在獨立版 EOP 中管理郵件使用者Manage mail users in standalone EOP

重要

改良的 Microsoft 365 安全性中心現在可供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這個新的體驗將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心裡面。This new experience brings Defender for Endpoint, Defender for Office, 365 Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new. 本主題僅適合適用於 Office 365 的 Microsoft Defender 和 Microsoft 365 Defender。This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. 請參閱 [適用於] 區段,並且尋找此文章中可能有所不同的特定圖說文字。Refer to the Applies To section and look for specific call outs in this article where there might be differences.

適用於Applies to

在獨立 Exchange Online Protection (EOP 中) 沒有 Exchange Online 信箱的組織,郵件使用者是使用者帳戶的基本類型。In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, mail users are the fundamental type of user account. 郵件使用者在獨立 EOP 組織中具有帳號憑證,而且可以存取) 具有指派許可權的資源 (。A mail user has account credentials in your standalone EOP organization, and can access resources (have permissions assigned). 郵件使用者的電子郵件地址為外部 (例如,在您的內部部署電子郵件環境) 中。A mail user's email address is external (for example, in your on-premises email environment).

注意

當您建立郵件使用者時,可在 Microsoft 365 系統管理中心使用對應的使用者帳戶。When you create a mail user, the corresponding user account is available in the Microsoft 365 admin center. 當您在 Microsoft 365 系統管理中心中建立使用者帳戶時,將無法使用該帳戶來建立郵件使用者。When you create a user account in the Microsoft 365 admin center, you can't use that account to create a mail user.

在獨立 EOP 中建立及管理郵件使用者的建議方法是使用目錄同步處理,如本文稍後的 使用目錄同步處理來管理郵件使用者 一節所述。The recommended method to create and manage mail users in standalone EOP is to use directory synchronization as described in the Use directory synchronization to manage mail users section later in this article.

針對具有少量使用者的獨立 EOP 組織,您可以在 Exchange 系統管理中心中新增及管理郵件使用者 (EAC) 或獨立 EOP PowerShell (如本文所述)。For standalone EOP organizations with a small number of users, you can add and manage mail users in the Exchange admin center (EAC) or in standalone EOP PowerShell as described in this article.

開始之前有哪些須知?What do you need to know before you begin?

提示

有問題嗎?Having problems? 在 Exchange 論壇中尋求協助。Ask for help in the Exchange forums. 請造訪 Exchange Online Protection 論壇。Visit the Exchange Online Protection forum.

使用 Exchange 系統管理中心管理郵件使用者Use the Exchange admin center to manage mail users

使用 EAC 來建立郵件使用者Use the EAC to create mail users

  1. 在 EAC 中,移至 [ 收件者] [ > 連絡人]In the EAC, go to Recipients > Contacts

  2. 按一下 新增 ![ 新圖示] Click New New icon. 在開啟的 [ 新增郵件使用者 ] 頁面中,設定下列設定。In the New mail user page that opens, configure the following settings. 以必要標出的設定 *Settings marked with an * are required.

    • 名字   使用此方塊輸入使用者的名字。First name

    • 縮寫:人員的中間名首字母。Initials: The person's middle initial.

    • 姓氏   使用此方塊輸入使用者的姓氏。Last name

    • *顯示名稱:根據預設,此方塊會顯示 [ 名字]、[ 縮寫] 和 [ 姓氏 ] 方塊中的值。*Display name: By default, this box shows the values from the First name, Initials, and Last name boxes. 您可以接受此值或加以變更。You can accept this value or change it. 該值應該是唯一的,且長度上限為64個字元。The value should be unique, and has a maximum length of 64 characters.

    • *Alias:針對使用者輸入唯一的別名,使用最多64個字元。*Alias: Enter a unique alias, using up to 64 characters, for the user

    • 外部電子郵件地址:輸入使用者的電子郵件地址。External email address: Enter the user's email address. 網域應該位於雲端架構組織的外部。The domain should be external to your cloud-based organization.

