我已经在 Google 上广泛搜索并在 ServerFault 上搜索指导,但找不到任何设计场景示例或最佳实践,或者实际上微软没有提供任何关于如何解决此问题的文档。
我们有许多代表一个部门或团队(而不是个人)的邮箱,这些邮箱将由多个用户监控和处理。我的意思是,根据谁被列入了名单,谁被指定负责当天回复/处理该团队的电子邮件等,不同的人将阅读邮箱中的邮件,然后对它们进行分类/标记为已读/未读,将它们移动到子文件夹等。为了避免重复工作,接下来查看此邮箱的人都需要看到这些内容。
以下是我们当前的情况:
- 我们创建邮箱,例如[电子邮件保护]
- 我们创建一个域本地安全组,例如 Team1 Mailbox Full Access,并授予其对邮箱的完全访问权限
- 我们将用户或组添加到该组
总体来说,这种方法还不错。但困难之处在于,用户的组成员身份在登录时更新,因此他们需要注销并重新登录才能获得访问权限。但问题如下:
- 从设置这些权限到应用这些权限所花的时间是不可预测且不一致的。例如,如果我按照上述步骤操作(或者甚至只是将某人添加到已经拥有权限的组中),即使他们注销/登录,有时也需要几个小时才能访问邮箱。
- 有时这根本不起作用。用户只有直接获得权限才能访问邮箱(例如,他们的用户帐户被授予邮箱权限,而不是通过组成员身份)。
我考虑过使用公共文件夹,但显然人们对这些文件夹是否已被弃用存在很多困惑,但更具体地说,人们对它们的最佳用途存在很多困惑(我不认为它们适用于我当前的问题)。我也考虑过将它们从用户邮箱更改为共享邮箱,但是这篇 Technet 文章说:
我们建议您使用资源邮箱或 Microsoft SharePoint Portal Server 门户进行协作,而不是共享邮箱。
关于 Exchange 和 SahrePoint 之间的集成,以及 SharePoint 将如何取代 Exchange 之前解决的大量协作场景,也有很多讨论。但我似乎找不到任何关于推荐设计的明确文档。
所以我的问题是,有人能给我指出任何关于这种情况的正确方法的文档吗?这是组织之间的共同要求,我不敢相信它还没有得到解决。
答案1
Exchange 和 Sharepoint 提供工具;您可以根据自己的需求进行自定义。您可能会认为这些需求是普遍存在的,事实也确实如此,但您会惊讶地发现,不同组织的需求差异很大,因此您的配置可能与其他配置不同。您真正要做的是将业务流程映射到技术上,而这实际上只有您才能做到。您需要弄清楚用户需要什么,然后为他们构建一个解决方案。这可能解释了为什么您找不到您想要的文档。
公共文件夹对于 Exchange 2010 来说是可行的,而且谁也不知道它还能持续多久。微软最初试图取消它们,但遭到了强烈的反对,所以他们已经放弃了这一计划。如果您还没有使用它们,那么最好跳过它们,寻找使用邮箱或 Sharepoint 的解决方案。
实际上,正如您所提到的,您有两个选择:使用邮箱并授予所有人访问权限,或者使用 Sharepoint 网站。两者都可以。您没有提到您是否已经拥有 Sharepoint。如果没有,那么构建它并不是一件无关紧要的事情,因此我建议您坚持使用邮箱方法,这是一种常见的解决方案。显然,您需要解决权限问题,但如果这是您唯一的问题,我只会关注该特定技术问题并找到解决方案。
我不会纠结于 Microsoft 文档中关于使用资源邮箱或 Sharepoint 进行协作的评论。资源邮箱可能不适合你的特定用途,但 Sharepoint 可能适合。
答案2
以下是我对这些问题的了解。
从设置到工作之间的等待时间与目录缓存在交易所。我找到了一篇文章这里描述了这一点。我们的解决方案是设定适当的期望;我们在创建共享邮箱和通知用户邮箱准备就绪之间等待 24 小时。
关于功能,我仍然没有找到有关最佳实践的指导。不过,我发现了以下两个事实:
- 直接在 Exchange 中创建邮箱和用户帐户作为共享邮箱运行更加可靠
- 创建一个有权访问邮箱的组,然后将用户添加到该组,就可以了。使用嵌套组并不可靠
显然,第二个问题已在最新的服务包中得到修复,尽管我还没有测试过。此外,我们现在创建的组是启用了安全性的通讯组。我创建了一个脚本来自动化整个过程,并且运行良好。我们目前正在将现有的共享邮箱迁移到使用此脚本创建的新邮箱。
我已经将脚本附在下面,供感兴趣的人参考。欢迎提出任何建议或改进。
# ===================================================================
# Purpose: Creates a shared mailbox, a group with appropriate permissions, and adds members
# Author: Matt Goldman
# Revision: 1.0; 31/5/2011
# ===================================================================
Function ImportMembers
{
param($csvpath,$dgalias)
$Title = "CSV Import Options"
$headingquery = "Please choose from the following CSV formatting options:"
$alias = New-Object System.Management.Automation.Host.ChoiceDescription "&Alias", `
"CSV Contains an alias column."
$fullname = New-Object System.Management.Automation.Host.ChoiceDescription "&Full Name", `
"CSV contains a full name column."
