Последнее изменение раздела: 2011-04-22

Service plans enforce certain interdependencies between features. Provisioning a new organization will fail if dependencies are broken, if an unknown feature is referenced, or the XML schema is invalid for a given service plan.

Важно!
Features in each section of the service plan and mailbox plans must be in alphabetical order. In addition, Boolean features (those that require a `true` or `false` value) that aren’t listed in the service plan won’t be enabled.

Service plan templates are stored in the following location: <Exchange Installation Path>\Exchange Server\V14\ClientAccess\ServicePlans. To learn more, see Understanding Service Plans and Mailbox Plans.

You can verify a service plan by running the New-Organization cmdlet with the WhatIf parameter.

Organization

This section includes features that apply to the entire tenant organization.

Global Elements

Global elements determine which features will be permitted for the entire organization.

Feature	Category	Description	Additional configuration and dependencies
AddressListEnabled	OrgWideConfiguration	Specifies that precanned address lists such as All Rooms and All Contacts are created when the tenant organization is created.	None
AutoForwardEnabled	OrgWideConfiguration	Specifies whether to allow messages that are auto-forwarded by client e-mail programs in your organization. Setting this parameter to `true` enables auto-forwarded messages to be delivered to remote domains.	None
AutoReplyEnabled	OrgWideConfiguration	Specifies whether to allow messages that are automatic replies from client e-mail programs in your organization. Setting this parameter to `true` enables automatic replies to be delivered to remote domains.	None
CommonConfiguration	OrgWideConfiguration	Configures tenant administrator accounts.	This feature should always be enabled.
HideAdminAccessWarningEnabled	OrgWideConfiguration	Specifies not to warn users that an administrator has access rights to their mailbox.	None
MailtipsEnabled	OrgWideConfiguration	Specifies that the tenant organization has MailTips enabled.	None
OfflineAddressBookEnabled	OrgWideConfiguration	Specifies that the organization has offline address books (OABs) available.	If this feature is enabled, you must also enable the following features on at least one of the mailbox plans within the service plan: AddressListEnabled OutlookAnywhereEnabled In addition, you must properly configure OABs for this organization. For more information, see Создание автономной адресной книги.
SearchMessageEnabled	OrgWideConfiguration	Specifies that the tenant administrator is a member of the Discovery Management role group and has Role Based Access Control (RBAC) permissions to Discovery mailboxes. By default, tenant administrators aren’t members of the Discovery Management role group and don’t have RBAC permissions to Discovery mailboxes. They do, however, have the ability to delegate the Discovery Management role, which allows the user to run discovery cmdlets and provides access to the default Discovery mailboxes. The tenant administrator can delegate the role to himself/herself or to others.	Add a user to the Discovery Management role group. For more information, see Добавление пользователя в группу ролей «Управление обнаружением».
SkipToOUandParentalControlCheckEnabled	OrgWideConfiguration	Enables Outlook Web App redirection.	Be sure to also set the HideAdminAccessWarningEnabled parameter.
SMTPAddressCheckwithAcceptedDomainEnabled	OrgWideConfiguration	This feature checks the SMTP address with accepted domains for mail users and mail contacts.	None

Permission Elements

Organizational permission elements configure the RBAC rights that are available to the tenant administrator, either through the Shell or through management interfaces such as the Exchange Control Panel (ECP).

Примечание.
If a parameter listed in the following table is set to `true`, and there is a user interface (UI) available in ECP for that feature, the tenant administrator will be able to access the UI. If the parameter is set to `false`, the ECP UI will be unavailable for the tenant administrator.