    • *使用者識別碼:輸入人員將用來登入服務的帳戶。*User ID: Enter the account that the person will use to sign in to the service. 使用者識別碼包含在 ( @ ) 符號 ( @ ) 左邊的使用者名稱,以及右側的網域。The user ID consists of a username on the left side of the at (@) symbol (@) and a domain on the right side.

    • *新增密碼* 確認密碼:輸入並重新輸入帳戶密碼。*New password and *Confirm password: Enter and reenter the account password. 請確認密碼符合您組織的密碼長度、複雜性和歷程記錄需求。Verify that the password complies with the password length, complexity, and history requirements of your organization.

  3. 完成作業後,按一下 [ 儲存 ] 以建立郵件使用者。When you've finished, click Save to create the mail user.

使用 EAC 修改郵件使用者Use the EAC to modify mail users

  1. In the EAC, go to Recipients > Contacts.In the EAC, go to Recipients > Contacts.

  2. 選取您要修改的郵件使用者,然後按一下 編輯 ![ 編輯圖示] Select the mail user that you want to modify, and then click Edit Edit icon.

  3. 在開啟的 [郵件使用者屬性] 頁面上,按一下下列其中一個索引標籤以查看或變更屬性。On the mail user properties page that opens, click one of the following tabs to view or change properties.

    完成後,按一下 [儲存]When you're finished, click Save.

一般General

使用 [ 一般 ] 索引標籤可查看或變更郵件使用者的基本資訊。Use the General tab to view or change basic information about the mail user.

  • 名字   使用此方塊輸入使用者的名字。First name

  • 縮寫Initials

  • 姓氏   使用此方塊輸入使用者的姓氏。Last name

  • 顯示名稱:這個名稱會出現在組織的通訊錄、電子郵件中的 [To:] 和 [寄件者:] 行,以及 EAC 中的連絡人清單中。Display name: This name appears in your organization's address book, on the To: and From: lines in email, and in the list of contacts in the EAC. 這個顯示名稱前後不可包含空格。This name can't contain empty spaces before or after the display name.

  • 使用者識別碼:這是 Microsoft 365 中的使用者帳戶。User ID: This is the user's account in Microsoft 365. 您無法在這裡修改此值。You can't modify this value here.

連絡人資訊Contact information

使用 [ 連絡人資訊 ] 索引標籤來查看或變更使用者的連絡人資訊。Use the Contact information tab to view or change the user's contact information. 此頁的資訊顯示於通訊錄中。The information on this page is displayed in the address book.

  • Street

  • CityCity

  • 縣/市State/Province

  • 郵遞區號ZIP/Postal code

  • 國家/地區Country/Region

  • 公司電話Work phone

  • 行動電話Mobile phone

  • 傳真Fax

  • 更多選項More options

    • OfficeOffice
    • 住家電話Home phone
    • 網頁Web page
    • 附註Notes

組織Organization

使用 [ 組織 ] 索引標籤,記錄組織中使用者角色的詳細資訊。Use the Organization tab to record detailed information about the user's role in the organization.

  • TitleTitle
  • DepartmentDepartment
  • CompanyCompany

使用 EAC 來移除郵件使用者Use the EAC to remove mail users

  1. In the EAC, go to Recipients > Contacts.In the EAC, go to Recipients > Contacts.

  2. 選取您要移除的郵件使用者,然後按一下 移除 ![ 移除圖示] Select the mail user that you want to remove, and then click Remove Remove icon.

使用 PowerShell 管理郵件使用者Use PowerShell to manage mail users

使用獨立 EOP PowerShell 來查看郵件使用者Use standalone EOP PowerShell to view mail users

若要傳回獨立 EOP PowerShell 中所有郵件使用者的摘要清單,請執行下列命令:To return a summary list of all mail users in standalone EOP PowerShell, run the following command:

Get-Recipient -RecipientType MailUser -ResultSize unlimited

若要查看特定郵件使用者的詳細資訊,請 <MailUserIdentity> 以郵件使用者的名稱、別名或帳戶名稱取代,並執行下列命令:To view detailed information about a specific mail user, replace <MailUserIdentity> with the name, alias, or account name of the mail user, and run the following commands:

Get-Recipient -Identity <MailUserIdentity> | Format-List
Get-User -Identity <MailUserIdentity> | Format-List

如需詳細的語法及參數資訊,請參閱 Get-RecipientGet-UserFor detailed syntax and parameter information, see Get-Recipient and Get-User.

