Redian新闻
>
Exchange Server 2019 实战操作指南

Exchange Server 2019 实战操作指南

科技

新钛云服已累计为您分享737篇技术干货



基本信息
  • 镜像下载地址:

https://next.itellyou.cn/Original/#

  • 文档:

    https://learn.microsoft.com/zh-cn/Exchange/plan-and-deploy/system-requirements?view=exchserver-2019



必要软件

Exchange 2019 最低要求是 16GB 内存

显示计算机、网络图标,在运行窗口输入rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,0
桌面壁纸显示ip地址信息https://learn.microsoft.com/zh-cn/sysinternals/downloads/bginfo

Boot Time: <Boot Time>OS Version: <OS Version>Host Name: <Host Name>Logon Domain: <Logon Domain>Machine Domain: <Machine Domain>CPU: <CPU>Memory: <Memory>IP Address: <IP Address>DHCP Server: <DHCP Server>MAC Address: <MAC Address>Subnet Mask: <Subnet Mask>DNS Server: <DNS Server>Default Gateway: <Default Gateway>Volumes: <Volumes>


A .NET框架4.8

https://download.visualstudio.microsoft.com/download/pr/014120d7-d689-4305-befd-3cb711108212/0fd66638cde16859462a6243a4629a50/ndp48-x86-x64-allos-enu.exe


B.Visual C++ Redistributable Package for Visual Studio 2012

https://www.microsoft.com/download/details.aspx?id=30679


C.在 Windows PowerShell 中运行以下命令,安装远程工具管理包:

Install-WindowsFeature RSAT-ADDS


D.Exchange Server 2019 CU12 (2022H1)补丁包

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2022-h1-cumulative-updates-for-exchange-server/ba-p/3285026

下载地址https://www.microsoft.com/en-us/download/details.aspx?id=30679



E.IIS URL 重写模块

IIS 的 URL 重写模块需要在累积更新 11 或更高版本中使用。

下载地址https://www.iis.net/downloads/microsoft/url-rewrite



F.添加所需的 Lync Server 或 Skype for Business Server 组件:

Install-WindowsFeature Server-Media-Foundation


G.安装 Unified Communications Managed API 4.0。

此程序包可供下载并位于 Exchange Server 媒体的

\UCMARedist 文件夹中

https://www.microsoft.com/download/details.aspx?id=34992


H.使用 Exchange 安装程序安装所需的 Windows 组件,请在 Windows PowerShell 中运行以下命令之一

#把window2019的安装ios加到到本电脑上的z磁盘Install-WindowsFeature NET-Framework-45-Features, Server-Media-Foundation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS -Source Z:\sources\sxs

#扩展AD架构\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema

\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName:"tyun"
#在AD用戶与計算机上,你会发现 Microsoft Exchange Security Groups

\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains


I.批量发送邮件给自己

send-mailmessage -to administrator@tyun.cn -subject "TEST49" -Body "請注意!SRVEX 磁碟空間目前已剩下不到 78% 的可用空間 " -smtpserver srvex.ianext.com -from administrator@tyun.cn  -Encoding  Unicode


J.单exchange服务停止批量启动

#查看exchange服务Get-Service -Name "MSExch*"
#显示完成的exchange名称Get-Service -Name "MSExch*" | ft -auto

# 直接重啟 Exchange 已经停止的服务Get-Service -Name "MSExchange*" | Where-Object {$_.Status -eq "Stopped"} | Restart-Service


K.exchange用户信息

#用户登录Exchange信息Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox, SharedMailbox | Get-MailboxStatistics | Sort-Object Lastlogontime -Descending | Select-Object DisplayName,MailboxTypeDetail,LastLogonTime,ServerName

#查看目前有架构下所有的 Exchange Server 完整主机名称等等信息Get-ExchangeServer | Select FQDN, ServerRole,AdminDisplayVersion,IsEdgeServer


#查看本机所有 Exchange 服务的执行状态Get-Service -Name *Exchange* | Select Status, DisplayName | Sort Status | FT -Auto
#测试主机连接smtp服务是否正常Test-NetConnection srvex.tyun.cn -Port 25 -InformationLevel "Detailed"

#测试连接的所有网络、来源地址、目的地址以及路由信息Test-NetConnection -ComputerName srvex.tyun.cn -DiagnoseRouting -InformationLevel Detailed
#Exchange DNS 查看Get-TransportService | FL *dns*

