所有員工(Fabrikam、Tailspin 玩具及 CEO)。The (default) GAL and address lists in the ABP include all employees (Fabrikam, Tailspin Toys, and the CEO).

根據此設定,Abp 可協助您強制執行這些需求:Based on this configuration, the ABPs help to enforce these requirements:

  • Tailspin Toys 中的使用者瀏覽 GAL 時,只會看見 Tailspin Toys 員工和 CEO。The users in Tailspin Toys can only see Tailspin Toys employees and the CEO when they browse the GAL.

  • Fabrikam 中的使用者瀏覽 GAL 時,只會看見 Fabrikam 員工和 CEO。The users in Fabrikam can only see Fabrikam employees and the CEO when they browse the GAL.

  • CEO 在流覽 GAL 時,可看到所有 Fabrikam 和 Tailspin 玩具員工。The CEO can see all Fabrikam and Tailspin Toys employees when she browses the GAL.

  • 查看 CEO 的群組成員資格的使用者只能看到屬於公司的群組。Users who view the CEO's group membership can see only groups that belong to their company. 他們看不到屬於其他公司的群組。They can't see groups that belong to the other company.