使用內部部署 Exchange 混合式設定 Office 365 群組Configure Office 365 Groups with on-premises Exchange hybrid

了解如何讓內部部署的 Exchange 使用者可以在混和式部署中使用 Office 365 群組。Learn how to enable on-premises Exchange users to use Office 365 Groups in a hybrid deployment.

群組是 Office 365 服務,讓小組可以輕易地通訊、排程會議,以及對文件進行共用作業。與群組共用的所有資訊,從傳送給群組的電子郵件訊息,到儲存在群組的商務用 OneDrive 或 SharePoint 文件庫中的檔案,都可供群組的任何成員取用。如果您在內部部署 Exchange 組織與 Office 365 之間設定混合式部署,您可以讓在 Office 365 中建立的群組可供您的內部部署使用者使用,方法是遵循本主題中的步驟。Groups is an Office 365 service that enables teams to communicate, schedule meetings, and collaborate on documents more easily. All information shared with a group, from email messages sent to the group, to files stored in the group's OneDrive for Business or SharePoint libraries, is available to any member of a group. If you've configured a hybrid deployment between your on-premises Exchange organization and Office 365, you can make groups created in Office 365 available to your on-premises users by following the steps in this topic.

重要

與 Exchange 混合部署中的內部使用者使用 Office 365 群組是一項新功能。因為如此新,所以您可能會執行到一些問題當您設定它。請務必先取出您可能會遇到的問題的修正程式本主題的結尾的已知問題」 一節。Using Office 365 Groups with on-premises users in an Exchange hybrid deployment is a new feature. Because it's so new, you might run into some issues when you set it up. Be sure to check out the Known issues section at the end of this topic for fixes to issues you might run into.

必要條件Prerequisites

在開始之前,請確定已完成下列項目︰Before you start, make sure that you've done the following:

  • 為您的租用戶購買 Azure Active Directory 進階授權。這樣才能啟用在 Azure Active Directory Connect 中的群組回寫功能。Purchased Azure Active Directory Premium licenses for your tenant. This is required to enable the Groups writeback feature in Azure Active Directory Connect.

  • 設定您的 Exchange 內部部署組織與 Office 365 之間的混合式部署,並且確認其運作正常。如需 Exchange 混合式部署的詳細資訊,請參閱下列項目:Configured a hybrid deployment between your Exchange on-premises organization and Office 365 and verified it's functioning correctly. For more information about Exchange hybrid deployments, see the following:

  • 支援的版本的 Exchange 內部部署 Exchange 整合與 Office 365 群組可用於 CU1 和較新版本的 Exchange 2016 和 CU11 和較新版本的 Exchange 2013 安裝。但是,Exchange 混合式需要的最新 Exchange 2013 或 Exchange 2016 累計更新 (CU) 安裝在您的內部部署 Exchange 伺服器上。如果您不能安裝最新的 CU,可使用緊接在目前 CU 之前發行的更新。Installed a supported version of Exchange on-premises Exchange integration with Office 365 Groups is available in CU1 and newer releases of Exchange 2016, and CU11 and newer releases of Exchange 2013. However, Exchange hybrid requires the latest Exchange 2013 or Exchange 2016 Cumulative Update (CU) to be installed on your on-premises Exchange servers. If you can't install the latest CU, the update released immediately prior to the current CU can be used.

  • 使用 Azure Active Directory Connect (Azure AD Connect) 設定單一登入。需要這個設定以允許使用者按一下群組電子郵件訊息中的檢視群組檔案或雲端附件連結。Configured single sign-on using Azure Active Directory Connect (Azure AD Connect). This is needed to allow users to click on the View group files or cloud attachment links in group email messages.

    當 Exchange 混合部署中設定單一登入的 Azure AD 連線,建議您使用密碼同步處理。如果您是在大型組織;,應僅使用 active Directory Federation Services (AD FS)如果您有複雜的內部部署 Active Directory (例如,多個 Active Directory 樹系);如果另一個 Microsoft 產品需要 AD FS 來搭配 Office 365;或如果、 規範遵守原則,因為您不可以同步處理在內部網路外部的密碼。如需單一登入的詳細資訊,請參閱您的內部部署身分識別與 Azure Active Directory 的整合When configuring Azure AD Connect for single sign-on in an Exchange hybrid deployment, we recommend that you use password synchronization. Active Directory Federation Services (AD FS) should only be used if you're in a large organization; if you have a complex on-premises Active Directory deployment (for example, multiple Active Directory forests); if another Microsoft product requires AD FS to work with Office 365; or if, due to compliance policies, you're not able to synchronize passwords outside of your on-premises network. For more information about single sign-on, see Integrating your on-premises identities with Azure Active Directory.

