Exchange Server 2019 实战操作指南
新钛云服已累计为您分享737篇技术干货
镜像下载地址:
https://next.itellyou.cn/Original/#
文档:
https://learn.microsoft.com/zh-cn/Exchange/plan-and-deploy/system-requirements?view=exchserver-2019
Exchange 2019 最低要求是 16GB 内存
显示计算机、网络图标,在运行窗口输入shell32.dll,Control_RunDLL desk.cpl,,0桌面壁纸显示ip地址信息https://learn.microsoft.com/zh-cn/sysinternals/downloads/bginfoBoot Time: <Boot Time>OS Version: <OS Version>Host Name: <Host Name>Logon Domain: <Logon Domain>Machine Domain: <Machine Domain>CPU: <CPU>Memory: <Memory>IP Address: <IP Address>DHCP Server: <DHCP Server>MAC Address: <MAC Address>Subnet Mask: <Subnet Mask>DNS Server: <DNS Server>Default Gateway: <Default Gateway>Volumes: <Volumes>
A .NET框架4.8
https://download.visualstudio.microsoft.com/download/pr/014120d7-d689-4305-befd-3cb711108212/0fd66638cde16859462a6243a4629a50/ndp48-x86-x64-allos-enu.exe
B.Visual C++ Redistributable Package for Visual Studio 2012
https://www.microsoft.com/download/details.aspx?id=30679
C.在 Windows PowerShell 中运行以下命令,安装远程工具管理包:
Install-WindowsFeature RSAT-ADDSD.Exchange Server 2019 CU12 (2022H1)补丁包
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2022-h1-cumulative-updates-for-exchange-server/ba-p/3285026
下载地址https://www.microsoft.com/en-us/download/details.aspx?id=30679
E.IIS URL 重写模块
IIS 的 URL 重写模块需要在累积更新 11 或更高版本中使用。
下载地址https://www.iis.net/downloads/microsoft/url-rewrite
F.添加所需的 Lync Server 或 Skype for Business Server 组件:
Install-WindowsFeature Server-Media-FoundationG.安装 Unified Communications Managed API 4.0。
此程序包可供下载并位于 Exchange Server 媒体的
\UCMARedist 文件夹中。
https://www.microsoft.com/download/details.aspx?id=34992
H.使用 Exchange 安装程序安装所需的 Windows 组件,请在 Windows PowerShell 中运行以下命令之一
#把window2019的安装ios加到到本电脑上的z磁盘Install-WindowsFeature NET-Framework-45-Features, Server-Media-Foundation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS -Source Z:\sources\sxs#扩展AD架构\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName:"tyun"#在AD用戶与計算机上,你会发现 Microsoft Exchange Security Groups\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains
I.批量发送邮件给自己
send-mailmessage -to administrator.cn -subject "TEST49" -Body "請注意!SRVEX 磁碟空間目前已剩下不到 78% 的可用空間 " -smtpserver srvex.ianext.com -from administrator.cn -Encoding UnicodeJ.单exchange服务停止批量启动
#查看exchange服务Get-Service -Name "MSExch*"#显示完成的exchange名称Get-Service -Name "MSExch*" | ft -auto# 直接重啟 Exchange 已经停止的服务Get-Service -Name "MSExchange*" | Where-Object {$_.Status -eq "Stopped"} | Restart-Service
K.exchange用户信息
#用户登录Exchange信息Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox, SharedMailbox | Get-MailboxStatistics | Sort-Object Lastlogontime -Descending | Select-Object DisplayName,MailboxTypeDetail,LastLogonTime,ServerName#查看目前有架构下所有的 Exchange Server 完整主机名称等等信息Get-ExchangeServer | Select FQDN, ServerRole,AdminDisplayVersion,IsEdgeServer#查看本机所有 Exchange 服务的执行状态Get-Service -Name *Exchange* | Select Status, DisplayName | Sort Status | FT -Auto#测试主机连接smtp服务是否正常Test-NetConnection srvex.tyun.cn -Port 25 -InformationLevel "Detailed"#测试连接的所有网络、来源地址、目的地址以及路由信息Test-NetConnection -ComputerName srvex.tyun.cn -DiagnoseRouting -InformationLevel Detailed#Exchange DNS 查看Get-TransportService | FL *dns*#把ad用户导入到exchangeGet-User -RecipientTypeDetails User -Filter { UserPrincipalName -ne $Null } | Enable-Mailbox
