private void RemoveInvalidRoleGroups(RoleGroupCollection roleGroups)
 {
     foreach (RoleGroupDefinition roleGroupDefinition in roleGroups)
     {
         DNWithBinary dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(this.configurationUnit.OtherWellKnownObjects, roleGroupDefinition.RoleGroupGuid);
         if (null != dnwithBinary)
         {
             this.configurationUnit.OtherWellKnownObjects.Remove(dnwithBinary);
             this.configurationSession.Save(this.configurationUnit);
             base.LogWriteObject(this.configurationUnit);
             ADObjectId adobjectId = new ADObjectId(dnwithBinary.DistinguishedName);
             foreach (ExchangeRoleAssignment exchangeRoleAssignment in this.configurationSession.FindPaged <ExchangeRoleAssignment>(base.OrgContainerId.GetDescendantId(ExchangeRoleAssignment.RdnContainer), QueryScope.OneLevel, new ComparisonFilter(ComparisonOperator.Equal, ExchangeRoleAssignmentSchema.User, adobjectId), null, 0))
             {
                 this.configurationSession.Delete(exchangeRoleAssignment);
                 base.LogWriteObject(exchangeRoleAssignment);
             }
             if (!adobjectId.IsDeleted)
             {
                 ADRecipient adrecipient = this.orgDomainRecipientSession.Read(adobjectId);
                 base.LogReadObject(adrecipient);
                 this.orgDomainRecipientSession.Delete(adrecipient);
                 base.LogWriteObject(adrecipient);
             }
         }
     }
 }
Beispiel #2
0
 public static void SetAclOnAlternateProperty(ADObject obj, GenericAce[] aces, PropertyDefinition sdProperty)
 {
     using (WindowsIdentity current = WindowsIdentity.GetCurrent())
     {
         SecurityIdentifier user  = current.User;
         SecurityIdentifier group = user;
         DirectoryCommon.SetAclOnAlternateProperty(obj, aces, sdProperty, user, group);
     }
 }
Beispiel #3
0
        public static void GrantWriteMembershipPermissionToEOA(ADObject obj, ADGroup eoa, IConfigurationSession configurationSession, Task.TaskVerboseLoggingDelegate logWarning)
        {
            Guid schemaPropertyGuid = DirectoryCommon.GetSchemaPropertyGuid(configurationSession, "member");
            ActiveDirectoryAccessRule activeDirectoryAccessRule = new ActiveDirectoryAccessRule(eoa.Sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid, ActiveDirectorySecurityInheritance.All);

            DirectoryCommon.SetAces(logWarning, null, obj, new ActiveDirectoryAccessRule[]
            {
                activeDirectoryAccessRule
            });
        }
Beispiel #4
0
        protected override void InternalProcessRecord()
        {
            TaskLogger.LogEnter();
            List <Server>             list  = new List <Server>();
            List <SecurityIdentifier> list2 = new List <SecurityIdentifier>();
            Server server = null;

            try
            {
                server = ((ITopologyConfigurationSession)this.configurationSession).FindLocalServer();
            }
            catch (LocalServerNotFoundException ex)
            {
                base.WriteError(new CouldNotFindExchangeServerDirectoryEntryException(ex.Fqdn), ErrorCategory.InvalidData, null);
            }
            base.LogReadObject(server);
            list.Add(server);
            ADComputer adcomputer = ((ITopologyConfigurationSession)this.domainConfigurationSession).FindLocalComputer();

            if (adcomputer == null)
            {
                base.WriteError(new CouldNotFindLocalhostDirectoryEntryException(), ErrorCategory.InvalidData, null);
            }
            base.LogReadObject(adcomputer);
            list2.Add(adcomputer.Sid);
            if (list.Count > 0)
            {
                List <ActiveDirectoryAccessRule> list3 = list2.ConvertAll <ActiveDirectoryAccessRule>((SecurityIdentifier machineSid) => new ActiveDirectoryAccessRule(machineSid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
                using (IEnumerator <string> enumerator = DirectoryCommon.ServerWriteAttrs.GetEnumerator())
                {
                    while (enumerator.MoveNext())
                    {
                        string attr = enumerator.Current;
                        list3.AddRange(list2.ConvertAll <ActiveDirectoryAccessRule>((SecurityIdentifier machineSid) => new ActiveDirectoryAccessRule(machineSid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, attr), ActiveDirectorySecurityInheritance.None)));
                    }
                }
                foreach (Server obj in list)
                {
                    DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, obj, list3.ToArray());
                }
                SecurityIdentifier sid = this.exs.Sid;
                List <ActiveDirectoryAccessRule> list4 = new List <ActiveDirectoryAccessRule>();
                list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreTransportAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreConstrainedDelegationExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreReadAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreReadWriteAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                foreach (Server obj2 in list)
                {
                    DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, obj2, list4.ToArray());
                }
                TaskLogger.LogExit();
            }
        }
        private void SetDeletedObjectsSecurityDescriptor(SecurityIdentifier sid, ActiveDirectoryRights adr)
        {
            ADObjectId deletedObjectsContainer = this.configurationSession.DeletedObjectsContainer;

            if (base.ShouldProcess(deletedObjectsContainer.DistinguishedName, Strings.InfoProcessAction(sid.ToString()), null))
            {
                ActiveDirectoryAccessRule activeDirectoryAccessRule = new ActiveDirectoryAccessRule(sid, adr, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All);
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, (IConfigurationSession)ADSession.RescopeSessionToTenantSubTree(this.configurationSession), deletedObjectsContainer, new ActiveDirectoryAccessRule[]
                {
                    activeDirectoryAccessRule
                });
            }
        }
Beispiel #6
0
        private static void SetAces(Task.TaskVerboseLoggingDelegate verboseLogger, Task.TaskWarningLoggingDelegate warningLogger, Task.ErrorLoggerDelegate errorLogger, ADObject obj, bool remove, params ActiveDirectoryAccessRule[] aces)
        {
            if (obj == null)
            {
                throw new ArgumentNullException("obj");
            }
            RawSecurityDescriptor rawSecurityDescriptor = obj.ReadSecurityDescriptor();

            rawSecurityDescriptor = DirectoryCommon.ApplyAcesOnSd(verboseLogger, warningLogger, errorLogger, obj.Id, rawSecurityDescriptor, remove, aces);
            if (rawSecurityDescriptor != null)
            {
                obj.SaveSecurityDescriptor(rawSecurityDescriptor);
            }
        }
Beispiel #7
0
        private static ActiveDirectoryAccessRule FindAce(ActiveDirectoryAccessRule ace, ActiveDirectorySecurity acl, bool includeInherited, bool subsetInsteadOfSuperset)
        {
            AuthorizationRuleCollection accessRules = acl.GetAccessRules(true, includeInherited, typeof(SecurityIdentifier));