#把ad用户导入到exchangeGet-User -RecipientTypeDetails User -Filter { UserPrincipalName -ne $Null } | Enable-Mailbox


L.批量导出AD用户

参考https://www.cnblogs.com/wulongy/p/14924907.html

#查询到的ad用户导出到ADuser.csv文件里Get-ADUser -Filter * -SearchBase "DC=TYUN, DC=CN" |Select-Object -Property SamAccountName, Surname, GivenName, Name, Group, UserPrincipalName, Path, AccountPassword, Enabled, ChangePasswordAtLogon | Export-Csv -Encoding unicode ADuser.csv文件在C:\Users\Administrator下面

#PowerShell 批量导入AD域用户(密码写在脚本上Tyun@2022)import-csv c:\ad\User.csv | Foreach {New-ADUser -samAccountName $_.SamAccountName -Surname $_.Surname -GivenName $_.GivenName -Name $_.Name -UserPrincipalName $_.Userprincipalname -DisplayName $_.DisplayName -Description $_.Description -Path $_.Path -AccountPassword(ConvertTo-SecureString "Tyun@2022" -AsPlainText -Force) -Enabled $true -ChangePasswordAtLogon 1 -passthru -PasswordNeverExpires ($_.PasswordNeverExpires -eq "1") }
#PowerShell 批量导入AD域用户(密码写在csv里面)import-csv c:\ad\User.csv | Foreach {New-ADUser -samAccountName $_.SamAccountName -Surname $_.Surname -GivenName $_.GivenName -Name $_.Name -UserPrincipalName $_.Userprincipalname -DisplayName $_.DisplayName -Description $_.Description -Path $_.Path -Enabled $true -AccountPassword (ConvertTo-SecureString $_.AccountPassword -AsPlainText -force) -passthru -PasswordNeverExpires ($_.PasswordNeverExpires -eq "1")}


#指定用户查询所有域组名称Get-ADPrincipalGroupMembership hexingxing | ft name
#指定用户查询所有域组名称并以名称排序Get-ADPrincipalGroupMembership hexingxing | sort name | ft name
#Get-ADUser(Get-ADUser -Identity hexingxing -Properties *).MemberOf
用户上次设置密码时间Get-ADUser king -Properties * | ft PasswordLastSet
设置账户king密码永不过期Set-ADAccountControl -Identity king -PasswordNeverExpires:$true
取消账户king密码永不过期Set-ADAccountControl -Identity king -PasswordNeverExpires:$false
设置king的账户过期时间为 2022/10/18 0:00:00,即最后可用使用时间为 2022/10/18Set-ADAccountExpiration -Identity king -DateTime "10/18/2022"

忽略旧密码为账户设置新密码Set-ADAccountPassword -Identity king -NewPassword (ConvertTo-SecureString -AsPlainText "ef7s00#" -Force)
根据提示信息输入旧密码并更新用户密码Set-ADAccountPassword -Identity king
AD 域启用账户Enable-ADAccount -Identity king
AD 域禁用账户Disable-ADAccount -Identity king

表格样例

AD域管理工具

https://osdn.net/projects/sfnet_adbulkadmin/downloads/ADBulkAdmin/1.1.0.33/ADBulkAdmin-v1.1.0.33.zip/

https://zh.osdn.net/projects/sfnet_adbulkadmin/releases/



导出it组织单元下的所有用户Get-ADUser -Filter * -Properties * -SearchBase "DC=it,DC=tyun,DC=cn" |Select-Object name,SamAccountName,Givenname,surname,Displayname,title,mobile,CanonicalName,Created,Department,DistinguishedName,EmailAddress,homeMDB,mail,mailNickname,MemberOf,msExchCoManagedObjectsBL,msExchHomeServerName,PasswordLastSet,PrimaryGroup,proxyAddresses,UserPrincipalName,whenCreated,whenChanged,MobilePhone,telephoneNumber,employeeNumber,postalCode,company |Export-Csv C:\AllADUser20221001.csv -Encoding UTF8 –NoTypeInformation


ldifde -f "c:\alldbauser.ldf" -d "DC=it,DC=tyun,DC=cn" -r objectClass=user -l "name,SamAccountName,Givenname,surname,Displayname,title,mobile,CanonicalName,Created,Department,DistinguishedName,EmailAddress,homeMDB,mail,mailNickname,MemberOf,msExchCoManagedObjectsBL,msExchHomeServerName,PasswordLastSet,PrimaryGroup,proxyAddresses,UserPrincipalName,whenCreated,whenChanged,MobilePhone,telephoneNumber,employeeNumber,postalCode,company"