$firstlast = New-Object System.Management.Automation.Host.ChoiceDescription "First and &Last Name", `
"CSV contains a first name column and a last name column"
$options = [System.Management.Automation.Host.ChoiceDescription[]] ($alias, $fullname, $firstlast)
$result = $host.ui.PromptForChoice($title, $headingquery, $options, 0)
Switch ($result)
{
0 {
# Has an alias column
$aliascolumn = Read-Host "Please enter the column heading for the alias column"
$members = Import-CSV $csvpath
foreach ($row in $members)
{
$member = $row.$aliascolumn
Add-DistributionGroupMember -Identity $dgalias -Member $member
}
}
1 {
# Has a full name column
$fullnamecolumn = Read-Host "Please enter the column heading for the Full Name column"
$members = Import-csv $csvpath
foreach ($row in $members)
{
$member = $row.$fullnamecolumn
Add-DistributionGroupMember -Identity $dgalias -Member $member
}
}
2 {
# Has a first name and a last name column
$firstnamecol = Read-Host "Please enter the column heading for the First Name column"
$lastnamecol = Read-Host "Please enter the column heading for the Last Name column"
$members = Import-csv $csvpath
foreach ($row in $members)
{
$fullname = $row.$firstnamecol + " " + $row.$lastnamecol
Add-DistributionGroupMember -Identity $dgalias -Member $fullname
}
}
}
Write-Host "The following members have been added to the group:"
Get-DistributionGroupMember $dgalias | FT -AutoSize Name
Write-Host "Thank you for using SMBuilder."
}
Write-Host "Shared Mailbox Builder v0.1`n"
# Write-Host "Script to create a shared mailbox, create a corresponding group with appropriate permissions, and populate group membership"
# Write-Host "User-input driven"
# Create the shared mailbox
$mbname = Read-Host "Please enter a (full) name for the new mailbox (e.g. Sales Team or Emplyee Enquiries)"
$mbalias = Read-Host "`nPlease enter an alias for the new mailbox (e.g. salesteam or empenq)"
$addomain = Read-Host "`nPlease enter your Active Directory domain (NOT your SMTP domain if they are different)"
$upn = $mbalias + "@" + $addomain
$mbmessage = "`nDo you want to specify an OU for the mailbox object? (Default will be $addomain/users)"
$yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", `
"Specifies an OU."
$no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", `
"Accepts default OU."
$options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
$result = $host.ui.PromptForChoice($title, $mbmessage, $options, 1)
switch ($result)
{
0 {
$ou = Read-Host "Please specify the Organizational Unit - $addomain/"
$mbou = $addomain + "/" + $ou
New-Mailbox -Name $mbname -Alias $mbalias -UserPrincipalName $upn -OrganizationalUnit $mbou -Shared | Out-Null
}
1 {
New-Mailbox -Name $mbname -Alias $mbalias -UserPrincipalName $upn -Shared | Out-Null
}
}
Write-Host "The following mailbox has been created:"
Get-Mailbox $mbalias | FT -AutoSize Name,OrganizationalUnit
# Create the security-enabled distribution group
$dgname = Read-Host "Please enter a (full) name for the new Distribution Group (e.g. Sales Team Full Access)"
$dgalias = Read-Host "`nPlease enter an alias for the new Distribution Group (e.g. STMailBoxFA)"
$dgmessage = "`nDo you want to specify an OU for the Distribution Group? (Default will be $addomain/users)"
$yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", `
"Specifies an OU."
$no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", `
"Accepts default OU."
$options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
$result = $host.ui.PromptForChoice($title, $dgmessage, $options, 1)
switch ($result)
{
0 {
$ou = Read-Host "Please specify the Organizational Unit - $addomain/"
$dgou = $addomain + "/" + $ou
new-DistributionGroup -Name $dgname -Type 'Security' -SamAccountName $dgname -Alias $dgalias -OrganizationalUnit $dgou | Out-Null
}
1 {
new-DistributionGroup -Name $dgname -Type 'Security' -SamAccountName $dgname -Alias $dgalias | Out-Null
}
}
Set-DistributionGroup -identity $dgalias -HiddenFromAddressListsEnabled $true
Write-Host "The following Distribution Group has been created:"
Get-DistributionGroup $dgalias | FT -AutoSize Name,OrganizationalUnit
# Apply full access and send as permissions to the group on the mailbox
Add-MailboxPermission -Identity $mbalias -AccessRights FullAccess -User $dgalias | Out-Null
Write-Host "`nFull-Access rights applied..."
Get-Mailbox $mbalias | Add-ADPermission -ExtendedRights Send-As -User $dgalias | Out-Null
Write-Host "Send-As permission applied..."
# Populate the group
$listmessage = "`nDo you have a .csv file listing the users/groups you wish to add to this group?"
$yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", `
"Allows you to import a list of users in .csv format"
$no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", `
"Allows you to manually type in a comma seperated list of users, or skip and add them manually"
$options = [System.Management.Automation.Host.ChoiceDescription[]] ($yes, $no)
$result = $host.ui.PromptForChoice($title, $listmessage, $options, 1)
Switch ($result)
{
0 {
"You wish to import from CSV..."
$csvpath = Read-Host "Please enter the full path to your CSV file"
ImportMembers $csvpath $dgalias
}
1 {
"You do not wish to import from CSV. Thank you for using SMBuilder."
}
}