            foreach (object obj in accessRules)
            {
                ActiveDirectoryAccessRule activeDirectoryAccessRule = (ActiveDirectoryAccessRule)obj;
                if (DirectoryCommon.AceMatches(ace, activeDirectoryAccessRule, subsetInsteadOfSuperset))
                {
                    return(activeDirectoryAccessRule);
                }
            }
            return(null);
        }
 private void SetAceByObjectClass <T>(ADObjectId root, ActiveDirectoryAccessRule ace) where T : ADConfigurationObject, new()
 {
     T[] array = this.configurationSession.Find <T>(root, QueryScope.SubTree, null, null, 0);
     foreach (T t in array)
     {
         if (base.ShouldProcess(t.DistinguishedName, Strings.InfoProcessAction(ace.IdentityReference.ToString()), null))
         {
             DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, t, new ActiveDirectoryAccessRule[]
             {
                 ace
             });
         }
     }
 }
        private void GrantWriteMembershipPermission(SecurityIdentifier sid, ADOrganizationalUnit container)
        {
            List <ActiveDirectoryAccessRule> list  = new List <ActiveDirectoryAccessRule>();
            List <ActiveDirectoryAccessRule> list2 = new List <ActiveDirectoryAccessRule>();
            Guid schemaPropertyGuid = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "member");
            Guid schemaClassGuid    = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "group");

            list2.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid));
            list2.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.CreateChild, AccessControlType.Allow, schemaClassGuid, ActiveDirectorySecurityInheritance.All));
            list.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.DeleteChild, AccessControlType.Allow, schemaClassGuid, ActiveDirectorySecurityInheritance.All));
            list2.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.Delete, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid));
            DirectoryCommon.RemoveAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, null, container, list.ToArray());
            DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, container, list2.ToArray());
        }
Beispiel #10
0
        public static int CountAce(ActiveDirectoryAccessRule ace, ActiveDirectorySecurity acl)
        {
            int num = 0;
            AuthorizationRuleCollection accessRules = acl.GetAccessRules(true, false, typeof(SecurityIdentifier));

            foreach (object obj in accessRules)
            {
                ActiveDirectoryAccessRule ace2 = (ActiveDirectoryAccessRule)obj;
                if (DirectoryCommon.AceMatches(ace, ace2, false))
                {
                    num++;
                }
            }
            return(num);
        }
Beispiel #11
0
        private static RawSecurityDescriptor ApplyAcesOnSd(Task.TaskVerboseLoggingDelegate verboseLogger, Task.TaskWarningLoggingDelegate warningLogger, Task.ErrorLoggerDelegate errorLogger, ADObjectId id, RawSecurityDescriptor rsd, bool remove, params ActiveDirectoryAccessRule[] aces)
        {
            if (rsd == null)
            {
                throw new SecurityDescriptorAccessDeniedException(id.DistinguishedName);
            }
            ActiveDirectorySecurity activeDirectorySecurity = new ActiveDirectorySecurity();

            byte[] array = new byte[rsd.BinaryLength];
            rsd.GetBinaryForm(array, 0);
            activeDirectorySecurity.SetSecurityDescriptorBinaryForm(array);
            if (DirectoryCommon.ApplyAcesOnAcl(verboseLogger, warningLogger, errorLogger, id.DistinguishedName, activeDirectorySecurity, remove, aces))
            {
                return(new RawSecurityDescriptor(activeDirectorySecurity.GetSecurityDescriptorBinaryForm(), 0));
            }
            return(null);
        }
Beispiel #12
0
        private void RemoveGroupByWKGuid(Guid wkGuid)
        {
            ADGroup      adgroup      = base.ResolveExchangeGroupGuid <ADGroup>(wkGuid);
            DNWithBinary dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(this.exchangeConfigContainer.OtherWellKnownObjects, wkGuid);

            if (dnwithBinary != null && this.exchangeConfigContainer.OtherWellKnownObjects.Remove(dnwithBinary))
            {
                this.configurationSession.Save(this.exchangeConfigContainer);
            }
            dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(this.configContainer.OtherWellKnownObjects, wkGuid);
            if (dnwithBinary != null && this.configContainer.OtherWellKnownObjects.Remove(dnwithBinary))
            {
                this.configurationSession.Save(this.configContainer);
            }
            if (adgroup != null)
            {
                adgroup.Session.Delete(adgroup);
            }
        }
Beispiel #13
0
        private static bool FindAces(ADObjectId id, RawSecurityDescriptor rsd, params ActiveDirectoryAccessRule[] aces)
        {
            if (rsd == null)
            {
                throw new SecurityDescriptorAccessDeniedException(id.DistinguishedName);
            }
            ActiveDirectorySecurity activeDirectorySecurity = new ActiveDirectorySecurity();

            byte[] array = new byte[rsd.BinaryLength];
            rsd.GetBinaryForm(array, 0);
            activeDirectorySecurity.SetSecurityDescriptorBinaryForm(array);
            foreach (ActiveDirectoryAccessRule ace in aces)
            {
                if (DirectoryCommon.FindAce(ace, activeDirectorySecurity) == null)
                {
                    return(false);
                }
            }
            return(true);
        }
Beispiel #14
0
        protected override void InternalProcessRecord()
        {
            TaskLogger.LogEnter();
            ADSystemAttendantMailbox adsystemAttendantMailbox = null;
            Server             server             = null;
            SecurityIdentifier sid                = this.exs.Sid;
            SecurityIdentifier securityIdentifier = new SecurityIdentifier("SY");