M.获取AD密码策略域过期时间

#获取AD域服务器密码策略信息Get-ADDefaultDomainPasswordPolicy
ComplexityEnabled:密码必须符合复杂性要求MaxPasswordAge:密码最长使用期限MinPasswordAge:密码最短使用期限MinPasswordLength:最小密码长度PasswordHistoryCount:强制密码历史
密码最长使用期限是 24 天;
Set-ADDefaultDomainPasswordPolicy -Identity tyun.cn -ComplexityEnabled $True -MaxPasswordAge 180.00:00:00

#获取已经过期的用户Get-Aduser -Filter * -Properties * | where {$_.PasswordExpired -eq $true} | FT Name

#获取所有标识密码过期时间的用户Get-ADUser -Filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties * | Select-Object -Property "Name", @{n="ExpiryDate";e={$_.PasswordLastSet.AddDays((Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days)}} | Sort-Object ExpiryDate


#获取指定标识密码过期时间的用户Get-ADUser -Filter {name -like "king"} -Properties * | Select-Object -Property "Name", @{n="ExpiryDate";e={$_.PasswordLastSet.AddDays((Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days)}} | Sort-Object ExpiryDate
#获取所有用户密码属性信息Get-ADUser -Filter * -Properties * | Sort-Object Name | ft Name,PasswordLastSet,PasswordExpired,PasswordNeverExpires

#删除单个用户Remove-ADUser -Identity king -Confirm:$false
#SAM 账户名删除属于子项/子集/子树的用户对象Get-ADUser -Identity king | foreach{Remove-ADObject -Identity $_.ObjectGUID -Recursive -Confirm:$False}
#搜索并删除指定组织单位(OU)容器内的用户对象Get-ADUser -Filter * -SearchBase "OU=cnList,OU=testGroup,DC=tyun,DC=cn" | foreach{Remove-ADObject -Identity $_.ObjectGUID -Recursive -Confirm:$False}
#删除子项(子树)需要使用如下删除域对象Remove-ADObject -Identity king -Recursive

导入 CSV 数据列表删除用户对象import-csv .\del.csv | foreach{Get-ADUser -Identity $_.name} | foreach{Remove-ADObject -Identity $_.ObjectGUID -Recursive -Confirm:$False}
Get-ADUser king

可以参考https://hexingxing.cn/tag/active-directory/page/2/

https://github.com/phillips321/adaudit/blob/master/AdAudit.ps1


N.存储规划


Database Name

用户属性

单位空间

最大容量

MAil server01


Level1

集团高管、董事会、总裁办公室

20G

主400G


Level2

业务单元总经理办公人员

15G

主400G


Level3

部门主管、负责人、核心员工

10G



Level4

普通员工

4G



Level5

不活跃用户

500M



Level6

公共邮箱、系统邮箱、功能邮箱

视情况而定



Level7

离职员工




Level8

邮件离职






Exchange2019的步骤


IP地址

主机名

服务器用途

备注

10.30.21.64

SH-Srv-AD

域控服务器(主域控)


10.30.21.77

SH-Srv-AC

域控服务器(额外域控)


10.30.21.78

SH-Srv-MBX01

邮件服务器01


10.30.21.83

SH-Srv-MBX02

邮件服务器02


架构图展示


第一步:安装AD主域控

01  AD域控PDC时间

#查询域控PDC服务器netdom query fsmo
#配置PDC使用ntp服务器同步时间w32tm /config /manualpeerlist:"server0.cn.pool.ntp.org,0x8 server1.cn.pool.ntp.org,0x8 time.windows.com,0x8" /syncfromflags:manual /reliable:yes /update
#查看当前Windows Time运行情况w32tm /query /status
#查看当前ntp时间服务器设置w32tm /query /peers
#查看PDC服务器ntp同步状态,和ntp服务器时间差w32tm /stripchart /computer:time.windows.com /samples:100 /dataonly