L.批量导出AD用户
参考https://www.cnblogs.com/wulongy/p/14924907.html
#查询到的ad用户导出到ADuser.csv文件里Get-ADUser -Filter * -SearchBase "DC=TYUN, DC=CN" |Select-Object -Property SamAccountName, Surname, GivenName, Name, Group, UserPrincipalName, Path, AccountPassword, Enabled, ChangePasswordAtLogon | Export-Csv -Encoding unicode ADuser.csv文件在C:\Users\Administrator下面#PowerShell 批量导入AD域用户(密码写在脚本上Tyun@2022)import-csv c:\ad\User.csv | Foreach {New-ADUser -samAccountName $_.SamAccountName -Surname $_.Surname -GivenName $_.GivenName -Name $_.Name -UserPrincipalName $_.Userprincipalname -DisplayName $_.DisplayName -Description $_.Description -Path $_.Path -AccountPassword(ConvertTo-SecureString "Tyun@2022" -AsPlainText -Force) -Enabled $true -ChangePasswordAtLogon 1 -passthru -PasswordNeverExpires ($_.PasswordNeverExpires -eq "1") }#PowerShell 批量导入AD域用户(密码写在csv里面)import-csv c:\ad\User.csv | Foreach {New-ADUser -samAccountName $_.SamAccountName -Surname $_.Surname -GivenName $_.GivenName -Name $_.Name -UserPrincipalName $_.Userprincipalname -DisplayName $_.DisplayName -Description $_.Description -Path $_.Path -Enabled $true -AccountPassword (ConvertTo-SecureString $_.AccountPassword -AsPlainText -force) -passthru -PasswordNeverExpires ($_.PasswordNeverExpires -eq "1")}#指定用户查询所有域组名称Get-ADPrincipalGroupMembership hexingxing | ft name#指定用户查询所有域组名称并以名称排序Get-ADPrincipalGroupMembership hexingxing | sort name | ft name#Get-ADUser(Get-ADUser -Identity hexingxing -Properties *).MemberOf用户上次设置密码时间Get-ADUser king -Properties * | ft PasswordLastSet设置账户king密码永不过期Set-ADAccountControl -Identity king -PasswordNeverExpires:$true取消账户king密码永不过期Set-ADAccountControl -Identity king -PasswordNeverExpires:$false设置king的账户过期时间为 2022/10/18 0:00:00,即最后可用使用时间为 2022/10/18Set-ADAccountExpiration -Identity king -DateTime "10/18/2022"忽略旧密码为账户设置新密码Set-ADAccountPassword -Identity king -NewPassword (ConvertTo-SecureString -AsPlainText "ef7s00#" -Force)根据提示信息输入旧密码并更新用户密码Set-ADAccountPassword -Identity kingAD 域启用账户Enable-ADAccount -Identity kingAD 域禁用账户Disable-ADAccount -Identity king
表格样例
AD域管理工具
https://osdn.net/projects/sfnet_adbulkadmin/downloads/ADBulkAdmin/1.1.0.33/ADBulkAdmin-v1.1.0.33.zip/
https://zh.osdn.net/projects/sfnet_adbulkadmin/releases/
导出it组织单元下的所有用户Get-ADUser -Filter * -Properties * -SearchBase "DC=it,DC=tyun,DC=cn" |Select-Object name,SamAccountName,Givenname,surname,Displayname,title,mobile,CanonicalName,Created,Department,DistinguishedName,EmailAddress,homeMDB,mail,mailNickname,MemberOf,msExchCoManagedObjectsBL,msExchHomeServerName,PasswordLastSet,PrimaryGroup,proxyAddresses,UserPrincipalName,whenCreated,whenChanged,MobilePhone,telephoneNumber,employeeNumber,postalCode,company |Export-Csv C:\AllADUser20221001.csv -Encoding UTF8 –NoTypeInformationldifde -f "c:\alldbauser.ldf" -d "DC=it,DC=tyun,DC=cn" -r objectClass=user -l "name,SamAccountName,Givenname,surname,Displayname,title,mobile,CanonicalName,Created,Department,DistinguishedName,EmailAddress,homeMDB,mail,mailNickname,MemberOf,msExchCoManagedObjectsBL,msExchHomeServerName,PasswordLastSet,PrimaryGroup,proxyAddresses,UserPrincipalName,whenCreated,whenChanged,MobilePhone,telephoneNumber,employeeNumber,postalCode,company"