            try
            {
                server = ((ITopologyConfigurationSession)this.configurationSession).FindLocalServer();
            }
            catch (LocalServerNotFoundException ex)
            {
                base.WriteError(new CouldNotFindExchangeServerDirectoryEntryException(ex.Fqdn), ErrorCategory.InvalidData, null);
            }
            if (server != null)
            {
                base.LogReadObject(server);
                this.recipientSession.DomainController = server.OriginatingServer;
                ADRecipient[] array = this.recipientSession.Find(server.Id.GetChildId("Microsoft System Attendant"), QueryScope.Base, null, null, 1);
                if (array.Length > 0)
                {
                    adsystemAttendantMailbox = (array[0] as ADSystemAttendantMailbox);
                }
            }
            if (adsystemAttendantMailbox != null)
            {
                base.LogReadObject(adsystemAttendantMailbox);
                GenericAce[] aces = new GenericAce[]
                {
                    new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 131073, securityIdentifier, false, null)
                };
                DirectoryCommon.SetAclOnAlternateProperty(adsystemAttendantMailbox, aces, ADSystemAttendantMailboxSchema.ExchangeSecurityDescriptor);
                if (base.ShouldProcess(adsystemAttendantMailbox.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null))
                {
                    this.recipientSession.Save(adsystemAttendantMailbox);
                }
            }
            TaskLogger.LogExit();
        }
        protected override void InternalProcessRecord()
        {
            TaskLogger.LogEnter();
            SecurityIdentifier identity           = new SecurityIdentifier("AU");
            List <ActiveDirectoryAccessRule> list = new List <ActiveDirectoryAccessRule>();

            list.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ListChildren, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            if (base.ShouldProcess(this.addressListsContainer.DistinguishedName, Strings.InfoProcessAction(this.addressListsContainer.DistinguishedName), null))
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.addressListsContainer, list.ToArray());
            }
            if (base.ShouldProcess(this.offlineAddressListsContainer.DistinguishedName, Strings.InfoProcessAction(this.offlineAddressListsContainer.DistinguishedName), null))
            {
                ActiveDirectoryAccessRule[] aces = new ActiveDirectoryAccessRule[]
                {
                    new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.DownloadOABExtendedRightGuid, ActiveDirectorySecurityInheritance.All)
                };
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.offlineAddressListsContainer, aces);
            }
            TaskLogger.LogExit();
        }
Beispiel #16
0
 protected override void InternalBeginProcessing()
 {
     TaskLogger.LogEnter();
     base.InternalBeginProcessing();
     if (string.IsNullOrEmpty(this.ServerName))
     {
         this.server = ((ITopologyConfigurationSession)this.domainConfigurationSession).FindLocalComputer();
     }
     else
     {
         ITopologyConfigurationSession topologyConfigurationSession = DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.PartiallyConsistent, ADSessionSettings.FromRootOrgScopeSet(), 99, "InternalBeginProcessing", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\DirectorySetup\\ManageExchangeServerGroupMember.cs");
         topologyConfigurationSession.UseConfigNC      = false;
         topologyConfigurationSession.UseGlobalCatalog = true;
         this.server = topologyConfigurationSession.FindComputerByHostName(this.ServerName);
     }
     if (this.server != null)
     {
         base.LogReadObject(this.server);
         this.serverDomain = this.domainConfigurationSession.Read <ADDomain>(this.server.Id.DomainId);
         if (this.serverDomain != null)
         {
             base.LogReadObject(this.serverDomain);
             this.meso = ((ITopologyConfigurationSession)this.domainConfigurationSession).FindMesoContainer(this.serverDomain);
             if (this.meso != null)
             {
                 base.LogReadObject(this.meso);
                 this.recipientSession.DomainController = this.meso.OriginatingServer;
                 this.e12ds = DirectoryCommon.FindE12DomainServersGroup(this.recipientSession, this.meso);
                 if (this.e12ds != null)
                 {
                     base.LogReadObject(this.e12ds);
                 }
             }
         }
     }
     this.exs = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.ExSWkGuid);
     this.ets = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EtsWkGuid);
     TaskLogger.LogExit();
 }
Beispiel #17
0
        private static void SetAces(Task.TaskVerboseLoggingDelegate verboseLogger, Task.TaskWarningLoggingDelegate warningLogger, Task.ErrorLoggerDelegate errorLogger, IDirectorySession session, ADObjectId id, bool remove, params ActiveDirectoryAccessRule[] aces)
        {
            if (verboseLogger != null)
            {
                verboseLogger(Strings.InfoSetAces(id.DistinguishedName));
            }
            if (session == null)
            {
                throw new ArgumentNullException("session");
            }
            if (id == null)
            {
                throw new ArgumentNullException("id");
            }
            RawSecurityDescriptor rawSecurityDescriptor = session.ReadSecurityDescriptor(id);

            rawSecurityDescriptor = DirectoryCommon.ApplyAcesOnSd(verboseLogger, warningLogger, errorLogger, id, rawSecurityDescriptor, remove, aces);
            if (rawSecurityDescriptor != null)
            {
                session.SaveSecurityDescriptor(id, rawSecurityDescriptor);
            }
        }
Beispiel #18
0
 public static void RemoveAccessRule(ActiveDirectorySecurity acl, ActiveDirectoryAccessRule ace)
 {
     if (!acl.RemoveAccessRule(ace))
     {
         AuthorizationRuleCollection accessRules = acl.GetAccessRules(true, false, typeof(SecurityIdentifier));
         foreach (object obj in accessRules)
         {
             ActiveDirectoryAccessRule activeDirectoryAccessRule = (ActiveDirectoryAccessRule)obj;
             if (DirectoryCommon.AceMatches(ace, activeDirectoryAccessRule, false))
             {
                 if ((~(ace.ActiveDirectoryRights != (ActiveDirectoryRights)0) & activeDirectoryAccessRule.ActiveDirectoryRights) == (ActiveDirectoryRights)0)
                 {
                     acl.RemoveAccessRuleSpecific(activeDirectoryAccessRule);
                 }
                 else
                 {
                     ActiveDirectoryAccessRule rule = new ActiveDirectoryAccessRule(activeDirectoryAccessRule.IdentityReference, ~ace.ActiveDirectoryRights & activeDirectoryAccessRule.ActiveDirectoryRights, activeDirectoryAccessRule.AccessControlType, activeDirectoryAccessRule.ObjectType, activeDirectoryAccessRule.InheritanceType, activeDirectoryAccessRule.InheritedObjectType);
                     acl.RemoveAccessRuleSpecific(activeDirectoryAccessRule);
                     acl.AddAccessRule(rule);
                 }
             }
         }
     }
 }
        private ADGroup CreateGroup(ADOrganizationalUnit usgContainer, string groupName, int groupId, Guid wkGuid, string groupDescription, GroupTypeFlags groupType, bool createAsRoleGroup)
        {
            ADRecipient  adrecipient  = base.ResolveExchangeGroupGuid <ADRecipient>(wkGuid);
            DNWithBinary dnwithBinary = null;