Feature	Category	Description	Additional configuration
ActiveSyncDeviceDataAccessPermissions	AdminPermissions	Specifies that the tenant administrator has permissions to retrieve information about the Exchange ActiveSync devices used within their organization. This parameter also allows the administrator to clear a user's device (privacy restricted).	Should be used in conjunction with the ActiveSyncPermissions parameter.
ActiveSyncPermissions	AdminPermissions	Specifies that the tenant administrator can manage Exchange ActiveSync access and policies for their users.	Should be used in conjunction with the ActiveSyncDeviceDataAccessPermissions parameter.
ArchivePermissions	AdminPermissions	Specifies that the tenant administrator can manage archive permissions for their users.	None
CalendarConnectionPermissions	AdminPermissions	Specifies that tenant administrators can configure the new Calendar Connection feature, which allows users outside the organization to view and edit their calendar, view and edit other users’ calendars, and subscribe to published calendars on the Internet.	None
ChangeMailboxPlansAssignmentPermissions	AdminPermissions	Specifies that tenant administrators can change mailbox plans for users in their organization.	None
EWSPermissions	AdminPermissions	Specifies that tenant administrators can manage access policies for Exchange Web Services (EWS).	None
ImapPermissions	AdminPermissions	Specifies that tenant administrators can manage IMAP4 settings, allowing them to enable, disable, or customize the settings.	None
JournalingRulesPermissions	AdminPermissions	Specifies that the tenant administrator can manage journaling rules. Using journaling rules, tenant administrators can record all communications (including e-mail) in their organization to comply with the organization's e-mail retention or archival strategy (privacy restricted)	None
LitigationHoldPermissions	AdminPermissions	Specifies that the tenant administrator can place a mailbox on litigation hold.	None
MailtipsPermissions	AdminPermissions	Specifies that the tenant administrator can assign permissions that allow users to configure MailTips for their mailboxes.	None
ManagedFolderPermissions	AdminPermissions	Specifies that the tenant administrator can assign permissions that allow users to configure managed folders.	None
MessageTrackingPermissions	AdminPermissions	Specifies that the tenant administrator can manage message tracking reports.	None
ModeratedRecipientPermissions	AdminPermissions	Specifies that the tenant administrator can control e-mail delivery to protected distribution groups and users by restricting to and pending from an e-mail approval process.	None
NewUserPasswordManagementPermissions	AdminPermissions	Specifies that the tenant administrator can create a password when creating a new mailbox.	None
OrganizationalAffinityPermissions	AdminPermissions	Specifies that the tenant administrator can turn off the ECP features Work week and Automatically process requests and responses from external senders.	Don’t remove this permission. This is required for ECP to function correctly.
OutlookAnywherePermissions	AdminPermissions	Specifies that the tenant administrator can enable Outlook Anywhere access for users.	If you enable this feature, you must also set the OutlookAnywhereEnabled parameter to `true`.
OWAMailboxPolicyPermissions	AdminPermissions	Specifies that the tenant administrator can create and manage Outlook Web App mailbox policies.	None
OWAPermissions	AdminPermissions	Specifies that the tenant administrator can manage Outlook Web App features (for example, customizing Outlook Web App settings and themes).	None
PerMBXPlanRoleAssignmentPolicyEnabled	AdminPermission	Specifies whether to include Permissions sections in each mailbox plan of the service plan. If this parameter is set to `true`, each mailbox plan listed in the service plan must include a Permissions section, and all end users will have a different set of permissions depending on the mailbox plan to which they’ve been assigned. If this parameter is set to `false`, only one Permissions section will be included for all mailbox plans. This section will be included in the most permissive mailbox plan, and all end users will have a common set of permissions.	You can’t use this parameter in conjunction with the RoleAssignmentPolicyPermissions parameter.
PopPermissions	AdminPermissions	Specifies that the tenant administrators can manage POP3 settings.	None
ProfileUpdatePermissions	AdminPermissions	Specifies that the tenant administrator can update user profile information.	None
RBACManagementPermissions	AdminPermissions	Specifies that the tenant administrator can manage RBAC roles, role assignments, role entries, and role scope.	None
RecipientManagementPermissions	AdminPermissions	Specifies that the tenant administrator can create and remove mailboxes.	None
ResetUserPasswordManagementPermissions	AdminPermissions	Specifies that the tenant administrator can reset user passwords.	Set the SkipResetPasswordOnFirstLoginEnabled parameter to `true` on all mailbox plans within the service plan.
RetentionTagsPermissions		Specifies that the tenant administrator can create and manage retention tags.	This feature requires Outlook 2010.
RoleAssignmentPolicyPermissions	AdminPermissions	Specifies that the tenant administrator can crate and mange role assignment policies.	You can’t use this parameter in conjunction with the PerMBXRoleAssignmentPolicyEnabled parameter. If the RoleAssignmentPolicyPermissions parameter is set to `false`, there should be only one mailbox plan with the MailboxPlanPermissions category of features enabled.
SearchMessagePermissions	AdminPermissions	Specifies that the tenant administrator can search messages to resolve compliance issues.	None
SetHiddentFromAddressListPermissions	AdminPermissions	Specifies that the tenant administrator can hide a mailbox from address lists.	If you set this parameter to `true`, you must also do the same for the ShowInAddressListsEnabled parameter to enable that feature on all mailbox plans.
SMSPermissions	AdminPermissions	Specifies that the tenant administrator can manage and enable SMS for user mailboxes.	None
TransportRulesPermissions	AdminPermissions	Specifies that the tenant administrator can manage transport rules. Transport Rules enables organizations to create rules based on conditions, exceptions, and actions. Conditions apply to users, distribution lists, and message contents. Exceptions let you exclude specific users, distribution lists, or SMTP connectors	None
UserMailboxAccessPermissions	AdminPermissions	Specifies that the tenant administrator can access the content of user’s mailboxes. This allows tenant administrators to configure user’s Inbox rules, mailbox permissions, and forwarding addresses.	None

