我有一台带有1个域控制器的服务器(abc.com)。我在此服务器中设置了Microsoft Exchange 2010。因此,我不需要在此服务器(@ abc.com和@ def.com)中设置2个不同的电子邮件域,以实现2个客户独立性(电子邮件@ abc.com与域@ def.com没有任何关系)。< / p>
我可以这样设置我的服务器吗?
答案 0 :(得分:0)
如果我正确地阅读您的问题,这称为多租户交换。听起来你正试图在一台服务器上管理多个客户端,而不是让他们在地址簿,GAL,联系人列表等中看到对方。
是的,这是可能的,并不难做到。您可以a)购买产品来为您管理(基于年度成本加上每个用户的成本)或者只是在PowerShell中免费使用。
请Google&#34; powershell multitenant exchange&#34;你会发现你正在寻找的东西。对于stackexchange上的简单帖子,有很多步骤和太多步骤,但这并不困难,假设您是一个相当称职的Exchange管理员。
简而言之。在广告中创建一个名为&#34;租户&#34;或类似的东西。我们假设您现有的AD环境是&#34; existing.com&#34;。我们将添加&#34; client1.com&#34;与现有用户或其他租户分开。
现在进入powershell(显然是交换):
#***********CREATE THE NEW ACTIVE DIRECTORY CONTAINERS
New-ADOrganizationalUnit -Name client1 -Path "OU=Tenants,DC=existing,DC=com"
Set-ADForest -Identity existing.com -UPNSuffixes @{add="client1.com"}
#**********CREATE THE ACCEPTED DOMAIN NAME(S) FOR EMAILS (ADD BELOW AS REQUIRED)
New-AcceptedDomain -Name "client1.com" -DomainName client1.com -DomainType:Authoritative
#**********CREATE THE UNIQUE GAL & ADDRESS BOOKS
New-GlobalAddressList -Name "client1 – GAL" -ConditionalCustomAttribute1 "client1" -IncludedRecipients MailboxUsers -RecipientContainer "existing.com/Tenants/client1"
New-OfflineAddressBook -Name "client1" -AddressLists "client1 – GAL"
#**********CREATE THE UNIQUE GROUPS (rooms, users, etc)
New-AddressList -Name "client1 – All Rooms" -RecipientFilter "(CustomAttribute1 -eq 'client1') -and (RecipientDisplayType -eq 'ConferenceRoomMailbox')" -RecipientContainer "existing.com/Tenants/client1"
New-AddressList -Name "client1 – All Users" -RecipientFilter "(CustomAttribute1 -eq 'client1') -and (ObjectClass -eq 'User')" -RecipientContainer "existing.com/Tenants/client1"
New-AddressList -Name "client1 – All Contacts" -RecipientFilter "(CustomAttribute1 -eq 'client1') -and (ObjectClass -eq 'Contact')" -RecipientContainer "existing.com/Tenants/client1"
New-AddressList -Name "client1 – All Groups" -RecipientFilter "(CustomAttribute1 -eq 'client1') -and (ObjectClass -eq 'Group')" -RecipientContainer "existing.com/Tenants/client1"
#**********CREATE THE EMAIL ADDRESS POLICIES UNIQUE TO THE CLIENT
New-EmailAddressPolicy -Name "client1 – EAP" -RecipientContainer "existing.com/Tenants/client1" -IncludedRecipients "AllRecipients" -ConditionalCustomAttribute1 "client1" -EnabledEmailAddressTemplates "SMTP:%m@client1.com","smtp:%g.%s@client1.com","smtp:%g@client1.com"
Set-EmailAddressPolicy -Identity "client1 – EAP" -EnabledPrimarySMTPAddressTemplate "SMTP:%g@client1.com"
New-AddressBookPolicy -Name "client1" -AddressLists "client1 – All Users", "client1 – All Contacts", "client1 – All Groups" -GlobalAddressList "client1 – GAL" -OfflineAddressBook "client1" -RoomList "client1 – All Rooms"
#**********CREATE THEM A MEETING ROOM TO SHARE
New-Mailbox -Name 'client1 meeting' -Alias 'client1_meeting' -OrganizationalUnit 'existing.com/Tenants/client1' -UserPrincipalName 'meetingroom@client1.com' -SamAccountName 'client1_meeting' -FirstName 'Meeting' -LastName 'Room' -AddressBookPolicy 'client1' -Room
Set-Mailbox client1_meeting -CustomAttribute1 'client1'
Set-CalendarProcessing -Identity client1_meeting -AutomateProcessing AutoAccept -DeleteComments $true -AddOrganizerToSubject $true -AllowConflicts $false
#**********SET A TEMP PASSWORD (later on, change it and set the user's password to never expire. I'll put the powershell to do that in later. For now, just use the GUI.
$password = Read-Host "Enter password" -AsSecureString
mysupersecretpassword
New-Mailbox -Name 'Homer Simpsons' -Alias 'client1_arim' -OrganizationalUnit 'existing.com/Tenants/client1' -UserPrincipalName 'homer@client1.com' -SamAccountName 'client1_homer' -FirstName 'Homer' -LastName 'Simpson' -Password $password -ResetPasswordOnNextLogon $false -AddressBookPolicy 'client1'
Set-ADUser -Identity client1_arim -PasswordNeverExpires $true
#**********TAG THE NEWLY CREATED MAILBOXES TO THE CUSTOM ATTRIBUTE, SO enter code hereTHEY CAN SEE EACH OTHER, GET THEIR GAL, BOOKS, ETC.
Set-Mailbox client1_homer -CustomAttribute1 "client1"
完成工作。现在您有一个隐藏在其他租户中的新租户。对每个租户重复此过程。
毋庸置疑,从现在开始,您无法使用GUI来管理用户 - 您需要使用powershell并记住将用户,群组,别名,联系人等分配给租户,或者他们赢了&对他们来说是可见的(或者更糟糕的是,对于错误的群体是可见的)。
最后一句话 - 上面的powershell在Exchange 2013上都经过测试和运行。我假设它在2010年没问题,但2010年可能会有一些小调整。