            if (adrecipient != null)
            {
                base.LogReadObject(adrecipient);
                if (adrecipient.RecipientType != RecipientType.Group)
                {
                    base.WriteError(new InvalidWKObjectTargetException(wkGuid.ToString(), "CN=Microsoft Exchange,CN=Services," + this.configurationSession.ConfigurationNamingContext.DistinguishedName, adrecipient.Id.DistinguishedName, groupType.ToString()), ErrorCategory.NotSpecified, null);
                }
                ADGroup adgroup = adrecipient as ADGroup;
                base.LogReadObject(adgroup);
                if ((adgroup.GroupType & groupType) != groupType)
                {
                    base.WriteError(new InvalidWKObjectTargetException(wkGuid.ToString(), "CN=Microsoft Exchange,CN=Services," + this.configurationSession.ConfigurationNamingContext.DistinguishedName, adgroup.Id.DistinguishedName, groupType.ToString()), ErrorCategory.NotSpecified, null);
                }
                if (createAsRoleGroup && adgroup.RecipientTypeDetails != RecipientTypeDetails.RoleGroup)
                {
                    base.WriteError(new InvalidWKObjectTargetException(wkGuid.ToString(), "CN=Microsoft Exchange,CN=Services," + this.configurationSession.ConfigurationNamingContext.DistinguishedName, adgroup.Id.DistinguishedName, RecipientTypeDetails.RoleGroup.ToString()), ErrorCategory.NotSpecified, null);
                }
                base.WriteVerbose(Strings.InfoGroupAlreadyPresent(adgroup.Id.DistinguishedName));
                dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(this.exchangeConfigContainer.OtherWellKnownObjects, wkGuid);
                if (dnwithBinary == null)
                {
                    dnwithBinary = this.CreateWKGuid(this.exchangeConfigContainer, adgroup.Id, wkGuid);
                }
                if (createAsRoleGroup)
                {
                    InitializeExchangeUniversalGroups.UpgradeRoleGroupLocalization(adgroup, groupId, groupDescription, this.rootDomainRecipientSession);
                }
                return(adgroup);
            }
            ADContainer adcontainer = this.exchangeConfigContainer;

            dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(adcontainer.OtherWellKnownObjects, wkGuid);
            if (dnwithBinary == null)
            {
                adcontainer  = this.configContainer;
                dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(adcontainer.OtherWellKnownObjects, wkGuid);
            }
            if (dnwithBinary != null)
            {
                base.WriteError(new InvalidWKObjectException(dnwithBinary.ToString(), adcontainer.DistinguishedName), ErrorCategory.NotSpecified, null);
            }
            ADGroup adgroup2 = null;

            try
            {
                if (createAsRoleGroup)
                {
                    adgroup2 = InitializeExchangeUniversalGroups.CreateUniqueRoleGroup(this.rootDomainRecipientSession, this.rootDomain.Id, usgContainer.Id, groupName, groupId, groupDescription, OrganizationId.ForestWideOrgId);
                }
                else
                {
                    adgroup2 = InitializeExchangeUniversalGroups.CreateUniqueChildSG(this.rootDomainRecipientSession, this.rootDomain.Id, usgContainer.Id, groupName, groupDescription, groupType, OrganizationId.ForestWideOrgId);
                }
                dnwithBinary = this.CreateWKGuid(this.exchangeConfigContainer, adgroup2.Id, wkGuid);
            }
            finally
            {
                if (adgroup2 == null && dnwithBinary != null)
                {
                    this.exchangeConfigContainer.OtherWellKnownObjects.Remove(dnwithBinary);
                    this.domainConfigurationSession.Save(this.exchangeConfigContainer);
                    base.LogWriteObject(this.exchangeConfigContainer);
                }
                else if (adgroup2 != null && dnwithBinary == null)
                {
                    this.rootDomainRecipientSession.Delete(adgroup2);
                    base.LogWriteObject(adgroup2);
                    adgroup2 = null;
                }
            }
            return(adgroup2);
        }
        protected override void InternalProcessRecord()
        {
            TaskLogger.LogEnter();
            RoleGroupCollection roleGroupCollection = InitializeExchangeUniversalGroups.RoleGroupsToCreate();
            bool flag = false;

            foreach (RoleGroupDefinition roleGroupDefinition in roleGroupCollection)
            {
                roleGroupDefinition.ADGroup = base.ResolveExchangeGroupGuid <ADGroup>(roleGroupDefinition.RoleGroupGuid);
                if (roleGroupDefinition.ADGroup == null)
                {
                    flag = true;
                }
            }
            ADGroup adgroup  = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.ExSWkGuid);
            ADGroup adgroup2 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.E3iWkGuid);
            ADGroup adgroup3 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EtsWkGuid);
            ADGroup adgroup4 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EwpWkGuid);

            this.adSplitPermissionMode = false;
            if (this.ActiveDirectorySplitPermissions != null)
            {
                if (this.ActiveDirectorySplitPermissions.Value)
                {
                    this.adSplitPermissionMode = true;
                }
                else
                {
                    this.adSplitPermissionMode = false;
                }
            }
            else if (adgroup3 == null)
            {
                this.adSplitPermissionMode = false;
            }
            else if (adgroup4 == null)
            {
                this.adSplitPermissionMode = false;
            }
            else if (!adgroup4.Members.Contains(adgroup3.Id))
            {
                this.adSplitPermissionMode = true;
            }
            else
            {
                this.adSplitPermissionMode = false;
            }
            ADOrganizationalUnit adorganizationalUnit = this.FindExchangeUSGContainer("Microsoft Exchange Protected Groups", this.domainConfigurationSession, this.rootDomain.Id);

            if (this.adSplitPermissionMode && adorganizationalUnit == null)
            {
                adorganizationalUnit = this.CreateExchangeUSGContainer("Microsoft Exchange Protected Groups", this.domainConfigurationSession, this.rootDomain.Id);
                if (adorganizationalUnit == null)
                {
                    base.WriteError(new USGContainerNotFoundException("Microsoft Exchange Protected Groups", this.rootDomain.DistinguishedName), ErrorCategory.ObjectNotFound, null);
                }
            }
            ADOrganizationalUnit adorganizationalUnit2 = null;

