設定 Exchange 混合部署中支援委派的信箱權限Configure Exchange to support delegated mailbox permissions in a hybrid deployment

委派的信箱權限可以讓其他人以管理其他使用者信箱的某些部分。常見的範例為行政助理需要管理 executive 信箱和行事曆。在內部部署 Exchange 組織與 Office 365 支援 完整存取權代理傳送者之間的混合式部署委派信箱權限。不過,視您已安裝在內部部署組織中的 Exchange 版本,可能需要先執行其他設定即可使用混合部署中使用委派的信箱權限。以下列出支援委派在混合部署中的信箱權限與該版本是否需要其他設定 Exchange 版本。Delegated mailbox permissions enable someone to manage some part of another users's mailbox. A common example of this is an administrative assistant who needs to manage an executive's mailbox and calendar. Hybrid deployments between an on-premises Exchange organization and Office 365 support the Full Access and Send on Behalf of delegated mailbox permissions. However, depending on the version of Exchange you have installed in your on-premises organization, you might need to perform additional configuration to use delegated mailbox permissions in a hybrid deployment. The following lists the versions of Exchange that support delegated mailbox permissions in a hybrid deployment and whether additional configuration is needed for that version.

  • Exchange 2016需要進行其他設定。Exchange 2016 No additional configuration is required.

  • Exchange 2013A 支援 Exchange 2013 累計更新 (CU) 及其他設定都是必要。Exchange 2013 A supported Exchange 2013 cumulative update (CU) and additional configuration are required.

  • Exchange 2010支援的 Exchange 2010 的更新彙 (RU) 及其他設定都是必要。Exchange 2010 A supported Exchange 2010 update roll (RU) and additional configuration are required.

如需以支援混合式部署中的委派的信箱權限的特定需求的詳細資訊,請Exchange 混合式部署中的權限查看。For more information about the specific requirements to support delegated mailbox permissions in a hybrid deployment, take a look at Permissions in Exchange hybrid deployments.

下列各節可讓您逐步設定 Exchange 2013 和 Exchange 2010 內部部署啟用支援的委派的信箱權限。請遵循下列步驟之前,您必須確定您是在最新的 Exchange 2013 CU 或 Exchange SP3 RU。如需詳細資訊,請參閱混合部署必要條件The following sections step you through the configuration of Exchange 2013 and Exchange 2010 on-premises deployments to enable support for delegated mailbox permissions. Before you follow these steps, you need to make sure you're on the latest Exchange 2013 CU or Exchange SP3 RU. For more information, see Hybrid deployment prerequisites.

Exchange 2013Exchange 2013

您需要執行啟用支援的委派的信箱權限是根據幾個因素而定。如果信箱移至 Office 365 與該次:What you need to do to enable support for delegated mailbox permissions depends on a few factors. If you moved mailboxes to Office 365 and at that time:

已安裝下列...]The following was installed... 與組織在 ACLable 物件同步處理已...]And ACLable object synchronization at the organization was... 然後您需要...]Then you need to...
Exchange 2013 CU9 或更早版本Exchange 2013 CU9 or earlier
此功能並未提供 Exchange 2013 CU9 與舊版。This feature isn't available in Exchange 2013 CU9 and earlier.
手動設定來支援 Acl 每個信箱Manually configure each mailbox to support ACLs
Exchange 2013 CU10 或更新版本Exchange 2013 CU10 or later
已停用Disabled
讓組織層級的 ACLable 物件同步處理Enable ACLable object synchronization at the organization level
手動啟用每個信箱移至 Office 365 之前 ACLable 物件同步處理已啟用組織層級上的 Acl。Manually enable ACLs on each mailbox moved to Office 365 before ACLable object synchronization was enabled at the organization level.
信箱移至 Office 365 組織層級啟用 ACLable 物件同步處理之後需要進行其他設定。No additional configuration is needed for mailboxes moved to Office 365 after ACLable object synchronization is enabled at the organization level.
Exchange 2013 CU10 或更新版本Exchange 2013 CU10 or later
已啟用Enabled
需要進行其他設定No additional configuration is needed

啟用 ACLable 物件同步處理Enable ACLable object synchronization

若要啟用組織層級的 ACLable 物件同步處理,請執行下列動作。To enable ACLable object synchronization at the organization level, do the following.

  1. 在所有的 AAD 連線伺服器上安裝最新版的 Azure Active Directory 連線 (AAD 連線)。這會需要以允許 AAD 連線同步處理支援混合式的權限所需的屬性。您可以從Microsoft Azure Active Directory 連線中下載 AAD 連線。Install the latest version of Azure Active Directory Connect (AAD Connect) on all of your AAD Connect servers. This is needed to allow AAD Connect to synchronize the attributes needed to support hybrid permissions. You can download AAD Connect from Microsoft Azure Active Directory Connect.

  2. 開啟 Exchange 管理命令介面執行最新可用 Exchange 2013 CU 或前 CU 的伺服器上。Open the Exchange Management Shell on a server running the latest available Exchange 2013 CU, or the immediately previous CU.

  3. 執行下列命令。Run the following command.