使用獨立 EOP PowerShell 建立郵件使用者Use standalone EOP PowerShell to create mail users

若要在獨立 EOP PowerShell 中建立郵件使用者,請使用下列語法:To create mail users in standalone EOP PowerShell, use the following syntax:

New-EOPMailUser -Name "<UniqueName>" -MicrosoftOnlineServicesID <Account> -Password (ConvertTo-SecureString -String '<password>' -AsPlainText -Force) [-Alias <AliasValue>] [-DisplayName "<Display Name>"] [-ExternalEmailAddress <ExternalEmailAddress>] [-FirstName <Text>] [-Initials <Text>] [-LastName <Text>]

附註Notes:

  • Name 參數是必要的,最大長度為64個字元,且必須是唯一的。The Name parameter is required, has a maximum length of 64 characters, and must be unique. 如果您未使用 DisplayName 參數,則 Name 參數的值會用於顯示名稱。If you don't use the DisplayName parameter, the value of the Name parameter is used for the display name.
  • 如果您未使用 alias 參數,則會使用 MicrosoftOnlineServicesID 參數的左側作為別名。If you don't use the Alias parameter, the left side of the MicrosoftOnlineServicesID parameter is used for the alias.
  • 如果您未使用 ExternalEmailAddress 參數, MicrosoftOnlineServicesID 值會用於外部電子郵件地址。If you don't use the ExternalEmailAddress parameter, the MicrosoftOnlineServicesID value is used for the external email address.

本範例會建立具有下列設定的郵件使用者:This example creates a mail user with the following settings:

  • 名稱為 JeffreyZeng,顯示名稱為 Jeffrey Zeng。The name is JeffreyZeng and the display name is Jeffrey Zeng.
  • 名字為 Jeffrey,姓氏為 Zeng。The first name is Jeffrey and the last name is Zeng.
  • 別名為 jeffreyz。The alias is jeffreyz.
  • 外部電子郵件地址為 jzeng@tailspintoys.com。The external email address is jzeng@tailspintoys.com.
  • 帳戶名稱是 jeffreyz@contoso.onmicrosoft.com。The account name is jeffreyz@contoso.onmicrosoft.com.
  • 密碼為 Pa$$word1。The password is Pa$$word1.
New-EOPMailUser -Name JeffreyZeng -MicrosoftOnlineServicesID jeffreyz@contoso.onmicrosoft.com -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force) -ExternalEmailAddress jeffreyz@tailspintoys.com -DisplayName "Jeffrey Zeng" -Alias jeffreyz -FirstName Jeffrey -LastName Zeng

如需詳細的語法及參數資訊,請參閱 New-EOPMailUserFor detailed syntax and parameter information, see New-EOPMailUser.

使用獨立 EOP PowerShell 修改郵件使用者Use standalone EOP PowerShell to modify mail users

若要在獨立 EOP PowerShell 中修改現有的郵件使用者,請使用下列語法:To modify existing mail users in standalone EOP PowerShell, use the following syntax:

Set-EOPMailUser -Identity <MailUserIdentity> [-Alias <Text>] [-DisplayName <Text>] [-EmailAddresses <ProxyAddressCollection>] [-MicrosoftOnlineServicesID <SmtpAddress>]
Set-EOPUser -Identity <MailUserIdentity> [-City <Text>] [-Company <Text>] [-CountryOrRegion <CountryInfo>] [-Department <Text>] [-Fax <PhoneNumber>] [-FirstName <Text>] [-HomePhone <PhoneNumber>] [-Initials <Text>] [-LastName <Text>] [-MobilePhone <PhoneNumber>] [-Notes <Text>] [-Office <Text>] [-Phone <PhoneNumber>] [-PostalCode <String>] [-StateOrProvince <String>] [-StreetAddress <Tet>] [-Title <Text>] [-WebPage <Text>]

此範例會設定 Pilar Pinilla 的外部電子郵件地址。This example sets the external email address for Pilar Pinilla.