            if (flag || adgroup == null || adgroup2 == null || adgroup3 == null || (!this.adSplitPermissionMode && adgroup4 == null))
            {
                adorganizationalUnit2 = this.CreateExchangeUSGContainer("Microsoft Exchange Security Groups", this.domainConfigurationSession, this.rootDomain.Id);
                if (adorganizationalUnit2 == null)
                {
                    base.WriteError(new USGContainerNotFoundException("Microsoft Exchange Security Groups", this.rootDomain.DistinguishedName), ErrorCategory.ObjectNotFound, null);
                }
            }
            else
            {
                adorganizationalUnit2 = this.FindExchangeUSGContainer("Microsoft Exchange Security Groups", this.domainConfigurationSession, this.rootDomain.Id);
            }
            this.CreateAndValidateRoleGroups(adorganizationalUnit2, roleGroupCollection);
            this.CreateGroup(adorganizationalUnit2, "Exchange Servers", 0, WellKnownGuid.ExSWkGuid, Strings.ExchangeServersUSGDescription);
            this.CreateGroup(adorganizationalUnit2, "Exchange Trusted Subsystem", 0, WellKnownGuid.EtsWkGuid, Strings.ExchangeTrustedSubsystemDescription);
            this.CreateGroup(adorganizationalUnit2, "Managed Availability Servers", 0, WellKnownGuid.MaSWkGuid, Strings.ManagedAvailabilityServersUSGDescription);
            if (this.adSplitPermissionMode)
            {
                this.CreateOrMoveEWPGroup(adgroup4, adorganizationalUnit);
            }
            else
            {
                this.CreateOrMoveEWPGroup(adgroup4, adorganizationalUnit2);
                if (adorganizationalUnit != null)
                {
                    this.domainConfigurationSession.Delete(adorganizationalUnit);
                    base.LogWriteObject(adorganizationalUnit);
                }
            }
            this.CreateGroup(adorganizationalUnit2, "ExchangeLegacyInterop", 0, WellKnownGuid.E3iWkGuid, Strings.ExchangeInteropUSGDescription);
            if (adgroup == null)
            {
                adgroup = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.ExSWkGuid);
                if (adgroup == null)
                {
                    base.WriteError(new ExSGroupNotFoundException(WellKnownGuid.ExSWkGuid), ErrorCategory.InvalidData, null);
                }
            }
            base.LogReadObject(adgroup);
            ADGroup adgroup5 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.MaSWkGuid);

            if (adgroup5 == null)
            {
                base.WriteError(new MaSGroupNotFoundException(WellKnownGuid.MaSWkGuid), ErrorCategory.InvalidData, null);
            }
            base.LogReadObject(adgroup5);
            InitializeExchangeUniversalGroups.AddMember(adgroup, this.rootDomainRecipientSession, adgroup5, new WriteVerboseDelegate(base.WriteVerbose));
            if (adgroup2 == null)
            {
                adgroup2 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.E3iWkGuid);
                if (adgroup2 == null)
                {
                    base.WriteError(new E2k3InteropGroupNotFoundException(WellKnownGuid.E3iWkGuid), ErrorCategory.InvalidData, null);
                }
            }
            base.LogReadObject(adgroup2);
            bool etsExisted = adgroup3 != null;

            if (adgroup3 == null)
            {
                adgroup3 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EtsWkGuid);
                if (adgroup3 == null)
                {
                    base.WriteError(new ExTrustedSubsystemGroupNotFoundException(WellKnownGuid.EtsWkGuid), ErrorCategory.InvalidData, null);
                }
            }
            base.LogReadObject(adgroup3);
            bool ewpExisted = adgroup4 != null;

            if (adgroup4 == null)
            {
                adgroup4 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EwpWkGuid);
                if (adgroup4 == null)
                {
                    base.WriteError(new ExWindowsPermissionsGroupNotFoundException(WellKnownGuid.EwpWkGuid), ErrorCategory.InvalidData, null);
                }
            }
            base.LogReadObject(adgroup4);
            this.GrantWriteMembershipPermission(adgroup3.Sid, adorganizationalUnit2);
            this.FixExchangeTrustedSubsystemGroupMembership(adgroup3, adgroup4, adgroup, roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EmaWkGuid), etsExisted, ewpExisted);
            WindowsPrincipal windowsPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
            string           name             = windowsPrincipal.Identity.Name;

            string[] array = name.Split(new char[]
            {
                '\\'
            }, 2);
            ADCrossRef[] domainPartitions = ADForest.GetLocalForest(base.DomainController).GetDomainPartitions();
            if (domainPartitions == null || domainPartitions.Length == 0)
            {
                base.WriteError(new DomainsNotFoundException(), ErrorCategory.InvalidData, null);
            }
            List <SecurityIdentifier> list = new List <SecurityIdentifier>();

            foreach (ADCrossRef adcrossRef in domainPartitions)
            {
                Exception ex = null;
                try
                {
                    this.domainConfigurationSession.DomainController = null;
                    ADDomain addomain = this.domainConfigurationSession.Read <ADDomain>(adcrossRef.NCName);
                    base.LogReadObject(addomain);
                    SecurityIdentifier item = new SecurityIdentifier(WellKnownSidType.AccountDomainAdminsSid, addomain.Sid);
                    list.Add(item);
                }
                catch (ADExternalException ex2)
                {
                    ex = ex2;
                }
                catch (ADTransientException ex3)
                {
                    ex = ex3;
                }
                if (ex != null)
                {
                    this.WriteWarning(Strings.DomainNotReachableWarning(adcrossRef.DnsRoot[0]));
                }
            }
            this.domainConfigurationSession.DomainController = null;
            ADGroup adgroupByGuid  = roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EoaWkGuid);
            ADGroup adgroupByGuid2 = roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EpaWkGuid);
            ActiveDirectoryAccessRule        activeDirectoryAccessRule = new ActiveDirectoryAccessRule(adgroupByGuid.Sid, ActiveDirectoryRights.GenericAll, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All);
            List <ActiveDirectoryAccessRule> list2 = new List <ActiveDirectoryAccessRule>();

            list2.Add(activeDirectoryAccessRule);
            Guid schemaPropertyGuid = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "member");

            foreach (SecurityIdentifier identity in list)
            {
                list2.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid, ActiveDirectorySecurityInheritance.All));
            }
            DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroup, list2.ToArray());
            try
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroupByGuid, new ActiveDirectoryAccessRule[]
                {
                    activeDirectoryAccessRule
                });
            }
            catch (ADOperationException ex4)
            {
                this.WriteWarning(Strings.UnableToGrantFullControlOnEOA(adgroupByGuid.Id.ToString(), adgroupByGuid.Id.ToString(), ex4.Message));
            }
            if (adgroupByGuid2 != null)
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroupByGuid2, new ActiveDirectoryAccessRule[]
                {
                    activeDirectoryAccessRule
                });
            }
            if (adorganizationalUnit2 != null)
            {
                base.WriteVerbose(Strings.InfoSetAces(adorganizationalUnit2.Id.DistinguishedName));
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adorganizationalUnit2, new ActiveDirectoryAccessRule[]
                {
                    activeDirectoryAccessRule
                });
            }
            DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroup2, new ActiveDirectoryAccessRule[]
            {
                activeDirectoryAccessRule
            });
            bool useGlobalCatalog = this.recipientSession.UseGlobalCatalog;