Quota Elements

When the following quota element maximums are reached, the tenant organization will be unable to create additional recipient types. However, if a tenant administrator creates a large number of objects in a short time span, it may be possible to exceed quotas until the information propagates across all Mailbox and Client Access servers.

Feature	Category	Description	Dependencies
ContactCountQuota	OrgWideConfiguration	Specifies the maximum number of contacts allowed in the tenant organization's address list.	None
DistributionListCountQuota	OrgWideConfiguration	Specifies the maximum number of distribution lists allowed in the tenant organization.	None
MailboxCountQuota	OrgWideConfiguration	Specifies the maximum number of mailboxes allowed in the tenant organization.	None
MailUserCountQuota	OrgWideConfiguration	Specifies the maximum number of mail user accounts allowed in the tenant organization.	None
RecipientMailSubmissionRateQuota	OrgWideConfiguration	Specifies how many messages a mailbox can send. By default, this is unlimited.	None

Mailbox Plans

The mailbox plan specifies a set of Exchange features that needs to be enabled on a mailbox in the tenant organization. Tenant organizations can have multiple mailbox plans. Mailbox plans are assigned to the tenant organization by the Service Plan. The mailbox plan is an Active Directory object and is used by cmdlets that provision mailboxes, such as New-Mailbox and Enable-Mailbox.

Mailbox Plan Identifiers

This table describes the section in the mailbox plan that identifies each individual mailbox plan. If you have multiple mailbox plans in the service plan, you need to ensure that this section identifies each plan. You can have only one default plan.

Feature	Category	Description	Dependencies
MailboxPlanName	PlanIdentifier	Specifies the name of the mailbox plan.	You can create multiple plans, each plan must have a unique name.
MailboxPlanIndex	PlanIdentifier	Each mailbox plan in this service plan must have a unique index number.	Each mailbox plan must have a unique name.
ProvisionAsDefault	PlanIdentifier	Specifies that the mailbox plan is the default mailbox plan. When new mailboxes are created and you do not specify a mailbox plan at that time the default mailbox plan will be applied to the mailbox. This feature can be overridden by tenant administrators who have permission to change the default mailbox plan.	Only one mailbox plan can be provisioned as the default.

Feature

Boolean Elements

This table describes the section in the service plan that is labeled Boolean Elements and controls features and services available to end-users. Boolean elements are either true or false. If the features aren’t listed in the mailbox plan, it will not be enabled.

Feature	Category	Description	Additional configuration
ActiveSyncEnabled	MailboxPlanConfiguration	Specifies that Exchange ActiveSync is enabled for the user. Exchange ActiveSync lets you synchronize a mobile phone with your Exchange mailbox. The default value is true.	You may create ActiveSync mailbox policies for the tenant org and may control de access privileges of devices.
EwsEnabled	MailboxPlanConfiguration	Specifies that EWS is enabled for users of this mailbox plan.	None
ImapEnabled	MailboxPlanConfiguration	Specifies that IMAP4 is enabled for users of this mailbox plan. If users connect to their mailbox using IMAP4, they will not have advanced collaboration features such as calendaring, contacts, and tasks. The default value is True.	Start the Microsoft Exchange IMAP4 service through the Control Panel.
OrganizationalQueryBasedDNEnabled	MailboxPlanConfiguration	If set to False, this parameter specifies that the user's QueryBaseDN will be set to point at the user's own object, meaning that the user will not be able to see other users in the organization.	None
OutlookAnywhereEnabled	MailboxPlanConfiguration	Specifies that Outlook Anywhere, formerly known as RPC over HTTP, is enabled for users of this mailbox plan.	If you enable this feature, you must also enable the ShowInAddressListEnabled feature.
PopEnabled	MailboxPlanConfiguration	Specifies that POP3 is enabled for users of this mailbox plan. If users connect to their mailbox using POP3, they will not have advanced collaboration features such as calendaring, contacts, and tasks.	Start the Microsoft Exchange POP3 service through the Control Panel.
ShowInAddressListEnabled	MailboxPlanConfiguration	Specifies that users of this mailbox plan will be displayed in the tenant organization's address list.	None
SkipResetPasswordonFirstLogonEnabled	MailboxPlanSatellite	Specifies that users of this mailbox plan will not be required to change their password upon logging in to their e-mail account for the first time.	None

Permissions Elements

The mailbox plan Permissions Elements will configure the RBAC rights that will be available to the tenant organization’s users. This table describes the permissions that will apply to the mailbox users in the tenant organization. In addition, if a feature is not listed, it will not be enabled.