在 Azure AD Connect 中啟用群組回寫Enable Group writeback in Azure AD Connect

  1. 在 Azure AD Connect 精靈中,選取 [自訂同步處理選項],然後按 [下一步]In the Azure AD Connect wizard, select Customize synchronization options and then click Next.

  2. 連線到 Azure AD 頁面上,輸入您的 Office 365 和內部部署認證。按 [下一步]On the Connect to Azure AD page, enter your Office 365 and on-premises credentials. Click Next.

  3. [選擇性功能] 頁面上,確認您先前設定的選項仍然選取。最常選取的選項是 [Exchange 混合式][密碼雜湊同步化]On the Optional features page, verify that the options you previously configured are still selected. The most commonly-selected options are Exchange hybrid and Password hash synchronization.

  4. 選取 [群組回寫],然後按 [下一步]Select Group writeback and then click Next.

  5. [回寫] 頁面上,選取一個 Active Directory 組織單位用來儲存從 Office 365 同步處理至您的內部部署組織的物件,然後按 [下一步]On the Writeback page, select an Active Directory organizational unit (OU) to store objects that are synchronized from Office 365 to your on-premises organization, and then click Next.

  6. 在 [準備設定]**** 頁面上,按一下 [設定]*On the *Ready to configure page, click Configure.

  7. 精靈完成時,按一下 [組態完成] 頁面上的 [結束]When the wizard is complete, click Exit on the Configuration complete page.

  8. 在 Active Directory 網域控制站上開啟 [Active Directory 使用者和電腦],並尋找以 AAD_ 開頭的使用者帳戶。記下這個帳戶的名稱。Open Active Directory Users and Computers on an Active Directory domain controller and locate the user account that begins with AAD_. Make note of this account's name.

  9. 在內部部署 Exchange 伺服器上開啟 Exchange 管理命令介面,並且執行下列命令。Open the Exchange Management Shell on an on-premises Exchange server, and run the following commands.

    $AzureADConnectSWritebackAccount = <AAD_ account name from step 8>
    $GroupsOU = <writeback Active Directory OU selected in step 5>
    Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1"
    Initialize-ADSyncGroupWriteBack -ADConnectorAccount $AzureADConnectSWritebackAccount -GroupWriteBackContainerDN $GroupsOU
    

設定群組網域Configure a group domain

Office 365 群組的主要 SMTP 網域會呼叫群組的網域。根據預設,預設會接受您組織中的網域選擇作為群組網域。如果您想要新增網域的專用的群組,您可以新增網域使用下列步驟。如需關於多網域支援的 Office 365 群組、 取出多重網域支援的 Office 365 群組The primary SMTP domain of an Office 365 Group is called a group domain. By default, the default accepted domain in your organization is chosen as the group domain. If you want to add a dedicated groups domain, you can add a domain using the following steps. For more information about multi-domain support for Office 365 Groups, check out Multi-domain support for Office 365 Groups

  1. 將新的網域新增至 Office 365 組織。如果您需要新增網域至 Office 365 的說明,請參閱新增使用者和網域至 Office 365Add your new domain to your Office 365 organization. If you need help adding a domain to Office 365, check out Add users and domains to Office 365

  2. 使用下列命令,在您的內部部署 Exchange 組織中新增群組網域作為公認的網域。這樣才能讓混合式傳送連接器可用來將外寄郵件傳送到 Office 365 中的群組網域。Add the group domain as an accepted domain in your on-premises Exchange organization using the following command. This is needed so that the hybrid Send connector can be used to deliver outbound mail to the group domain in Office 365.

    New-AcceptedDomain -Name groups.contoso.com -DomainName groups.contoso.com -DomainType InternalRelay
    
  3. 使用您的 DNS 提供者建立下列公用 DNS 記錄。Create the following public DNS records with your DNS provider.

| |

DNS 記錄名稱DNS record name DNS 記錄類型DNS record type DNS 記錄值DNS record value
groups.contoso.comgroups.contoso.com
MXMX
群組-contoso-com.mail.protection.outlook.comgroups-contoso-com.mail.protection.outlook.com
> [!NOTE]> 此 DNS 記錄值的格式是_<網域金鑰>。 mail.protection.outlook.com。若要找出您網域的金鑰的是,查看收集您需要建立 Office 365 的 DNS 記錄的資訊> [!NOTE]> The format of this DNS record value is <domain key>_.mail.protection.outlook.com. To find out what your domain key is, check out Gather the information you need to create Office 365 DNS records.
autodiscover.groups.contoso.comautodiscover.groups.contoso.com
CNAMECNAME
autodiscover.outlook.comautodiscover.outlook.com
> [!CAUTION]
> If the MX DNS record for the group domain is set to the on-premises Exchange server, mail flow won't work correctly between users in the on-premises Exchange organization and the Office 365 Group. 
  1. 使用下列命令,將群組網域新增至混合式傳送連接器,該連接器是由內部部署 Exchange 組織中的混合式組態精靈所建立。Add the group domain to the hybrid Send connector, created by the Hybrid Configuration wizard in your on-premises Exchange organization, using the following command.

