PowerShell 新建 Address Book Policy

　　前言

　　最近在隔离用户

　　正文

　　1.ABP脚本的生成结果

　　2.生成的命令

<#
.SYNOPSIS
为Exchange Online配置按域名隔离的地址簿策略（ABP），包含专属离线地址簿（OAB）
.DESCRIPTION
该脚本会为指定域名创建专属的GAL、地址列表、离线地址簿（OAB）和地址簿策略，并批量分配给该域名的所有用户
.AUTHOR
编程助手
.PARAMETER TargetDomain
必填参数，指定要隔离的目标域名（如contoso.com）
.PARAMETER AdminUPN
必填参数，Exchange Online管理员的UPN（如admin@contoso.com）
.PARAMETER PolicyPrefix
可选参数，策略命名前缀（默认值：ABP_）
.EXAMPLE
.\Configure-ABP-PerDomain.ps1 -TargetDomain "contoso.com" -AdminUPN "admin@contoso.com"
.EXAMPLE
.\Configure-ABP-PerDomain.ps1 -TargetDomain "fabrikam.com" -AdminUPN "admin@fabrikam.com" -PolicyPrefix "Fabrikam_"
#>[CmdletBinding()]
param ([Parameter(Mandatory=$true)][string]$TargetDomain,[Parameter(Mandatory=$true)][string]$AdminUPN,[string]$PolicyPrefix = "ABP_"
)# -------------------------- 初始化配置 --------------------------
# 定义所有策略/列表名称（自动拼接前缀+域名）
$addressListName = "$PolicyPrefix$TargetDomain Address List"
$galName = "$PolicyPrefix$TargetDomain GAL"
$roomAddressListName = "$PolicyPrefix$TargetDomain_Room_List"
$oabName = "$PolicyPrefix$TargetDomain OAB"
$abpName = "$PolicyPrefix$TargetDomain Policy"# 设置错误处理
$ErrorActionPreference = "Stop"try {Write-Host "galName" $galName# -------------------------- 1. 检查并安装Exchange Online模块 --------------------------Write-Host "`n[1/7]检查Exchange Online PowerShell模块..." -ForegroundColor Cyanif (-not (Get-Module -Name ExchangeOnlineManagement -ListAvailable)) {Write-Host "正在安装ExchangeOnlineManagement模块..." -ForegroundColor YellowInstall-Module -Name ExchangeOnlineManagement -Force -AllowClobber -Scope CurrentUser}Import-Module ExchangeOnlineManagement -Force# -------------------------- 2. 连接Exchange Online --------------------------Write-Host "`n[2/7]连接Exchange Online..." -ForegroundColor CyanConnect-ExchangeOnline -UserPrincipalName $AdminUPN -ShowProgress $true -ErrorAction StopWrite-Host "✅ 成功连接到Exchange Online" -ForegroundColor Green# -------------------------- 3. 创建专属地址列表 --------------------------Write-Host "`n[3/7]创建$TargetDomain专属地址列表..." -ForegroundColor Cyan# 检查地址列表是否已存在if (-not (Get-AddressList -Identity $addressListName -ErrorAction SilentlyContinue)) {New-AddressList -Name $addressListName `-RecipientFilter {RecipientType -eq 'UserMailbox' -and PrimarySmtpAddress -like "*yu@$TargetDomain"} `#-IncludedRecipients MailboxUsersWrite-Host "✅ 成功创建地址列表: $addressListName" -ForegroundColor Green}else {Write-Host "⚠️  地址列表$addressListName已存在，跳过创建" -ForegroundColor Yellow}# -------------------------- 4. 创建专属全局地址列表（GAL） --------------------------Write-Host "`n[4/7]创建$TargetDomain专属GAL..." -ForegroundColor CyanWrite-Host "GAL $galName"# 检查GAL是否已存在if (-not (Get-GlobalAddressList -Identity $galName -ErrorAction SilentlyContinue)) {New-GlobalAddressList -Name $galName `-RecipientFilter {RecipientType -eq 'UserMailbox' -and PrimarySmtpAddress -like "*yu@$TargetDomain"}Write-Host "✅ 成功创建GAL: $galName" -ForegroundColor Green}else {Write-Host "⚠️  GAL $galName已存在，跳过创建" -ForegroundColor Yellow}# --------------------------5. 