Only use open-source, audited scripts like Microsoft Activation Scripts (MAS) from a trusted GitHub repository—but even then, never on a production server.
Assume every credential on that server is stolen—domain admin, SQL sa, local users, service accounts. kms activator windows server 2022
: slmgr /ipk (Note: Use the Generic Volume License Key provided by Microsoft for Server 2022). Only use open-source