Set-EOPMailUser -Identity "Pilar Pinilla" -EmailAddresses pilarp@tailspintoys.com

此範例會將所有郵件使用者的 [公司] 內容設定為 [Contoso]。This example sets the Company property for all mail users to Contoso.

$Recip = Get-Recipient -RecipientType MailUser -ResultSize unlimited
$Recip | foreach {Set-EOPUser -Identity $_.Alias -Company Contoso}

如需詳細的語法及參數資訊,請參閱 Set-EOPMailUserFor detailed syntax and parameter information, see Set-EOPMailUser.

使用獨立 EOP PowerShell 移除郵件使用者Use standalone EOP PowerShell to remove mail users

若要在獨立 EOP PowerShell 中移除郵件使用者,請以 <MailUserIdentity> 郵件使用者的名稱、別名或帳戶名稱取代,並執行下列命令:To remove mail users in standalone EOP PowerShell, replace <MailUserIdentity> with the name, alias, or account name of the mail user, and run the following command:

Remove-EOPMailUser -Identity <MailUserIdentity\>

此範例會移除 Jeffrey Zeng 的郵件使用者。This example removes the mail user for Jeffrey Zeng.

Remove-EOPMailUser -Identity "Jeffrey Zeng"

如需詳細的語法及參數資訊,請參閱 Remove-EOPMailUserFor detailed syntax and parameter information, see Remove-EOPMailUser.

如何知道這些程序是否正常運作?How do you know these procedures worked?

若要確認您是否已在獨立 EOP 中成功建立、修改或移除郵件使用者,請使用下列任一程式:To verify that you've successfully created, modified, or removed mail users in standalone EOP, use any of the following procedures:

  • In the EAC, go to Recipients > Contacts.In the EAC, go to Recipients > Contacts. 請確認郵件使用者已列出 (或未列出) 。Verify that the mail user is listed (or isn't listed). 選取郵件使用者,然後在詳細資料窗格中查看資訊,或按一下 編輯 ![ 編輯圖示] 以查看設定。Select the mail user and view the information in the Details pane, or click Edit Edit icon to view the settings.

  • 在 [獨立 EOP PowerShell] 中,執行下列命令來確認郵件使用者已列出 (或未列出) :In standalone EOP PowerShell, run the following command to verify the mail user is listed (or isn't listed):

    Get-Recipient -RecipientType MailUser -ResultSize unlimited
    
  • <MailUserIdentity>以郵件使用者的名稱、別名或帳戶名稱取代,並執行下列命令來確認設定:Replace <MailUserIdentity> with the name, alias, or account name of the mail user, and run the following commands to verify the settings:

    Get-Recipient -Identity <MailUserIdentity> | Format-List
    
    Get-User -Identity <MailUserIdentity> | Format-List
    

使用目錄同步處理來管理郵件使用者Use directory synchronization to manage mail users

在獨立 EOP 中,具有內部部署 Active Directory 的客戶可以使用目錄同步作業。In standalone EOP, directory synchronization is available for customers with on-premises Active Directory. 您可以將這些帳戶同步處理至 Azure Active Directory (Azure AD) ,以將帳戶副本儲存在雲端中。You can synchronize those accounts to Azure Active Directory (Azure AD), where copies of the accounts are stored in the cloud. 當您將現有的使用者帳戶同步處理至 Azure Active Directory 時,您可以在 Exchange 系統管理中心的 [收件 者] 窗格 中, (EAC) 或獨立 EOP PowerShell 中查看那些使用者。When you synchronize your existing user accounts to Azure Active Directory, you can view those users in the Recipients pane of the Exchange admin center (EAC) or in standalone EOP PowerShell.

附註Notes:

  • 如果您使用目錄同步處理來管理收件者,您仍然可以新增及管理 Microsoft 365 系統管理中心中的使用者,但不會與您的內部部署 Active Directory 同步處理。If you use directory synchronization to manage your recipients, you can still add and manage users in the Microsoft 365 admin center, but they will not be synchronized with your on-premises Active Directory. 這是因為目錄同步作業只會從內部部署 Active Directory 同步收件者至雲端。This is because directory synchronization only syncs recipients from your on-premises Active Directory to the cloud.