    Set-SendConnector -Identity "Outbound to Office 365" -AddressSpaces "contoso.mail.onmicrosoft.com","groups.contoso.com"
    

    注意

    如果沒有更新傳送連接器,或如果群組網域未新增為內部部署 Exchange 組織中公認的網域,則從內部部署信箱傳送的郵件不會傳遞至群組,除非該群組已設定為接收來自外部寄件者的郵件。If the Send connector isn't updated, or if the group domain isn't added as an accepted domain in the on-premises Exchange organization, mail sent from an on-premises mailbox won't be delivered to the group unless the group is configured to receive mail from external senders.

如何知道這是否正常運作?How do you know this worked?

若要確定群組會使用 Exchange 混合式部署,您應該使用內部部署信箱,以及使用從內部部署組織移至 Office 365 的信箱測試它們。使用下列各節的步驟,來執行每項測試。 To make sure that groups are working with your Exchange hybrid deployment, you should test them using an on-premises mailbox and using a mailbox that's been moved from your on-premises organization to Office 365. Use the steps in the following sections to do each test.

使用內部部署信箱進行測試Test using an on-premises mailbox

  1. 將內部部署信箱新增至 Office 365 群組。Add an on-premises mailbox to an Office 365 Group.

  2. 將 Office 365 信箱新增至相同的 Office 365 群組。Add an Office 365 mailbox to the same Office 365 Group.

  3. 使用網頁型 Outlook 登入 Office 365 信箱。Log into the Office 365 mailbox using Outlook on the web.

  4. 使用 Office 365 信箱將訊息張貼至群組。Post a message to the group using the Office 365 mailbox.

  5. 使用 Outlook 2016 或網頁型 Outlook 開啟內部部署信箱。Open the on-premises mailbox using Outlook 2016 or Outlook on the web.

  6. 請確認收到電子郵件訊息的信箱包含傳送到 Office 365 群組的文章。Verify that the mailbox received an email message containing the post sent to the Office 365 Group.

  7. 在同一個信箱中,撰寫郵件的回覆,將它傳送給群組。In the same mailbox, compose a reply to the message and send it to the group.

  8. 請確認訊息可以由群組的所有成員檢視。Verify that the message can be viewed by all of the members of the group.

使用移至 Office 365 的信箱進行測試Test using a mailbox moved to Office 365

  1. 將信箱從內部部署 Exchange 組織移至 Office 365。Move a mailbox from your on-premises Exchange organization to Office 365.

  2. 將信箱新增至 Office 365 群組。Add the mailbox to an Office 365 Group.

  3. 在新的瀏覽器工作階段,登入已移至 Office 365 的信箱。In a new browser session, log into the mailbox that was moved to Office 365.

  4. 在網頁型 Outlook 中,確認群組列在左側的導覽列。In Outlook on the web, verify that the group is listed in the left navigation bar.

  5. 將訊息張貼至群組。Post a message to the group.

  6. 請確認訊息可以由群組的所有成員檢視。Verify that the message can be viewed by all of the members of the group.

已知問題Known issues

  • 群組不會出現的信箱移至 Office 365當使用者從內部部署 Exchange 組織移至 Office 365 時,群組將不會出現在 Outlook 或 Outlook web 上的左的功能窗格中。若要修正此問題,這些是成員的任何群組中移除信箱並重新將其新增至每個群組。Groups don't appear for mailboxes moved to Office 365 When a user is moved from your on-premises Exchange organization to Office 365, groups won't appear in the left navigation pane in Outlook or Outlook on the web. To fix the issue, remove the mailbox from any groups of which it is a member, and re-add it to each group.

  • 新的群組不會出現在內部部署 Exchange 全域通訊清單 (GAL) Office 365 中建立新的群組之後,它將不會出現在內部 GAL 自動。若要修正此問題,開啟 Exchange 管理命令介面的內部部署 Exchange 伺服器並執行下列命令。New groups don't appear in the on-premises Exchange global address list (GAL) When a new group is created in Office 365, it won't appear in the on-premises GAL automatically. To fix this issue, open the Exchange Management Shell on an on-premises Exchange server and run the following command.