#AD 域客户端同步域服务器时间net time \\192.168.232.10 /set /y

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\ /v SpecialPollInterval /t REG_DWORD /d 1200 /freg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters /v NtpServer /d ntp1.aliyun.com /f net stop w32timenet start w32time

02  服务器重置下SID信息

自建打开C:\Windows\System32\Sysprep目录运行sysprep.exe,重置SID后重启服务器

如果是aliyun服务器请下载

https://docs-aliyun.cn-hangzhou.oss.aliyun-inc.com/assets/attach/40846/cn_zh/1542010494209/AutoSysprep.ps1?spm=a2c4g.11186623.0.0.293f5f53EeEej3&file=AutoSysprep.ps1

.\AutoSysprep.ps1 -help
重新初始化服务器的SID并重启服务器.\AutoSysprep.ps1 -ReserveHostname -ReserveNetwork -SkipRearm -PostAction "reboot"

03  开始安装主域控



密码策略配置


使用Powershell命令添加AD细粒度密码策略

New-ADFineGrainedPasswordPolicy -Name "PasswordSetting3" -Precedence 1 -ComplexityEnabled $true -Description "The Domain Users Password Policy" -DisplayName "PasswordSetting3" -LockoutDuration "0.00:30:00" -LockoutObservationWindow "0.00:30:00" -LockoutThreshold "5" -MaxPasswordAge "24.00:00:00" -MinPasswordAge "1.00:00:10" -MinPasswordLength "7" -PasswordHistoryCount "24"

优先级:1(最高)强制最短密码长度:7(个字符)强制密码历史记录:24(个历史密码)密码复杂性要求:启用强制密码最短期限:1(天)强制密码最长期限:24(天)强制账号锁定策略:30(分钟)内5次(登录失败)锁定30(分钟)


第二步:安装AD辅域控

重启服务器后

测试主辅域连接是否正常

netdom query fsmo

诊断AD信息时候正常

repadmin /showrepl


第三步:安装exchange2019

以次安装服务ndp48-x86-x64-allos-enu.exe、vcredist_x64.exe(2012和2013)、urlrewrite2.exe、UcmaRuntimeSetup_API4.0.exe

#安装远程工具管理包Install-WindowsFeature RSAT-ADDS
#安装 Server Media Foundation 窗口功能Install-WindowsFeature Server-Media-Foundation
# Exchange 安装程序安装所需的 Windows 组件Install-WindowsFeature NET-Framework-45-Features, Server-Media-Foundation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS -Source G:\sources\sxs
#重启下服务器后安装下面的命令操作
先加载window server 2019镜像,打开powershell窗口进入g:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareSchema

\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAD /OrganizationName:"tyun"

\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAllDomains


根据提示重启服务器,然后再执行一次安装

\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareSchema

Exchange2019服务器再次重启

开始安装Exchange2019CU12

或者是通过命令来执行

#将许可证Exchange SRV2019-MBX 的服务器Set-ExchangeServer SRV2019-MBX -ProductKey YCQY7-BNTF6-R337H-69FGX-P39TY
#重新启动 Microsoft Exchange信息存储服务Restart-Service MSExchangeIS
#验证证书属性Get-ExchangeServer SRV2019-MBX | Format-List Name,Edition,*Trial*
Get-ExchangeServer | Format-Table -Auto Name,Edition,*Trial*

各版本的秘钥信息Enterprise: YCQY7-BNTF6-R337H-69FGX-P39TY
Standard: G3FMN-FGW6B-MQ9VW-YVFV8-292KP

修复0Day漏洞

.*autodiscover\.json.*\@.*Powershell.*

条件输入{REQUEST_URI}


.\iisreset.exe -restart


第四步:配置证书


add-pssnapin microsoft.exchange*
查询EXCHANGE服务器数据库和日志文件路径Get-MailboxDatabase -Server SRV2019-MBX| Select Name,EdbFilePath,LogFolderPath | fl
#查看Exchange Server版本号Get-ExchangeServer | Format-List Name,Edition,AdminDisplayVersion

