ProxyLogon - HackMD

ProxyLogon === ## Download - [Window Server 2016](https://mega.nz/#!8ER1lLgb!9EvVXNKHeRUUbkxdEfrwpzqgZbyv0zOsv-uqqRaL2zM) - [Exchang Server 2016 15.01.1713005](https://www.microsoft.com/en-us/download/details.aspx?id=57827) - [安裝流程](https://www.cnblogs.com/jianyus/p/3170732.html) - [子網域安裝](https://www.petenetlive.com/KB/Article/0001409) - [ProxyLogon](https://github.com/hausec/ProxyLogon) ## Setting Document 1.Install IIS & AD Service on Server site 2.IIS in 角色服務 -> 選 windows 身分驗證 3.Tools -> AD User and Computers -> Test.com -> new/user -> TEST1 -> 1qaz@WSX ->... 4.Install Exchange Server 2016 on Server site (ISO) 5.Intall Exchange Error: :::warning error: ![](https://i.imgur.com/6G6d8nl.png) 錯誤安裝以下套件-> - [.NET Framwork4.7.1](https://www.microsoft.com/en-us/download/details.aspx?id=56116) - [Managed API 4.0](https://www.microsoft.com/en-us/download/details.aspx?id=34992) - [Visual C++ 2013](https://www.microsoft.com/en-us/download/details.aspx?id=40784) ::: Install Exchange in Child AD Server 建置完AD後 1.將父AD的FSMO轉換成Child AD Server (In父AD Server) * Active Directory Domains and Trust->Active Directory Domains and Trust(右鍵)->Change Active Directory Domain Controller->切換成Child AD; Active Directory Domains and Trust(右鍵)->Operations Master->切換成Child AD; * cmd(in admin) -> regsvr32 schmmgmt.dll ; RUN -> mmc -> file -> add/remove snap-in -> Active Directory Schema(add) -> ok; Active Directory Schema(右鍵)->Change Active Directory Domain Controller->切換成Child AD; Active Directory Schema(右鍵)->Operations Master->切換成Child AD; 2.Install Exchange Server 2016 on Server site (ISO) * powershell(in admin)->cd to iso disk-> .\Setup.EXE /PrepareSchema /IAcceptExchangeServerLicenseTerms-> .\Setup.EXE /PrepareAD /IAcceptExchangeServerLicenseTerms /OrganizationName <Organization name>-> .\Setup.EXE /PrepareDomain /IAcceptExchangeServerLicenseTerms; 3.Set admin member of Enterprise Admins and Schema Admins in child AD and restart server 4.start install Exchange :::warning ### Error 8224 #### 1. Check AD sites and services Check All NTDS Settings have all AD site server #### 2. restart All server ::: 6.check * https://localhost/ecp Exchange Admin Center * https://localhost/owa User outlook 7.Exchage admin center : * create user ![](https://i.imgur.com/Dnp2qXu.png) ![]() - 可加入有機敏資訊的信件 - 自動化更改AD內帳密，並寄給exchange server