Exchange 2013 Multi-Tenant managed Part 4: Mailbox Isolation Management Configuration

In the previous article we have completed a number of configurations, like our front-end users have gradually completed the multi-tenant isolation, today we have to do is for the administrator of multi-tenant isolation operations.

First, we need to create different mailbox databases for different tenants, and the process of creating them is not repeated here, but the names need to follow certain rules, because later we use RABC to control permissions for different tenant administrator databases.

650) this.width=650; "height=" 418 "title=" clip_image001 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image001 "src=" http://s3.51cto.com/wyfs02/ M01/57/08/wkiom1spqskjveaeaae_x66au0a197.jpg "border=" 0 "/>

Here I am using the form of tenant + tenant name + database + DB number.

650) this.width=650; "height=" 484 "title=" clip_image002 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/ M02/57/08/wkiom1spqspt6fohaad3xxbqfc8196.jpg "border=" 0 "/>

Then we go to the Permissions tab, in the Administrator role, click New.

650) this.width=650; "height=" 418 "title=" clip_image003 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image003 "src=" http://s3.51cto.com/wyfs02/ M00/57/08/wkiom1spqsbhxns1aag9lqip11y218.jpg "border=" 0 "/>

Then enter a name, preferably in Chinese and set the name of the recognition. Then below we d organizational unit, we need to fill in the tenant's OU.

650) this.width=650; "height=" 484 "title=" clip_image004 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/ M01/57/08/wkiom1spqseyr09_aaeumtpbmwk274.jpg "border=" 0 "/>

Click + to go to the Select Roles window, where we choose Mailbox Recipients, Mailbox search and mail Recipient Creation.

650) this.width=650; "height=" 484 "title=" clip_image005 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image005 "src=" http://s3.51cto.com/wyfs02/ M02/57/06/wkiol1spqcngbvrzaaibb_ib-8k015.jpg "border=" 0 "/>

Return to the Role Group window, where we can add members to this group by clicking "+" at the member location.

650) this.width=650; "height=" 484 "title=" clip_image006 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/ M00/57/08/wkiom1spqsvqiqtxaaealkztccy776.jpg "border=" 0 "/>

Because the new tenant a mailbox administrator is here, I added the account of the tenant a mailbox administrator I created earlier.

650) this.width=650; "height=" 484 "title=" clip_image007 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image007 "src=" http://s3.51cto.com/wyfs02/ M01/57/06/wkiol1spqcyboh7xaah5g3d9unq850.jpg "border=" 0 "/>

Go back to the role group interface and confirm that all the operations have been completed and we can click Save.

650) this.width=650; "height=" 484 "title=" clip_image008 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/ M00/57/08/wkiom1spqs7xa7fkaaeu4sf5w4k153.jpg "border=" 0 "/>

In the EAC-permissions-Administrator role, the Mailbox Admins role group for one of our newly created tenants will appear, and we can add members to this group at any time, and see the description, membership, and management role assignments of this group clearly next to it.

650) this.width=650; "height=" 418 "title=" clip_image009 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image009 "src=" http://s3.51cto.com/wyfs02/ M02/57/06/wkiol1spqc7duzscaagvz5pp4ze404.jpg "border=" 0 "/>

Next, open the local EMS, and type the following command to create a new database administration area. The "*tenant1*" is the tenant information in the name format we used when we built the database.

New-managementscope-name "Tenant1"-databaserestrictionfilter {name-like "*tenant1*"}

650) this.width=650; "height=" 227 "title=" clip_image010 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image010 "src=" http://s3.51cto.com/wyfs02/ M00/57/06/wkiol1spqdgaegkmaafrokuvnjc122.jpg "border=" 0 "/>

We can then use Get-managementroleassigment to find the Tenant Mailbox Administrator role Group we just created, assigning the database management zone we just created to the Tenant Administrator role Group:

Get-managemnetroleassigment * Tenant 1* | Set-managemnetroleassignment-custrecipientwritescope Tenant1

650) this.width=650; "height=" 227 "title=" clip_image011 "style=" border:0px;padding-top:0px;padding-right:0px; Padding-left:0px;background-image:none, "alt=" clip_image011 "src=" http://s3.51cto.com/wyfs02/M00/57/08/ Wkiom1spqtxtmxxaaafxj-srrug507.jpg "border=" 0 "/>

Once completed, we also need to execute the following commands to control the scope of mailbox management for different tenants:

New-managementscope-name "Tenant1 Mailboxes"-recipientroot "exchange.com/tenant/A"-recipientrestrictionfilter { Recipienttype-eq "Usermailbox"}

There is no repetition here, the steps are the same as above, but here you need to specify the OU location of the recipientroot that is the tenant.

This article is from the "Reinember" blog, make sure to keep this source http://reinember.blog.51cto.com/2919431/1590419

Exchange 2013 Multi-Tenant managed Part 4: Mailbox Isolation Management Configuration