    Set-OrganizationConfig -ACLableSyncedObjectEnabled $True
    

執行這項作業之後,請移至 Office 365 任何信箱會適當地設定為支援委派的信箱權限。如果信箱已移至 Office 365 在您完成這些步驟之前,必須以手動啟用 [使用啟用遠端信箱上的 Acl中的步驟這些信箱上的 Acl。After you do this, any mailboxes that you move to Office 365 will be properly configured to support delegated mailbox permissions. If mailboxes were moved to Office 365 prior to you completing these steps, you'll need to manually enable ACLs on those mailboxes using the steps in Enable ACLs on remote mailboxes.

重要

Acl 不在 Office 365 中建立的遠端信箱上啟用。如果您在 Office 365 中建立的遠端信箱,您需要在遠端信箱] 區段中啟用該遠端信箱上的 Acl 遵循啟用 Acl 中的步驟。若要避免此額外的步驟,我們建議您在內部部署 Exchange 伺服器上建立信箱並再將信箱移至 Office 365。ACLs aren't enabled on remote mailboxes created in Office 365. If you create a remote mailbox in Office 365, you'll need to follow the steps in the Enable ACLs on remote mailboxes section to enable ACLs on that remote mailbox. To avoid this extra step, we recommend that you create the mailbox on an on-premises Exchange server and then move the mailbox to Office 365.

啟用遠端信箱上的 AclEnable ACLs on remote mailboxes

若要啟用信箱移至 Office 365 之前 ACLable 物件同步處理已啟用組織層級上的 Acl,執行下列動作。To enable ACLs on mailboxes moved to Office 365 before ACLable object synchronization was enabled at the organization level, do the following.

  1. 開啟 Exchange 管理命令介面執行最新可用 Exchange 2013 CU 或前 CU 的伺服器上。Open the Exchange Management Shell on a server running the latest available Exchange 2013 CU, or the immediately previous CU.

  2. 若要啟用單一信箱上的 Acl,請執行下列命令。To enable ACLs on a single mailbox, run the following command.

    Get-AdUser <Identity> | Set-AdObject -Replace @{msExchRecipientDisplayType=-1073741818}
    
  3. 若要啟用所有的信箱移至 Office 365 上的 Acl,請執行下列命令。To enable ACLs on all mailboxes moved to Office 365, run the following command.

    Get-RemoteMailbox | ForEach { Get-AdUser -Identity $_.Guid | Set-ADObject -Replace @{msExchRecipientDisplayType=-1073741818}}
    
  4. 若要確認信箱已成功更新,請執行下列命令。To verify that the mailboxes have been successfully updated, run the following command.

    Get-RemoteMailbox | ForEach { Get-AdUser -Identity $_.Guid -Properties msExchRecipientDisplayType | Format-Table -AutoSize DistinguishedName, msExchRecipientDisplayType}
    

Exchange 2010Exchange 2010

Exchange 2010 SP3 伺服器支援遠端信箱上的 Acl 的設定,不過,此設定需要手動設定每個信箱。與 Exchange 版本還要新,不同 Exchange 2010 不提供組織層級設定這項功能的能力。您必須遵循下列步驟及任何將會從 Exchange 2010 SP3 伺服器移至 Office 365 未來的信箱上任何您先前已移至 Office 365 的信箱。Exchange 2010 SP3 servers support the configuration of ACLs on remote mailboxes, however, this configuration needs to be set manually on each mailbox. Unlike newer versions of Exchange, Exchange 2010 doesn't provide the ability to set this feature at the organization level. You need to follow the steps below on any mailboxes that you've previously moved to Office 365, and on any mailboxes that will be moved from an Exchange 2010 SP3 server to Office 365 in the future.

啟用遠端信箱上的 AclEnable ACLs on remote mailboxes

若要啟用信箱移至 Office 365 上的 Acl,執行下列動作。To enable ACLs on mailboxes moved to Office 365, do the following.

  1. 開啟 Exchange 管理命令介面執行最新可用 Exchange 2010 SP3 RU 或前 RU 的伺服器上。Open the Exchange Management Shell on a server running the latest available Exchange 2010 SP3 RU, or the immediately previous RU.

  2. 若要啟用單一信箱上的 Acl,請執行下列命令。To enable ACLs on a single mailbox, run the following command.

    Get-AdUser <Identity> | Set-AdObject -Replace @{msExchRecipientDisplayType=-1073741818}
    
  3. 若要啟用所有的信箱移至 Office 365 上的 Acl,請執行下列命令。To enable ACLs on all mailboxes moved to Office 365, run the following command.

    Get-RemoteMailbox | ForEach { Get-AdUser -Identity $_.Guid | Set-ADObject -Replace @{msExchRecipientDisplayType=-1073741818}}
    
  4. 若要確認信箱已成功更新,請執行下列命令。To verify that the mailboxes have been successfully updated, run the following command.

    Get-RemoteMailbox | ForEach { Get-AdUser -Identity $_.Guid -Properties msExchRecipientDisplayType | Format-Table -AutoSize DistinguishedName, msExchRecipientDisplayType}