Office 365 + AD Connect: Manage Groups 資料同步
2 min read
Office 365 的帳號與群組若由 AD 同步上去的, 那麼首先 AD 必需擴充 Exchange 的屬性.
擴充 AD Schema 步驟:
- 下載 Exchange Server ISO 檔,放置於 AD 上,並掛載
- 登入帳戶必須為 Schema Admins 和 Enterprise Admins 安全性群組的成員
- 開啟 Windows 命令提示字元視窗,切換目錄至ISO路徑,執行下列命令來擴充架構
PS:
- 使用較新版本的Exchange 2016擴充AD架構,但是AD樹系等級必須要先升級到Windows Server 2008 R2以上
- 使用舊版本的Exchange 2013擴充AD架構,AD樹系等級 Windows Server 2003以上
擴充 AD Schema 指令:
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
參考下列文章的「擴充 Active Directory 架構」章節
帳號與群組同步時 mailNickname 這個屬性一定要有值, 否則同步會失敗.
External Sender Permissions: How to edit the External Sender Permissions for cloud-only groups, You should maintain the “delivery management”, on the AD need to edit edit the authOrig & dLMemSubmitPerms . If you cannot edit the authOrig & dLMemSubmitPerms attribute in ADUC you can use the following PowerShell script:
$Group = DN of the Group
$UserDN = DN of the user
Import-module activedirectory
if ($UserDN) {
Set-ADGroup -Identity $Group -Add @{authOrig=@($UserDN)}
} else {
write-host "Couldn't find User" -ForegroundColor Red
}
//指定的 user 帳號是 authOrig 欄位
//指定的 group 是 dLMemSubmitPerms 欄位帳號與群組同步常用的屬性如下:
| Name | AD Attribute | Description |
|---|---|---|
| Display Name | displayName | The name displayed when sending emails from the group, as well as, the GAL |
| Alias | mailNickname | Used by Exchange to find any local object with an e-mail address |
| Primary Email address | proxyAddresses | Primary email address of the group |
| Notes | description | Field to help people understand why the group exists |
| Hide this group from address lists | msExchHideFromAddressLists | Should the group be visible from the GAL |
| Owners | managedBy | The users who manage the group |
| Members | member | Who receives emails that are sent to the group |
| Group Membership Permissions | msExchGroupJoinRestriction | Permissions on who and how people can join the group |
| Group Leave Permissions | msExchGroupDepartRestriction | Permissions on who and how people can leave the group |
| External Sender Permissions | msExchRequireAuthToSendTo | Can people outside your organization send to the group? |
| Send To Permissions | authOrig | Users who can send emails to the group |
| Moderator Approval | msExchEnableModeration | Does a moderator need to approve emails sent to the group |
| Moderators | msExchModeratedByLink | Users who can approve emails sent to a group |
| Skip Approval | msExchBypassModerationLink | Users who don't need a moderator to send to the group |
| Sender Notification | msExchModerationFlags | How do you notify a sender when moderators review the message |
| Email Addresses | proxyAddresses | The email addresses for the group |
| Mail Tip | msExchSenderHintTranslations | Tip displayed when someone adds the group to an email in Outlook and OWA |
| Send As | Users that can send as the group | |
| Send On Behalf of | publicDelegates | Users that can send on behalf of the group |
Ref: https://medium.com/gitbit/office-365-ad-connect-manage-groups-afe539ca017f
你必須 登入 才能發表評論。