M.获取AD密码策略域过期时间
#获取AD域服务器密码策略信息Get-ADDefaultDomainPasswordPolicyComplexityEnabled:密码必须符合复杂性要求MaxPasswordAge:密码最长使用期限MinPasswordAge:密码最短使用期限MinPasswordLength:最小密码长度PasswordHistoryCount:强制密码历史密码最长使用期限是 24 天;Set-ADDefaultDomainPasswordPolicy -Identity tyun.cn -ComplexityEnabled $True -MaxPasswordAge 180.00:00:00#获取已经过期的用户Get-Aduser -Filter * -Properties * | where {$_.PasswordExpired -eq $true} | FT Name#获取所有标识密码过期时间的用户Get-ADUser -Filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties * | Select-Object -Property "Name", @{n="ExpiryDate";e={$_.PasswordLastSet.AddDays((Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days)}} | Sort-Object ExpiryDate#获取指定标识密码过期时间的用户Get-ADUser -Filter {name -like "king"} -Properties * | Select-Object -Property "Name", @{n="ExpiryDate";e={$_.PasswordLastSet.AddDays((Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days)}} | Sort-Object ExpiryDate#获取所有用户密码属性信息Get-ADUser -Filter * -Properties * | Sort-Object Name | ft Name,PasswordLastSet,PasswordExpired,PasswordNeverExpires#删除单个用户Remove-ADUser -Identity king -Confirm:$false#SAM 账户名删除属于子项/子集/子树的用户对象Get-ADUser -Identity king | foreach{Remove-ADObject -Identity $_.ObjectGUID -Recursive -Confirm:$False}#搜索并删除指定组织单位(OU)容器内的用户对象Get-ADUser -Filter * -SearchBase "OU=cnList,OU=testGroup,DC=tyun,DC=cn" | foreach{Remove-ADObject -Identity $_.ObjectGUID -Recursive -Confirm:$False}#删除子项(子树)需要使用如下删除域对象Remove-ADObject -Identity king -Recursive导入 CSV 数据列表删除用户对象import-csv .\del.csv | foreach{Get-ADUser -Identity $_.name} | foreach{Remove-ADObject -Identity $_.ObjectGUID -Recursive -Confirm:$False}Get-ADUser king可以参考https://hexingxing.cn/tag/active-directory/page/2/https://github.com/phillips321/adaudit/blob/master/AdAudit.ps1
N.存储规划
Database Name | 用户属性 | 单位空间 最大容量 | MAil server01 | |
Level1 | 集团高管、董事会、总裁办公室 | 20G | 主400G | |
Level2 | 业务单元总经理办公人员 | 15G | 主400G | |
Level3 | 部门主管、负责人、核心员工 | 10G | ||
Level4 | 普通员工 | 4G | ||
Level5 | 不活跃用户 | 500M | ||
Level6 | 公共邮箱、系统邮箱、功能邮箱 | 视情况而定 | ||
Level7 | 离职员工 | |||
Level8 | 邮件离职 |
IP地址 | 主机名 | 服务器用途 | 备注 |
10.30.21.64 | SH-Srv-AD | 域控服务器(主域控) | |
10.30.21.77 | SH-Srv-AC | 域控服务器(额外域控) | |
10.30.21.78 | SH-Srv-MBX01 | 邮件服务器01 | |
10.30.21.83 | SH-Srv-MBX02 | 邮件服务器02 |
第一步:安装AD主域控
01 AD域控PDC时间
#查询域控PDC服务器netdom query fsmo#配置PDC使用ntp服务器同步时间w32tm /config /manualpeerlist:"server0.cn.pool.ntp.org,0x8 server1.cn.pool.ntp.org,0x8 time.windows.com,0x8" /syncfromflags:manual /reliable:yes /update#查看当前Windows Time运行情况w32tm /query /status#查看当前ntp时间服务器设置w32tm /query /peers#查看PDC服务器ntp同步状态,和ntp服务器时间差w32tm /stripchart /computer:time.windows.com /samples:100 /dataonly#AD 域客户端同步域服务器时间net time \\192.168.232.10 /set /yreg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\ /v SpecialPollInterval /t REG_DWORD /d 1200 /freg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters /v NtpServer /d ntp1.aliyun.com /fnet stop w32timenet start w32time
02 服务器重置下SID信息
自建打开C:\Windows\System32\Sysprep目录运行sysprep.exe,重置SID后重启服务器
如果是aliyun服务器请下载
https://docs-aliyun.cn-hangzhou.oss.aliyun-inc.com/assets/attach/40846/cn_zh/1542010494209/AutoSysprep.ps1?spm=a2c4g.11186623.0.0.293f5f53EeEej3&file=AutoSysprep.ps1
.\AutoSysprep.ps1 -help重新初始化服务器的SID并重启服务器.\AutoSysprep.ps1 -ReserveHostname -ReserveNetwork -SkipRearm -PostAction "reboot"