    Update-Recipient "<group name>"
    
  • 群組未收到來自內部部署使用者的郵件內部使用者將無法將郵件傳送至 Office 365 群組符合下列條件成立時:Groups don't receive messages from on-premises users An on-premises user won't be able to send mail to an Office 365 Group when the following conditions are true:

    • 群組網域已設定為內部部署 Exchange 組織中的授權網域。The group domain is configured as an authoritative domain in your on-premises Exchange organization.

    • 群組最近才建立,它的資訊尚未回寫至內部部署 Active Directory。The group was recently created and its information hasn't been written back to your on-premises Active Directory yet.

      當 Azure AD Connect 執行 Office 365 與您的內部部署組織之間的下次同步處理時,這個問題就會自行解決。Azure AD Connect 同步處理每 30 分鐘進行一次。This issue will resolve itself when Azure AD Connect performs its next synchronization between Office 365 and your on-premises organization. Azure AD Connect synchronization occurs every thirty minutes.

  • * * 在內部部署使用者無法使用連結群組訊息頁尾中包含 * * 在內部部署使用者無法使用檢視群組交談取消訂閱連結所包含的每個群組郵件傳送給他們的頁尾。若要取消群組,內部部署使用者需要連絡群組管理員。On-premises users can't use links included in group message footers ** On-premises users can't use the **View group conversations or Unsubscribe links that are included in the footer of each group message sent to them. To unsubscribe from a group, on-premises users need to contact a group administrator.

  • 群組的次要 SMTP 地址寄送的郵件無法傳遞當多個電子郵件地址會新增至群組時的主要 SMTP 位址會回復寫入您在內部部署 Active Directory。如果內部部署使用者會嘗試傳送郵件給群組的次要 SMTP 位址,郵件將無法傳遞。若要避免此問題,請在每個群組上設定只有一部 SMTP 地址。Mail sent to a group's secondary SMTP address fails to be delivered When multiple email addresses are added to a group, only the primary SMTP address is written back to your on-premises Active Directory. If an on-premises user tries to send a message to the secondary SMTP address of a group, the message will fail to be delivered. To prevent this issue, configure only one SMTP address on each group.

  • 內部使用者無法成為群組的系統管理員內部部署使用者無法直接存取群組空間。因此,他們無法新增為系統管理員群組。On-premises users can't become an administrator of a group On-premises users can't access the group space directly. Because of this, they can't be added as an administrator of a group.

  • 如果您已啟用集中式郵件流程,外部郵件傳遞至群組可能會失敗如果已啟用集中式郵件流程,即使群組允許來自外部寄件者的郵件,由外部使用者傳送到群組的郵件仍無法傳遞。Delivery of external mail to a group can fail if you've enabled centralized mail flow If centralized mail flow is enabled, mail sent by an external user to a group fails to be delivered, even though the group allows mails from external senders.

  • 內部使用者無法將郵件以群組方式傳送即使正在授與他們傳送為權限群組上嘗試為 Office 365 群組將權限傳送郵件的內部部署使用者 「 拒絕 」 錯誤。下列傳送] 權限群組只適用於 Exchange Online 信箱使用者。On-premises users can't send mail as a group An on-premises user who tries to send a message as an Office 365 Group will receive a permission denied error even if they're given Send As permissions on the group. Send As permissions on a group work only for Exchange Online mailbox users.

  • 選取 [從 Outlook 的左的功能窗格的群組不會開啟群組的信箱Outlook 用來開啟群組信箱的自動探索 URL。如果群組的主要電子郵件地址是在不會指向 Office 365 的自動探索 URL (autodiscover.outlook.com) 的網域,Outlook 將不能夠開啟群組的信箱。若要修正此問題,群組可以用來佈建網域指向 Office 365 的自動探索 URL 的主要地址。您可以設定在 Office 365 的自動探索 URL 會指向每個群組信箱新增主要電子郵件地址的電子郵件地址原則。查看多網域支援的 Office 365 群組,如需詳細資訊。Selecting a group from Outlook's left navigation pane doesn't open the group's mailbox Outlook uses the AutoDiscover URL to open a group mailbox. If a group's primary email address is in a domain that doesn't point to Office 365's AutoDiscover URL (autodiscover.outlook.com), Outlook won't be able to open the group's mailbox. To fix the issue, groups can be provisioned with a primary address in a domain that points to Office 365's AutoDiscover URL. You can configure an email address policy to add a primary email address on each group mailbox that points to Office 365's AutoDiscover URL. Check out Multi-domain support for Office 365 Groups for more details.