创建会议室邮箱地址列表（ABP的RoomList所需）--------------------------Write-Host "`n[5/7] 创建$TargetDomain会议室地址列表..." -ForegroundColor Cyanif (-not (Get-AddressList -Identity $roomAddressListName -ErrorAction SilentlyContinue)) {New-AddressList -Name $roomAddressListName `-RecipientFilter {RecipientDisplayType -eq 'ConferenceRoomMailbox' -and PrimarySmtpAddress -like "*yu@$TargetDomain"}Write-Host "✅ 创建会议室地址列表: $roomAddressListName" -ForegroundColor Green} else { Write-Host "⚠️  会议室地址列表已存在" -ForegroundColor Yellow }$abpRoomList = (Get-AddressList -Identity $roomAddressListName).Identity# -------------------------- 6. 创建专属离线地址簿（OAB） --------------------------Write-Host "`n[6/7]创建地址簿策略..." -ForegroundColor Cyan$defaultOAB = Get-OfflineAddressBook | Select-Object -First 1if (-not (Get-AddressBookPolicy -Identity $abpName -ErrorAction SilentlyContinue)) {New-AddressBookPolicy -Name $abpName `-GlobalAddressList $galName `-AddressLists $addressListName `-OfflineAddressBook $defaultOAB.Identity `-RoomList $abpRoomListWrite-Host "✅ 成功创建地址簿策略: $abpName" -ForegroundColor Green}else {Write-Host "⚠️  地址簿策略$abpName已存在，更新配置" -ForegroundColor YellowSet-AddressBookPolicy -Identity $abpName `-GlobalAddressList $galName `-AddressLists $addressListName `-OfflineAddressBook $defaultOAB.IdentityWrite-Host "✅ 已更新ABP配置: $abpName" -ForegroundColor Green}# -------------------------- 7. 批量分配策略给目标域名用户 --------------------------Write-Host "`n[6/7]批量分配策略给$TargetDomain的所有用户..." -ForegroundColor Cyan$users = Get-Mailbox -ResultSize Unlimited | Where-Object {$_.PrimarySmtpAddress -like "*yu@$TargetDomain"}if ($users.Count -eq 0) {Write-Host "⚠️  未找到$TargetDomain域名的任何邮箱用户" -ForegroundColor Yellow}else {$users | Set-Mailbox -AddressBookPolicy $abpNameWrite-Host "✅ 已为$($users.Count)个用户分配地址簿策略: $abpName" -ForegroundColor Green# 验证分配结果（显示前5个用户）Write-Host "`n📌 验证结果（前5个用户）:" -ForegroundColor Cyan$users | Select-Object -First 5 Name, PrimarySmtpAddress, AddressBookPolicy | Format-Table -AutoSize}Write-Host "`n🎉 所有操作执行完成！" -ForegroundColor GreenWrite-Host "📢 注意：OAB和ABP生效可能需要1-2小时，建议用户：" -ForegroundColor CyanWrite-Host "   1. 重启Outlook客户端" -ForegroundColor CyanWrite-Host "   2. 手动下载OAB（Outlook → 文件 → 账户设置 → 下载地址簿）" -ForegroundColor Cyan
}
catch {Write-Host "`n❌ 执行过程中出错: $($_.Exception.Message)" -ForegroundColor Redexit 1
}
finally {# 断开Exchange Online连接if (Get-PSSession | Where-Object {$_.ConfigurationName -eq 'Microsoft.Exchange'}) {Write-Host "`n🔌 断开Exchange Online连接..." -ForegroundColor CyanDisconnect-ExchangeOnline -Confirm:$false}
}

　　结束语

　　搞了好久，有点困了