03 开始安装主域控
密码策略配置
使用Powershell命令添加AD细粒度密码策略
New-ADFineGrainedPasswordPolicy -Name "PasswordSetting3" -Precedence 1 -ComplexityEnabled $true -Description "The Domain Users Password Policy" -DisplayName "PasswordSetting3" -LockoutDuration "0.00:30:00" -LockoutObservationWindow "0.00:30:00" -LockoutThreshold "5" -MaxPasswordAge "24.00:00:00" -MinPasswordAge "1.00:00:10" -MinPasswordLength "7" -PasswordHistoryCount "24"优先级:1(最高)强制最短密码长度:7(个字符)强制密码历史记录:24(个历史密码)密码复杂性要求:启用强制密码最短期限:1(天)强制密码最长期限:24(天)强制账号锁定策略:30(分钟)内5次(登录失败)锁定30(分钟)
第二步:安装AD辅域控
重启服务器后
测试主辅域连接是否正常
netdom query fsmo
诊断AD信息时候正常
repadmin /showrepl
第三步:安装exchange2019
以次安装服务ndp48-x86-x64-allos-enu.exe、vcredist_x64.exe(2012和2013)、urlrewrite2.exe、UcmaRuntimeSetup_API4.0.exe
#安装远程工具管理包Install-WindowsFeature RSAT-ADDS#安装 Server Media Foundation 窗口功能Install-WindowsFeature Server-Media-Foundation# Exchange 安装程序安装所需的 Windows 组件Install-WindowsFeature NET-Framework-45-Features, Server-Media-Foundation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS -Source G:\sources\sxs#重启下服务器后安装下面的命令操作先加载window server 2019镜像,打开powershell窗口进入g:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareSchema\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAD /OrganizationName:"tyun"\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAllDomains
根据提示重启服务器,然后再执行一次安装
\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareSchema
Exchange2019服务器再次重启
开始安装Exchange2019CU12
或者是通过命令来执行
#将许可证Exchange SRV2019-MBX 的服务器Set-ExchangeServer SRV2019-MBX -ProductKey YCQY7-BNTF6-R337H-69FGX-P39TY#重新启动 Microsoft Exchange信息存储服务Restart-Service MSExchangeIS#验证证书属性Get-ExchangeServer SRV2019-MBX | Format-List Name,Edition,*Trial*Get-ExchangeServer | Format-Table -Auto Name,Edition,*Trial*
各版本的秘钥信息Enterprise: YCQY7-BNTF6-R337H-69FGX-P39TYStandard: G3FMN-FGW6B-MQ9VW-YVFV8-292KP
修复0Day漏洞
.*autodiscover\.json.*\@.*Powershell.*条件输入{REQUEST_URI}.\iisreset.exe -restart
第四步:配置证书
add-pssnapin microsoft.exchange*查询EXCHANGE服务器数据库和日志文件路径Get-MailboxDatabase -Server SRV2019-MBX| Select Name,EdbFilePath,LogFolderPath | fl#查看Exchange Server版本号Get-ExchangeServer | Format-List Name,Edition,AdminDisplayVersion
安装完成exchange服务后重启下服务器,发现exchange服务是停止状态,通过命令重新启动
打开地址https://mail.tyun.cn/ecp
Install-WindowsFeature Web-Client-Auth输入window+q键 inetmgr 进入Internet Information Services (IIS) 管理器
点击owa虚拟目录,双击SSL设置
选择 Microsoft-Server-ActiveSync 虚拟目录,选择SSL 设置
Cmd 打开regedit注册表修改HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443 1
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/owa/" -section:system.webserver/security/access /sslFlags:"Ssl, SslRequireCert" /commit:apphost%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/ecp/" -section:system.webserver/security/access /sslFlags:"Ssl, SslRequireCert" /commit:apphost%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/Microsoft-Server-ActiveSync/" -section:system.webserver/security/access /sslFlags:"Ssl, SslRequireCert" /commit:apphost
