我有一个共享邮箱,需要使用Outlook 2010客户端部署到Exchange 2010 SP2环境中的某个部门。 我试图依靠Exchange 2010 SP1引入的自动映射function ,原因很明显,但无效。
仔细检查一下 , 这可能是因为它不适用于团队 ,熟练地阻止它成为一个有很多邮件用户pipe理的人的有用function。
上面的链接包含一个解决PowerShell脚本来读取一个组的成员资格,并直接添加这些成员具有完全访问权限,但这不提供function来更新自动映射的人join或离开部门。
是否有人知道如何使用组授予用户对邮箱的完全访问权限时使用此function的function? (或者对于如何解决这个问题有什么想法呢?现在,我正在考虑一个定期更新相关AD属性的Powershell脚本,但是…有一个更好的方法。)
当我们遇到同样的问题时,我创build了这个脚本。 也许这不是世界上最漂亮的事情,但它完成了工作。 我有一个单独的OU访问组,然后另一个资源邮箱。 组和资源邮箱使用相同的名称,除了前面的A-组。
例如A-RESMBX1用于组名, REXMBX1用于资源邮箱。
该脚本枚举组OU中的组,然后枚举该OU的资源邮箱。 然后循环遍历每个组,并find匹配的资源邮箱。 当find匹配项时,它枚举组的用户,然后将它们添加到资源邮箱的msExchDelegateListLink属性中。
它还将从msExchDelegateListLink属性中删除不再是关联访问组成员的用户。 我有一个计划任务在DC运行。
我们的需要是由于需要获得大量资源邮箱的实习生的高转换率。
您需要更新$Groups和$ResMBXs的OU的LDAPpath以及$DomainController DC名称
Import-Module ActiveDirectory $DomainController = "MYDOMAINCONTROLLER" $Groups = Get-ADGroup -Filter * -SearchBase 'OU=Groups,OU=Resource Mailboxes,DC=mydomain,DC=com' -Server $DomainController | Sort-Object Name $ResMBXs = Get-ADUser -Filter * -SearchBase 'OU=Resource Mailboxes,DC=mydomain,DC=com' -Server $DomainController -properties msExchDelegateListLink | Sort-Object Name Write-Host "Enumerating Groups and Resource Mailboxes..." Write-Host "" # IsMember function is borrowed from : http://gallery.technet.microsoft.com/scriptcenter/5adf9ad0-1abf-4557-85cd-657da1cc7df4 # Hash table of security principals and their security group memberships. $GroupList = @{} Function IsMember ($ADObject, $GroupName) { # Function to check if $ADObject is a member of security group $GroupName. # Check if security group memberships for this principal have been determined. If ($GroupList.ContainsKey($ADObject.sAMAccountName.ToString() + "\") -eq $False) { # Memberships need to be determined for this principal. Add "pre-Windows 2000" # name to the hash table. $GroupList.Add($ADObject.sAMAccountName.ToString() + "\", $True) # Retrieve tokenGroups attribute of principal, which is operational. $ADObject.psbase.RefreshCache("tokenGroups") $SIDs = $ADObject.psbase.Properties.Item("tokenGroups") # Populate hash table with security group memberships. ForEach ($Value In $SIDs) { $SID = New-Object System.Security.Principal.SecurityIdentifier $Value, 0 # Translate into "pre-Windows 2000" name. $Group = $SID.Translate([System.Security.Principal.NTAccount]) $GroupList.Add($ADObject.sAMAccountName.ToString() + "\" + $Group.Value.Split("\")[1], $True) } } # Check if $ADObject is a member of $GroupName. If ($GroupList.ContainsKey($ADObject.sAMAccountName.ToString() + "\" + $GroupName)) { Return $True } Else { Return $False } } Foreach ($gr in $Groups) { Foreach ($mbx in $ResMBXs) { $MBXName = "A-" + $mbx.Name $LDAPUser=[ADSI]"LDAP://$($DomainController)/$($mbx.distinguishedName)" if ($gr.Name -eq $MBXName) { #Build an Array of DNs from each Group $Members = Get-ADGroupMember $gr -Server $DomainController if ($Members -ne $Null) { Foreach ($mbr in $Members){ if($mbr.distinguishedName -ne $Null) { $LDAPUser.msExchDelegateListLink.Add($mbr.distinguishedName) $LDAPUser.SetInfo() } $AddedUsers += $mbr.Name } } Else {Write-Host -foregroundcolor darkyellow "Group contains no members..."; Write-Host ""} if($mbx.msExchDelegateListLink -ne $Null) { $ACLUsers = $mbx.msExchDelegateListLink Foreach ($ACLUser in $ACLUsers) { #Check if user is a member of the current group #If not, remove from attribute $user = [ADSI]"LDAP://$($DomainController)/$($ACLUser)" $userDN = Get-ADUser $ACLUser -Server $DomainController $mem = IsMember $user $gr.Name If ($mem -eq $False) { $LDAPUser.msExchDelegateListLink.Remove($userDN.distinguishedName) $LDAPUser.SetInfo() Write-Host "The Following User was removed from: " -nonewline; Write-Host -foregroundcolor yellow $mbx.Name Write-Host -nonewline -foregroundcolor darkyellow " " $UserDN.Name Write-Host "" } } } $Members = "" Write-Host "The Following Users were added to: " -nonewline; Write-Host -foregroundcolor yellow $mbx.Name Write-Host "" Write-Host -foregroundcolor darkyellow $AddedUsers Write-Host "" $AddedUsers = "" } } }