            this.recipientSession.UseGlobalCatalog = true;
            try
            {
                ADRecipient adrecipient = (ADRecipient)this.recipientSession.FindByAccountName <ADRecipient>(array[0], array[1]);
                if (adrecipient != null)
                {
                    TaskLogger.Trace("Adding user {0} ({1}), to group {2}.", new object[]
                    {
                        name,
                        adrecipient.DistinguishedName,
                        adgroupByGuid.DistinguishedName
                    });
                    InitializeExchangeUniversalGroups.AddMember(adrecipient, this.rootDomainRecipientSession, adgroupByGuid, new WriteVerboseDelegate(base.WriteVerbose));
                }
                else
                {
                    TaskLogger.Trace("Didn't find user {0})", new object[]
                    {
                        name
                    });
                }
            }
            catch (ADOperationException ex5)
            {
                base.WriteVerbose(new LocalizedString(ex5.Message));
            }
            this.recipientSession.UseGlobalCatalog = useGlobalCatalog;
            TaskLogger.LogExit();
        }
        protected override void InternalProcessRecord()
        {
            TaskLogger.LogEnter();
            QueryFilter filter = null;

            if (base.Fields.IsModified("AdministrativeGroup"))
            {
                filter = new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Name, this.AdministrativeGroup);
            }
            IEnumerable <AdministrativeGroup> enumerable = this.configurationSession.FindPaged <AdministrativeGroup>(null, QueryScope.SubTree, filter, null, 0);
            IEnumerator <AdministrativeGroup> enumerator = enumerable.GetEnumerator();

            if (enumerator == null || !enumerator.MoveNext())
            {
                if (base.Fields.IsModified("AdministrativeGroup"))
                {
                    base.WriteError(new AdminGroupNotFoundException(this.AdministrativeGroup), ErrorCategory.ObjectNotFound, null);
                }
                else
                {
                    base.WriteError(new AdminGroupsNotFoundException(), ErrorCategory.ObjectNotFound, null);
                }
            }
            SecurityIdentifier sid = this.exs.Sid;
            SecurityIdentifier securityIdentifier = new SecurityIdentifier("AU");
            SecurityIdentifier identity           = new SecurityIdentifier("SY");
            Guid schemaClassGuid = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchExchangeServer");
            List <ActiveDirectoryAccessRule> list = new List <ActiveDirectoryAccessRule>();

            list.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.RecipientUpdateExtendedRightGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid));
            list.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.RecipientUpdateExtendedRightGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid));
            GenericAce[] aces = new GenericAce[]
            {
                new ObjectAce(AceFlags.None, AceQualifier.AccessAllowed, 256, securityIdentifier, ObjectAceFlags.ObjectAceTypePresent, WellKnownGuid.CreatePublicFolderExtendedRightGuid, Guid.Empty, false, null)
            };
            do
            {
                AdministrativeGroup administrativeGroup = enumerator.Current;
                base.LogReadObject(administrativeGroup);
                if (base.ShouldProcess(administrativeGroup.DistinguishedName, Strings.InfoProcessAction(this.eoa.Sid.ToString()), null))
                {
                    DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, administrativeGroup, list.ToArray());
                }
                DirectoryCommon.SetAclOnAlternateProperty(administrativeGroup, aces, AdministrativeGroupSchema.PublicFolderDefaultAdminAcl);
                if (base.ShouldProcess(administrativeGroup.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null))
                {
                    this.configurationSession.Save(administrativeGroup);
                }
                PublicFolderTree[] array = this.configurationSession.Find <PublicFolderTree>(administrativeGroup.Id, QueryScope.SubTree, new ComparisonFilter(ComparisonOperator.Equal, PublicFolderTreeSchema.PublicFolderTreeType, PublicFolderTreeType.Mapi), null, 0);
                if (array.Length == 0)
                {
                    base.WriteVerbose(Strings.InfoCouldNotFindMAPITLHInAdminGroup(administrativeGroup.AdminDisplayName));
                }
                else
                {
                    PublicFolderTree publicFolderTree = array[0];
                    base.LogReadObject(publicFolderTree);
                    DirectoryCommon.SetAclOnAlternateProperty(publicFolderTree, aces, AdministrativeGroupSchema.PublicFolderDefaultAdminAcl);
                    if (base.ShouldProcess(publicFolderTree.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null))
                    {
                        this.configurationSession.Save(publicFolderTree);
                    }
                }
                ActiveDirectoryAccessRule ace = new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All);
                this.SetAceByObjectClass <ServersContainer>(administrativeGroup.Id, ace);
            }while (enumerator.MoveNext());
            TaskLogger.LogExit();
        }
Beispiel #22
0
 public static void SetAces(Task.TaskVerboseLoggingDelegate verboseLogger, Task.TaskWarningLoggingDelegate warningLogger, IDirectorySession session, ADObjectId id, params ActiveDirectoryAccessRule[] aces)
 {
     DirectoryCommon.SetAces(verboseLogger, warningLogger, null, session, id, false, aces);
 }
Beispiel #23
0
 public static bool FindAces(IDirectorySession session, ADObjectId id, params ActiveDirectoryAccessRule[] aces)
 {
     return(DirectoryCommon.FindAces(id, session.ReadSecurityDescriptor(id), aces));
 }
Beispiel #24
0
 public static void SetAces(Task.TaskVerboseLoggingDelegate verboseLogger, Task.TaskWarningLoggingDelegate warningLogger, Task.ErrorLoggerDelegate errorLogger, IDirectorySession session, ADObjectId id, params ActiveDirectoryAccessRule[] aces)
 {
     verboseLogger(Strings.InfoSetAces(id.DistinguishedName));
     DirectoryCommon.SetAces(verboseLogger, warningLogger, errorLogger, session, id, false, aces);
 }
Beispiel #25
0
 public static ActiveDirectoryAccessRule FindAce(ActiveDirectoryAccessRule ace, ActiveDirectorySecurity acl)
 {
     return(DirectoryCommon.FindAce(ace, acl, false, false));
 }
Beispiel #26
0
 public static bool FindAces(ADObject obj, params ActiveDirectoryAccessRule[] aces)
 {
     return(DirectoryCommon.FindAces(obj.Id, obj.ReadSecurityDescriptor(), aces));
 }
        private ADGroup CreateGroup(OrganizationId orgId, ADObjectId usgContainerId, string groupName, int groupId, Guid wkGuid, string groupDescription, GroupTypeFlags groupType, List <ADObjectId> manageBy)
        {
            ADGroup      adgroup      = null;
            DNWithBinary dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(this.configurationUnit.OtherWellKnownObjects, wkGuid);