Примечание.
If you set enabled the PerMBXPlanRoleAssignementPolicy feature for the service plan, you must create a Permission Elements section in each of the mailbox plans contained in the service plan. If you disabled the PerMBXPlanRoleAssignmentPolicy feature for the service plan, you will create only one Permissions Elements section. For example, if you have three mailbox plans, you will only include the permissions elements section in the most permissive mailbox plan.

Примечание.

If you set enabled the PerMBXPlanRoleAssignementPolicy feature for the service plan, you must create a Permission Elements section in each of the mailbox plans contained in the service plan. If you disabled the PerMBXPlanRoleAssignmentPolicy feature for the service plan, you will create only one Permissions Elements section. For example, if you have three mailbox plans, you will only include the permissions elements section in the most permissive mailbox plan.

Property	Category	Description	Dependencies
ActiveSyncDeviceDataAccessPermissions	MailboxPlanPermissions	Specifies that users have permissions to retrieve information about their Exchange ActiveSync devices and rights to clear them.	Use this feature in conjunction with the ActiveSyncPermisssions feature. If you enable this feature, you must also enable the ActiveSyncEnabled feature.
ActiveSyncPermissions	MailboxPlanPermissions	Specifies that users can provision themselves for ActiveSync including deleting their own partnerships.	Use this feature in conjunction with the ActiveSyncDeviceDataAccessPermissions.
AutoGroupPermissions	MailboxPlanRoleAssignment	Specifies that users can create and manage distribution groups.	None
ImapPermissions	MailboxPlanPermissions	Specifies that users can manage IMAP for their own accounts.	None
MailtipsPermissions	MailboxPlanPermissions	Specifies that users can manage mail tips for their own accounts.	If this feature is enabled, you must also enable the MailtipsEnabled feature.
MessageTrackingPermissions	MailboxPlanPermissions	Specifies that users have the ability to manage message tracking reports for their own sent and received messages.	None
ModeratedRecipientsPermissions	MailboxPlanPermissions	Specifies that users can control e-mail delivery to protected distribution groups and users by restricting "To" and "Pending From" e-mail approval process.	If you enable this feature, you must also enable the AutoGroupPermissions feature.
OrganizationalAffinityPermissions	MailboxPlanPermissions	Specifies that users can turn off "Work Week" and "Automatically process requests and responses from external senders". This feature applies to open domain organizations.	None
PopPermissions	MailboxPlanPermissions	Specifies that users can enable, disable, and customize POP3 settings for their own account.	None
ProfileUpdatePermissions	MailboxPlanPermissions	Specifies that users can update their own profile information.	None
ResetUserPasswordManagementPermissions	MailboxPlanPermissions	Specifies that users can reset their own passwords.	None
RetentionTagsPermissions		Specifies that users can set retention tags on their folders and message items.	None
SMSPermissions	MailboxPlanPermissions	Specifies that users can enable SMS notifications on their own accounts.	None
UserMailboxAccessPermissions	MailboxPlanPermissions	None	None

Quotas Elements

This table describes the quotas placed on the user mailbox. If you set any of these properties on a user's mailbox using the Shell or using ECP, that mailbox setting overrides the value that is set for this attribute in the mailbox plan.

Feature	Category	Description	Dependencies
MaxReceiveTransportQuota	MailboxPlanConfiguration	Specifies the maximum size messages in bytes that mailboxes with this service plan can receive.	None
MaxRecipientTransportQuota	MailboxPlanConfiguration	Specifies the maximum number of recipients per message to which that mailbox with this service plan can send. You must specify either an integer or "unlimited."	None
MaxSendTransportQuota	MailboxPlanConfiguration	Specifies the maximum size messages in bytes that mailboxes with this service plan can send.	None
ProhibitSendReceiveMailboxQuota	MailboxPlanConfiguration	Specifies the mailbox size in bytes at which mailboxes with this service plan can no longer send or receive messages.	None