安装完成exchange服务后重启下服务器,发现exchange服务是停止状态,通过命令重新启动

打开地址https://mail.tyun.cn/ecp

Install-WindowsFeature Web-Client-Auth

输入window+q键 inetmgr 进入Internet Information Services (IIS) 管理器

点击owa虚拟目录,双击SSL设置

选择 Microsoft-Server-ActiveSync 虚拟目录,选择SSL 设置

Cmd 打开regedit注册表修改HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443 1

%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/owa/" -section:system.webserver/security/access /sslFlags:"Ssl, SslRequireCert" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/ecp/" -section:system.webserver/security/access /sslFlags:"Ssl, SslRequireCert" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/Microsoft-Server-ActiveSync/" -section:system.webserver/security/access /sslFlags:"Ssl, SslRequireCert" /commit:apphost

颁发自签证书New-ExchangeCertificate -FriendlyName "Contoso Exchange Certificate" -SubjectName CN=srv2019-mbx -DomainName mail.tyun.cn,autodiscover.tyun.cn,srv2019-mbx.tyun.cn -Services SMTP,IIS -PrivateKeyExportable $true
New-ExchangeCertificate -FriendlyName "Contoso Exchange Certificate2019" -SubjectName CN=mail -DomainName mail.tyun.cn,autodiscover.tyun.cn,srv2019-mbx.tyun.cn -Services SMTP,IIS -PrivateKeyExportable $true
查询证书信息Get-ExchangeCertificate | where {$_.Status -eq "Valid" -and $_.IsSelfSigned -eq $true} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,NotBefore,NotAfter
续自签证书Get-ExchangeCertificate -Thumbprint BC37CBE2E59566BFF7D01FEAC9B6517841475F2D | New-ExchangeCertificate -Force -PrivateKeyExportable $true


颁发机构续订
#如果需要将证书续订请求文件 的内容 发送到 CA,请使用以下语法创建 Base64 编码的请求文件$txtrequest = Get-ExchangeCertificate -Thumbprint <Thumbprint> | New-ExchangeCertificate -GenerateRequest [-KeySize <1024 | 2048 | 4096>] [-Server <ServerIdentity>][System.IO.File]::WriteAllBytes('<FilePathOrUNCPath>\<FileName>.req', [System.Text.Encoding]::Unicode.GetBytes($txtrequest))
#如果需要将 证书续订请求文件 发送到 CA,请使用以下语法创建 DER 编码的请求文件$binrequest = Get-ExchangeCertificate -Thumbprint <Thumbprint> | New-ExchangeCertificate -GenerateRequest -BinaryEncoded [-KeySize <1024 | 2048 | 4096>] [-Server <ServerIdentity>][System.IO.File]::WriteAllBytes('<FilePathOrUNCPath>\<FileName>.pfx', $binrequest.FileData)
#若要找到您想续订的证书的指纹值,请运行以下命令:Get-ExchangeCertificate | where {$_.Status -eq "Valid" -and $_.IsSelfSigned -eq $false} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,NotBefore,NotAfter
#此示例为具有指纹值 5DB9879E38E36BCB60B761E29794392B23D1C054的现有证书创建 Base64 编码的证书续订请求:$txtrequest = Get-ExchangeCertificate -Thumbprint 5DB9879E38E36BCB60B761E29794392B23D1C054 | New-ExchangeCertificate -GenerateRequest[System.IO.File]::WriteAllBytes('\\FileServer01\Data\ContosoCertRenewal.req', [System.Text.Encoding]::Unicode.GetBytes($txtrequest))
#此示例为同一证书创建 DER (二进制) 编码的证书续订请求:$binrequest = Get-ExchangeCertificate -Thumbprint <Thumbprint> | New-ExchangeCertificate -GenerateRequest -BinaryEncoded[System.IO.File]::WriteAllBytes('\\FileServer01\Data\ContosoCertRenewal.pfx', $binrequest.FileData)
#在用于存储证书请求的服务器上的 Exchange 命令行管理程序 中,运行以下命令:Get-ExchangeCertificate | where {$_.Status -eq "PendingRequest" -and $_.IsSelfSigned -eq $false} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint


第五步:配置AD CS

服务器重启

注:如果重启之后发现打开https://主机名/ecp/  出现503错误的话

修改成对应的ssl证书信息


第六步:导入CA证书

浏览器输入网址https://mail/centsrv/Default.asp或者http://localhost/certsrv/default.asp

如果访问出错的话配置

http://localhost/certsrv/default.asp

$txtrequest = New-ExchangeCertificate -PrivateKeyExportable $True -GenerateRequest -FriendlyName "Mail.tyun.cn Cert" -SubjectName "CN=mail.tyun.cn"[System.IO.File]::WriteAllBytes('\\SRV2019-MBX\Data\Mail.tyun.cn Cert.req', [System.Text.Encoding]::Unicode.GetBytes($txtrequest))