  • 建議搭配下列功能一起使用目錄同步處理:Using directory synchronization is recommended for use with the following features:

    • Outlook 安全寄件者清單和封鎖的寄件者清單:同步處理至服務時,這些清單將優先于服務中的垃圾郵件篩選。Outlook Safe Sender lists and Blocked Sender lists: When synchronized to the service, these lists will take precedence over spam filtering in the service. 這可讓使用者管理其個人的安全寄件者清單和封鎖的寄件者清單和個別寄件者和網域專案。This lets users manage their own Safe Sender list and Blocked Sender list with individual sender and domain entries. 如需詳細資訊,請參閱設定 Exchange Online 信箱的垃圾郵件設定For more information, see Configure junk email settings on Exchange Online mailboxes.

    • 目錄架構邊緣封鎖 (DBEB):如需 DBEB 的詳細資訊,請參閱 使用目錄架構邊緣封鎖以拒絕傳送至無效收件者的郵件。Directory Based Edge Blocking (DBEB): For more information about DBEB, see Use Directory Based Edge Blocking to reject messages sent to invalid recipients.

    • 使用者存取隔離:若要存取隔離的郵件,收件者的服務中必須具有有效的使用者識別碼和密碼。End user access to quarantine: To access their quarantined messages, recipients must have a valid user ID and password in the service. 如需隔離的詳細資訊,請參閱 尋找及發行隔離的郵件為使用者For more information about quarantine, see Find and release quarantined messages as a user.

    • 郵件流程規則 (也稱為傳輸規則):使用目錄同步處理時,您現有的 Active directory 使用者和群組會自動上傳至雲端,您也可以建立特定使用者和/或群組的郵件流程規則,而不必手動將其新增至服務中。Mail flow rules (also known as transport rules): When you use directory synchronization, your existing Active Directory users and groups are automatically uploaded to the cloud, and you can then create mail flow rules that target specific users and/or groups without having to manually add them in the service. 請注意, 動態通訊群組無法透過目錄同步作業進行同步處理。Note that dynamic distribution groups can't be synchronized via directory synchronization.

取得必要的許可權並準備目錄同步處理,如 與 Azure Active directory 混合身分識別的功能所述。Get the necessary permissions and prepare for directory synchronization, as described in What is hybrid identity with Azure Active Directory?.

同步處理目錄與 Azure Active Directory Connect (AAD Connect) Synchronize directories with Azure Active Directory Connect (AAD Connect)

  1. 啟動目錄同步處理,如 AZURE AD Connect sync 中所述:瞭解及自訂同步處理。Activate directory synchronization as described in Azure AD Connect sync: Understand and customize synchronization.

  2. 依照 AZURE AD Connect 先決條件中所述,安裝及設定內部部署電腦以執行 AAD connect。Install and configure an on-premises computer to run AAD Connect as described in Prerequisites for Azure AD Connect.

  3. 選取要用於 AZURE AD Connect 的安裝類型Select which installation type to use for Azure AD Connect:

重要

完成 Azure Active Directory 同步處理工具設定精靈 之後,您的 Active Directory 樹系中會建立 MSOL_AD_SYNC 帳戶。此帳戶將用來讀取和同步處理您的內部部署 Active Directory 資訊。為了讓目錄同步作業能夠正確運作,請確定有開啟您的本機目錄同步作業伺服器上的 TCP 443。When you finish the Azure Active Directory Sync Tool Configuration Wizard, the MSOL_AD_SYNC account is created in your Active Directory forest. This account is used to read and synchronize your on-premises Active Directory information. In order for directory synchronization to work correctly, make sure that TCP 443 on your local directory synchronization server is open.

在設定同步處理之後,請務必確認 AAD 連線已正確同步處理。After configuring your sync, be sure to verify that AAD Connect is synchronizing correctly. In the EAC, go to Recipients > Contacts and view that the list of users was correctly synchronized from your on-premises environment.In the EAC, go to Recipients > Contacts and view that the list of users was correctly synchronized from your on-premises environment.