您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.
管理 Azure Active Directory 域服务托管域中的组策略Administer Group Policy in an Azure Active Directory Domain Services managed domain
07/06/2020
本文内容
Azure Active Directory 域服务 (Azure AD DS) 中的用户和计算机对象的设置通常使用组策略对象 (GPO) 来管理。Settings for user and computer objects in Azure Active Directory Domain Services (Azure AD DS) are often managed using Group Policy Objects (GPOs). Azure AD DS 包括 AADDC 用户和 AADDC 计算机容器的内置 GPO 。Azure AD DS includes built-in GPOs for the AADDC Users and AADDC Computers containers. 可以自定义这些内置 GPO,以根据环境的需要配置组策略。You can customize these built-in GPOs to configure Group Policy as needed for your environment. Azure AD DC 管理员组的成员在 Azure AD DS 域中具有组策略管理特权,还可以创建自定义 GPO 和组织单位 (OU)。Members of the Azure AD DC administrators group have Group Policy administration privileges in the Azure AD DS domain, and can also create custom GPOs and organizational units (OUs). 有关组策略的定义及其工作原理的详细信息,请参阅组策略概述。More more information on what Group Policy is and how it works, see Group Policy overview.
在混合环境中,本地 AD DS 环境中配置的组策略不会同步到 Azure AD DS。In a hybrid environment, group policies configured in an on-premises AD DS environment aren't synchronized to Azure AD DS. 若要为 Azure AD DS 中的用户或计算机定义配置设置,请编辑其中一个默认 GPO 或创建一个自定义 GPO。To define configuration settings for users or computers in Azure AD DS, edit one of the default GPOs or create a custom GPO.
本文介绍如何安装组策略管理工具,然后编辑内置 GPO 并创建自定义 GPO。This article shows you how to install the Group Policy Management tools, then edit the built-in GPOs and create custom GPOs.
准备阶段Before you begin
需有以下资源和特权才能完成本文:To complete this article, you need the following resources and privileges:
一个有效的 Azure 订阅。An active Azure subscription.
如果你没有 Azure 订阅,请创建一个帐户。If you don't have an Azure subscription, create an account.
与订阅关联的 Azure Active Directory 租户,可以与本地目录或仅限云的目录同步。An Azure Active Directory tenant associated with your subscription, either synchronized with an on-premises directory or a cloud-only directory.
在 Azure AD 租户中启用并配置 Azure