#查看exchange2019存储证书信息Get-ExchangeCertificate | where {$_.Status -eq "PendingRequest" -and $_.IsSelfSigned -eq $false} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint

扩大exchange2019证书年限

计算机\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\tyun-SRV2019-MBX-CA 下面的值ValidityPeriodUnits

先停止服务,然后再启动服务

右键复制模版,把有效期改成20年

模版名称修改为Exchange Server  2019

新建 要颁发的证书模版 选择Exchange Server  2019

导入证书到excange2019

Import-ExchangeCertificate -FileData ([System.IO.File]::ReadAllBytes('\\SRV2019-MBX\Data\certnew.cer'))

ad域服务器下发证书

出现导入成功后,强制刷新下组策略  gpupdate /force


    推荐阅读   


    推荐视频    

微信扫码关注该文公众号作者

戳这里提交新闻线索和高质量文章给我们。
相关阅读
抑制不住的愤怒!!乌克兰LVIV交响乐团音乐会【便民】增至92家!我市这些医院上线预约停车功能(附操作指南)→"𝙇𝙚𝙖𝙙 𝙏𝙝𝙚 𝘾𝙝𝙖𝙧𝙜𝙚"广告#创译挑战ChatGPT版Excel?北大ChatExcel动动嘴皮子就把表格改完了@所有企业经营者,你有一份数字供应链金融操作指南请查收#英语学习#Reserve, Preserve和Conserve有什么区别?看看你能答对这道题吗?今天随意浏览了一下CMU 2019童年的向往~“当兵”参军猫本瓜田 | 微信惊现“撞人拿永居”操作指南!网友痛批:缺了大德(组图)Young Chinese Love Everything About Sweden. Except Living There.发动机盖上的密封圈寿命多长?2019 年换的gasket, dealer 说又漏了,还的换Majority of Parents Stressed Over Children’s Education: SurveyMyopia Soaring Among Chinese School Students: New Survey官宣:新一代Serverless事件中间件EventMesh正式毕业为Apache顶级项目2019 HMS total new offers 208,小亚57,小中可能9Chinese Climbers Scale Everest, Tragedy and Daring Rescue EnsueBrokerage Apps Allowing Overseas Trading Pulled From App StoresJiangsu City Punishes Property Developers For Selling Cheaply假假真真“高球冠军”,半真半假“川普神话”Chinese Tutoring Giants Set Sights on Overseas ExpansionServerless Streaming:毫秒级流式大文件处理探秘Sexual Offenses Against Minors Rising in China, Says Government【前瞻 Prospect Series 01】Generative AI的产业现状、技术应用及发展趋势Chinese Athletes Excel at Ski Mountaineering World Championships十分钟内,用 Serverless 构建自己的“ChatGPT”各类债券发行/承销/审核等实务操作指南(专业版)怎么开始学佛在沪首次申领居民身份证实现“跨省通办”,这份操作指南请收好‘Yellow Fever’ Expat Soccer Team Forced to Change NameChinese University Offers Course to Excel in Civil Service Exam想要在房地产投资中获得最大回报?减税秘诀 1031 exchange 你掌握了吗?做1031 exchangeReverse Alchemy: The Chinese Emperor Who Turned Silver Into Tin可以替代微软 Exchange 的 5 个开源软件 | Linux 中国More Women Want Career Over Marriage, Having Kids: New SurveyShanghai Eases Driving License Process for Deaf DriversHow Climate Change Is Disrupting China’s Cherry Blossom Season斯坦福5.5万人研究:30年,男人长(cháng)了3厘米,但并非好事
logo
联系我们隐私协议©2024 redian.news
Redian新闻
Redian.news刊载任何文章,不代表同意其说法或描述,仅为提供更多信息,也不构成任何建议。文章信息的合法性及真实性由其作者负责,与Redian.news及其运营公司无关。欢迎投稿,如发现稿件侵权,或作者不愿在本网发表文章,请版权拥有者通知本网处理。