颁发自签证书New-ExchangeCertificate -FriendlyName "Contoso Exchange Certificate" -SubjectName CN=srv2019-mbx -DomainName mail.tyun.cn,autodiscover.tyun.cn,srv2019-mbx.tyun.cn -Services SMTP,IIS -PrivateKeyExportable $trueNew-ExchangeCertificate -FriendlyName "Contoso Exchange Certificate2019" -SubjectName CN=mail -DomainName mail.tyun.cn,autodiscover.tyun.cn,srv2019-mbx.tyun.cn -Services SMTP,IIS -PrivateKeyExportable $true查询证书信息Get-ExchangeCertificate | where {$_.Status -eq "Valid" -and $_.IsSelfSigned -eq $true} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,NotBefore,NotAfter续自签证书Get-ExchangeCertificate -Thumbprint BC37CBE2E59566BFF7D01FEAC9B6517841475F2D | New-ExchangeCertificate -Force -PrivateKeyExportable $true颁发机构续订#如果需要将证书续订请求文件 的内容 发送到 CA,请使用以下语法创建 Base64 编码的请求文件$txtrequest = Get-ExchangeCertificate -Thumbprint <Thumbprint> | New-ExchangeCertificate -GenerateRequest [-KeySize <1024 | 2048 | 4096>] [-Server <ServerIdentity>][System.IO.File]::WriteAllBytes('<FilePathOrUNCPath>\<FileName>.req', [System.Text.Encoding]::Unicode.GetBytes($txtrequest))#如果需要将 证书续订请求文件 发送到 CA,请使用以下语法创建 DER 编码的请求文件$binrequest = Get-ExchangeCertificate -Thumbprint <Thumbprint> | New-ExchangeCertificate -GenerateRequest -BinaryEncoded [-KeySize <1024 | 2048 | 4096>] [-Server <ServerIdentity>][System.IO.File]::WriteAllBytes('<FilePathOrUNCPath>\<FileName>.pfx', $binrequest.FileData)#若要找到您想续订的证书的指纹值,请运行以下命令:Get-ExchangeCertificate | where {$_.Status -eq "Valid" -and $_.IsSelfSigned -eq $false} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,NotBefore,NotAfter#此示例为具有指纹值 5DB9879E38E36BCB60B761E29794392B23D1C054的现有证书创建 Base64 编码的证书续订请求:$txtrequest = Get-ExchangeCertificate -Thumbprint 5DB9879E38E36BCB60B761E29794392B23D1C054 | New-ExchangeCertificate -GenerateRequest[System.IO.File]::WriteAllBytes('\\FileServer01\Data\ContosoCertRenewal.req', [System.Text.Encoding]::Unicode.GetBytes($txtrequest))#此示例为同一证书创建 DER (二进制) 编码的证书续订请求:$binrequest = Get-ExchangeCertificate -Thumbprint <Thumbprint> | New-ExchangeCertificate -GenerateRequest -BinaryEncoded[System.IO.File]::WriteAllBytes('\\FileServer01\Data\ContosoCertRenewal.pfx', $binrequest.FileData)#在用于存储证书请求的服务器上的 Exchange 命令行管理程序 中,运行以下命令:Get-ExchangeCertificate | where {$_.Status -eq "PendingRequest" -and $_.IsSelfSigned -eq $false} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint
第五步:配置AD CS
服务器重启
注:如果重启之后发现打开https://主机名/ecp/ 出现503错误的话
修改成对应的ssl证书信息
第六步:导入CA证书
浏览器输入网址https://mail/centsrv/Default.asp或者http://localhost/certsrv/default.asp
如果访问出错的话配置
http://localhost/certsrv/default.asp
$txtrequest = New-ExchangeCertificate -PrivateKeyExportable $True -GenerateRequest -FriendlyName "Mail.tyun.cn Cert" -SubjectName "CN=mail.tyun.cn"[System.IO.File]::WriteAllBytes('\\SRV2019-MBX\Data\Mail.tyun.cn Cert.req', [System.Text.Encoding]::Unicode.GetBytes($txtrequest))#查看exchange2019存储证书信息Get-ExchangeCertificate | where {$_.Status -eq "PendingRequest" -and $_.IsSelfSigned -eq $false} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint
扩大exchange2019证书年限
计算机\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\tyun-SRV2019-MBX-CA 下面的值ValidityPeriodUnits
先停止服务,然后再启动服务
右键复制模版,把有效期改成20年
模版名称修改为Exchange Server 2019
新建 要颁发的证书模版 选择Exchange Server 2019
导入证书到excange2019
Import-ExchangeCertificate -FileData ([System.IO.File]::ReadAllBytes('\\SRV2019-MBX\Data\certnew.cer'))ad域服务器下发证书
出现导入成功后,强制刷新下组策略 gpupdate /force
推荐阅读
推荐视频
微信扫码关注该文公众号作者
戳这里提交新闻线索和高质量文章给我们。
来源: qq
点击查看作者最近其他文章