有段时间没写博客了,最近忙于项目,还请见谅。
最近在做Office 365的项目,客户提出了以下需求:
现状描述:
目前用户使用2个域进行办公:1个是自己公司的域,我们假设是a.com(所有的用户PC都加入到b.com域中了),另1个域是他们总部的域a.com,此域中部署了exchange服务器,这些用户通过a.com域中的exchange进行收发邮件
需求描述:
用户想将他们在总部a.com域的邮箱全部迁移到Office 365,并最终通过他们自己的DC(域为:b.com)来进行用户管理
针对以上客户的需求,并且由于用户数量不是很多,我提出了2步走的方式进行,以下是我的具体流程:
第一步:
通过混合部署的方式或其它的迁移方式将他们的用户邮箱从总部域A.COM中迁移到Office 365(此过程网上有很多文档,我在此不做过多的说明)
第二步:
由于office 365上同步的用户(通过AAD目录同步同步的)是总部a.com域的,虽然和他们自己域b.com的用户相对应,但用户的标识还是属于2套帐户,这个时候如果在用户域环境中b.com搭建AAD目录同步,肯定不会和Office 365上的用户进行匹配。
针对以上情况,我们可以通过以下方法进行硬匹配:
在用户的本地域(b.com)环境中,通过命令获取所有用户的objectguid值:get-aduser -Filter * -SearchBase "ou=test,dc=b,dc=com" |fl name,objectguid
将这些值通过脚本转换成Office 365的ImmutableID(由于本地用户的objectguid值是和同步到office 365用户的ImmutableID值相对应的),命令如下:GUID2ImmutableID.ps1 '748b2d72-706b-42f8-8b25-82fd8733860f'
连接到Office 365 powershell,并通过命令将Office 365上相对应的用户的ImmutableID值修改为本地此用户转换的值Set-MsolUser -UserPrincipalName test01@b.com -ImmutableId "35jFNQU4Gkmb/9QRNCCCaA=="
Office 365上所有的用户的ImmutableID都修改为和本地b.com域对应的用户的objectguid相同后,我们再执行AAD目录同步,这个时候本地域b.com中的用户就会和Office 365上的用户进行匹配同步,IT管理员就可以通过本地DC进行用户管理了
以下是转换的脚本代码:
#------------------------------------------------------------------------------ # # Copyright ? 2012 Microsoft Corporation. All rights reserved. # # This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment. # THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, # INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. # We grant You a nonexclusive, royalty-free right to use and modify the Sample Code and to reproduce and distribute the object code # form of the Sample Code, provided that You agree: (i) to not use Our name, logo, or trademarks to market Your software product in # which the Sample Code is embedded; (ii) to include a valid copyright notice on Your software product in which the Sample Code is # embedded; and (iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims or lawsuits, # including attorneys’ fees, that arise or result from the use or distribution of the Sample Code. # #------------------------------------------------------------------------------ # # PowerShell Source Code # # NAME: # GUID2ImmutableID.ps1 # # VERSION: # 1.0 # Author: Steve Halligan # #------------------------------------------------------------------------------ param([string]$valuetoconvert) function isGUID ($data) { try { $guid = [GUID]$data return 1 } catch { #$notguid = 1 return 0 } } function isBase64 ($data) { try { $decodedII = [system.convert]::frombase64string($data) return 1 } catch { return 0 } } function displayhelp { write-host "Please Supply the value you want converted" write-host "Examples:" write-host "To convert a GUID to an Immutable ID: GUID2ImmutableID.ps1 '748b2d72-706b-42f8-8b25-82fd8733860f'" write-host "To convert an ImmutableID to a GUID: GUID2ImmutableID.ps1 'ci2LdGtw+EKLJYL9hzOGDw=='" } if ($valuetoconvert -eq $NULL) { DisplayHelp return } if (isGUID($valuetoconvert)) { $guid = [GUID]$valuetoconvert $bytearray = $guid.tobytearray() $immutableID = [system.convert]::ToBase64String($bytearray) write-host "ImmutableID" write-host "-----------" $immutableID } elseif (isBase64($valuetoconvert)){ $decodedII = [system.convert]::frombase64string($valuetoconvert) if (isGUID($decodedII)) { $decode = [GUID]$decodedii $decode } else { Write-Host "Value provided not in GUID or ImmutableID format." DisplayHelp } } else { Write-Host "Value provided not in GUID or ImmutableID format." DisplayHelp }
将以上代码保存成PS1格式即可
转载于:https://blog.51cto.com/liujb/1844180
2179
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
