Office 365 的帳號與群組若由 AD 同步上去的, 那麼首先 AD 必需擴充 Exchange 的屬性.
擴充 AD Schema 步驟:
- 下載 Exchange Server ISO 檔,放置於 AD 上,並掛載
- 登入帳戶必須為 Schema Admins 和 Enterprise Admins 安全性群組的成員
- 開啟 Windows 命令提示字元視窗,切換目錄至ISO路徑,執行下列命令來擴充架構
PS:
- 使用較新版本的Exchange 2016擴充AD架構,但是AD樹系等級必須要先升級到Windows Server 2008 R2以上
- 使用舊版本的Exchange 2013擴充AD架構,AD樹系等級 Windows Server 2003以上
擴充 AD Schema 指令:
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
參考下列文章的「擴充 Active Directory 架構」章節
帳號與群組同步時 mailNickname 這個屬性一定要有值, 否則同步會失敗.
External Sender Permissions: How to edit the External Sender Permissions for cloud-only groups, You should maintain the “delivery management”, on the AD need to edit edit the authOrig & dLMemSubmitPerms . If you cannot edit the authOrig & dLMemSubmitPerms attribute in ADUC you can use the following PowerShell script:
$Group = DN of the Group $UserDN = DN of the user Import-module activedirectory if ($UserDN) { Set-ADGroup -Identity $Group -Add @{[email protected]($UserDN)} } else { write-host "Couldn't find User" -ForegroundColor Red } //指定的 user 帳號是 authOrig 欄位 //指定的 group 是 dLMemSubmitPerms 欄位
帳號與群組同步常用的屬性如下:
Name | AD Attribute | Description |
---|---|---|
Display Name | displayName | The name displayed when sending emails from the group, as well as, the GAL |
Alias | mailNickname | Used by Exchange to find any local object with an e-mail address |
Primary Email address | proxyAddresses | Primary email address of the group |
Notes | description | Field to help people understand why the group exists |
Hide this group from address lists | msExchHideFromAddressLists | Should the group be visible from the GAL |
Owners | managedBy | The users who manage the group |
Members | member | Who receives emails that are sent to the group |
Group Membership Permissions | msExchGroupJoinRestriction | Permissions on who and how people can join the group |
Group Leave Permissions | msExchGroupDepartRestriction | Permissions on who and how people can leave the group |
External Sender Permissions | msExchRequireAuthToSendTo | Can people outside your organization send to the group? |
Send To Permissions | authOrig | Users who can send emails to the group |
Moderator Approval | msExchEnableModeration | Does a moderator need to approve emails sent to the group |
Moderators | msExchModeratedByLink | Users who can approve emails sent to a group |
Skip Approval | msExchBypassModerationLink | Users who don't need a moderator to send to the group |
Sender Notification | msExchModerationFlags | How do you notify a sender when moderators review the message |
Email Addresses | proxyAddresses | The email addresses for the group |
Mail Tip | msExchSenderHintTranslations | Tip displayed when someone adds the group to an email in Outlook and OWA |
Send As | Users that can send as the group | |
Send On Behalf of | publicDelegates | Users that can send on behalf of the group |
Ref: https://medium.com/gitbit/office-365-ad-connect-manage-groups-afe539ca017f
你必須 登入 才能發表評論。