            if (null != dnwithBinary)
            {
                ADObjectId adobjectId = new ADObjectId(dnwithBinary.DistinguishedName);
                if (adobjectId.IsDeleted)
                {
                    base.WriteError(new InvalidWKObjectException(dnwithBinary.ToString(), orgId.ConfigurationUnit.DistinguishedName), ErrorCategory.InvalidData, null);
                }
                ADRecipient adrecipient = this.orgDomainRecipientSession.Read(adobjectId);
                if (adrecipient == null)
                {
                    base.WriteError(new InvalidWKObjectException(dnwithBinary.ToString(), orgId.ConfigurationUnit.DistinguishedName), ErrorCategory.InvalidData, null);
                }
                base.LogReadObject(adrecipient);
                if (adrecipient.RecipientType != RecipientType.Group)
                {
                    base.WriteError(new InvalidWKObjectTargetException(wkGuid.ToString(), orgId.ConfigurationUnit.ToString(), adgroup.Id.DistinguishedName, groupType.ToString()), ErrorCategory.InvalidData, null);
                }
                adgroup = (adrecipient as ADGroup);
                InitializeExchangeUniversalGroups.UpgradeRoleGroupLocalization(adgroup, groupId, groupDescription, this.orgDomainRecipientSession);
                if ((adgroup.GroupType & groupType) != groupType)
                {
                    base.WriteVerbose(Strings.InfoChangingGroupType(adgroup.Id.DistinguishedName, groupType.ToString()));
                    adgroup.GroupType            = groupType;
                    adgroup.RecipientTypeDetails = RecipientTypeDetails.RoleGroup;
                    this.orgDomainRecipientSession.Save(adgroup);
                    base.LogWriteObject(adgroup);
                }
                else
                {
                    base.WriteVerbose(Strings.InfoGroupAlreadyPresent(adgroup.Id.DistinguishedName));
                }
                return(adgroup);
            }
            ADGroup adgroup2 = null;

            try
            {
                string groupSam = groupName + "{" + Guid.NewGuid().ToString("N") + "}";
                adgroup2     = InitializeExchangeUniversalGroups.CreateUniqueRoleGroup(this.orgDomainRecipientSession, orgId.OrganizationalUnit.DomainId, usgContainerId, groupName, groupId, groupDescription, groupSam, manageBy, orgId);
                dnwithBinary = this.CreateWKGuid(adgroup2.Id, wkGuid);
            }
            finally
            {
                if (adgroup2 == null && dnwithBinary != null)
                {
                    this.configurationUnit.OtherWellKnownObjects.Remove(dnwithBinary);
                    this.configurationSession.Save(this.configurationUnit);
                    base.LogWriteObject(this.configurationUnit);
                }
                else if (adgroup2 != null && dnwithBinary == null)
                {
                    this.orgDomainRecipientSession.Delete(adgroup2);
                    base.LogWriteObject(adgroup2);
                    adgroup2 = null;
                }
            }
            return(adgroup2);
        }
        protected override void InternalProcessRecord()
        {
            TaskLogger.LogEnter();
            IConfigurationSession session = (IConfigurationSession)ADSession.RescopeSessionToTenantSubTree(this.configurationSession);
            int count = DirectoryCommon.MailboxWriteAttrs.Count;
            SecurityIdentifier sid  = this.exs.Sid;
            SecurityIdentifier sid2 = this.ets.Sid;

            this.configurationSession.GetOrgContainer();
            SecurityIdentifier[] array = new SecurityIdentifier[]
            {
                this.eoa.Sid,
                this.ets.Sid
            };
            SecurityIdentifier identity            = new SecurityIdentifier("WD");
            SecurityIdentifier identity2           = new SecurityIdentifier("AN");
            SecurityIdentifier securityIdentifier  = new SecurityIdentifier("AU");
            SecurityIdentifier securityIdentifier2 = new SecurityIdentifier("NS");
            SecurityIdentifier identity3           = new SecurityIdentifier("SY");
            SecurityIdentifier identity4           = new SecurityIdentifier(WellKnownSidType.AccountEnterpriseAdminsSid, this.rootDomain.Sid);
            SecurityIdentifier identity5           = new SecurityIdentifier(WellKnownSidType.AccountDomainAdminsSid, this.rootDomain.Sid);
            SecurityIdentifier identity6           = new SecurityIdentifier(WellKnownSidType.AccountSchemaAdminsSid, this.rootDomain.Sid);
            List <ActiveDirectoryAccessRule> list  = new List <ActiveDirectoryAccessRule>(2);

            list.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.DsReplicationSynchronize, ActiveDirectorySecurityInheritance.None));
            string distinguishedName = this.configurationSession.ConfigurationNamingContext.DistinguishedName;

            if (base.ShouldProcess(distinguishedName, Strings.InfoProcessAction(distinguishedName), null))
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, session, this.configurationSession.ConfigurationNamingContext, list.ToArray());
            }
            Guid       schemaClassGuid         = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchSmtpReceiveConnector");
            ADObjectId deletedObjectsContainer = this.configurationSession.DeletedObjectsContainer;

            base.WriteVerbose(Strings.InfoTakeOwnership(deletedObjectsContainer.DistinguishedName));
            DirectoryCommon.TakeOwnership(deletedObjectsContainer, null, session);
            List <ActiveDirectoryAccessRule> list2 = new List <ActiveDirectoryAccessRule>(100);

            list2.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            list2.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.None));
            list2.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.GenericAll, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            list2.Add(new ActiveDirectoryAccessRule(sid2, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.DeleteTree | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            list2.Add(new ActiveDirectoryAccessRule(this.ets.Sid, ActiveDirectoryRights.WriteDacl, AccessControlType.Allow, schemaClassGuid, ActiveDirectorySecurityInheritance.All));
            list2.Add(new ActiveDirectoryAccessRule(this.ets.Sid, ActiveDirectoryRights.GenericAll, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            if (this.epa != null)
            {
                list2.Add(new ActiveDirectoryAccessRule(this.epa.Sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            }
            if (this.delegatedSetupRG != null)
            {
                list2.Add(new ActiveDirectoryAccessRule(this.delegatedSetupRG.Sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            }
            if (base.ShouldProcess(this.meServicesContainer.DistinguishedName, Strings.InfoProcessAction(this.meServicesContainer.DistinguishedName), null))
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, session, this.meServicesContainer.Id, list2.ToArray());
                if (this.confUnitsContainer != null && !this.confUnitsContainer.Id.IsDescendantOf(this.configurationSession.ConfigurationNamingContext))
                {
                    DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.confUnitsContainer, list2.ToArray());
                }
            }
            Guid schemaClassGuid2 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchPrivateMDB");
            Guid schemaClassGuid3 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchPublicMDB");

            DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchAvailabilityConfig");
            Guid schemaClassGuid4     = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchAvailabilityAddressSpace");
            Guid schemaPropertyGuid   = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchAvailabilityUserPassword");
            Guid schemaClassGuid5     = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "siteAddressing");
            Guid schemaClassGuid6     = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "site");
            Guid schemaClassGuid7     = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "siteLink");
            Guid schemaClassGuid8     = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchEdgeSyncServiceConfig");
            Guid schemaClassGuid9     = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchEdgeSyncMservConnector");
            Guid schemaClassGuid10    = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchEdgeSyncEhfConnector");
            Guid schemaPropertyGuid2  = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "siteFolderServer");
            Guid schemaPropertyGuid3  = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "siteFolderGUID");
            Guid schemaPropertyGuid4  = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchDatabaseCreated");
            Guid schemaPropertyGuid5  = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchPatchMDB");
            Guid schemaPropertyGuid6  = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchEDBOffline");
            Guid schemaPropertyGuid7  = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchTransportSiteFlags");
            Guid schemaPropertyGuid8  = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchPartnerId");
            Guid schemaPropertyGuid9  = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchCost");
            Guid schemaPropertyGuid10 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchVersion");
            Guid schemaPropertyGuid11 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchLastAppliedRecipientFilter");
            Guid schemaPropertyGuid12 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchRecipientFilterFlags");
            Guid schemaPropertyGuid13 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "legacyExchangeDN");
            Guid schemaPropertyGuid14 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchOwningServer");
            Guid schemaPropertyGuid15 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchMinorPartnerId");
            Guid schemaPropertyGuid16 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchResponsibleForSites");
            List <ActiveDirectoryAccessRule> list3 = new List <ActiveDirectoryAccessRule>();

            list3.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            List <ActiveDirectoryAccessRule> list4 = new List <ActiveDirectoryAccessRule>();
            List <ActiveDirectoryAccessRule> list5 = new List <ActiveDirectoryAccessRule>();

            list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.SendAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreTransportAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreConstrainedDelegationExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadWriteAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.SendAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreTransportAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreConstrainedDelegationExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadWriteAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreTransportAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All));
            list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreConstrainedDelegationExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadWriteAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ReadProperty, AccessControlType.Deny, schemaPropertyGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid4));
            list4.Add(new ActiveDirectoryAccessRule(securityIdentifier2, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.None));
            list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreatePublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreCreateNamedPropertiesExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid2));
            list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid3));
            list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreatePublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreCreateNamedPropertiesExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid2));
            list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid3));
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, WellKnownGuid.PublicInfoPropSetGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, WellKnownGuid.PersonalInfoPropSetGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, WellKnownGuid.ExchangeInfoPropSetGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid5));
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid3, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid2, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity6, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(identity6, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.SendAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreVisibleExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            if (this.epa != null)
            {
                list4.Add(new ActiveDirectoryAccessRule(this.epa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreVisibleExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            }
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid4, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid6, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid5, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid13, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid14, ActiveDirectorySecurityInheritance.All));
            list4.Add(new ActiveDirectoryAccessRule(this.mas.Sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            List <SecurityIdentifier> list6 = new List <SecurityIdentifier>();

            list6.Add(this.eoa.Sid);
            if (this.epa != null)
            {
                list6.Add(this.epa.Sid);
            }
            foreach (SecurityIdentifier identity7 in list6)
            {
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.MailEnablePublicFolderGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreatePublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreateTopLevelPublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderACLExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderAdminACLExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderDeletedItemRetentionExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderExpiryExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderQuotasExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderReplicaListExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreAdminExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreCreateNamedPropertiesExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
                list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreVisibleExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
            }
            for (int i = 0; i < count; i++)
            {
                Guid schemaPropertyGuid17 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, DirectoryCommon.MailboxWriteAttrs[i]);
                list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid17, ActiveDirectorySecurityInheritance.All));
            }
            if (base.ShouldProcess(this.autodiscoverContainer.DistinguishedName, Strings.InfoProcessAction(this.autodiscoverContainer.DistinguishedName), null))
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.autodiscoverContainer, list3.ToArray());
            }
            if (base.ShouldProcess(this.orgContainer.DistinguishedName, Strings.InfoProcessAction(this.orgContainer.DistinguishedName), null))
            {
                DirectoryCommon.RemoveAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, null, this.orgContainer, list5.ToArray());
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.orgContainer, list4.ToArray());
            }
            if (this.confUnitsContainer != null && base.ShouldProcess(this.confUnitsContainer.DistinguishedName, Strings.InfoProcessAction(this.confUnitsContainer.DistinguishedName), null))
            {
                DirectoryCommon.RemoveAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, null, this.confUnitsContainer, list5.ToArray());
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.confUnitsContainer, list4.ToArray());
            }
            ActiveDirectoryAccessRule[] aces = new ActiveDirectoryAccessRule[]
            {
                new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)
            };
            if (base.ShouldProcess(this.addressingContainer.DistinguishedName, Strings.InfoProcessAction(this.addressingContainer.DistinguishedName), null))
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.addressingContainer, aces);
            }
            List <ActiveDirectoryAccessRule> list7 = new List <ActiveDirectoryAccessRule>();

            if (this.isMultiTenancy)
            {
                list7.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ListChildren, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
                list7.Add(new ActiveDirectoryAccessRule(this.era.Sid, ActiveDirectoryRights.ListChildren, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            }
            else
            {
                list7.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ListChildren, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
            }
            foreach (SecurityIdentifier identity8 in list6)
            {
                list7.Add(new ActiveDirectoryAccessRule(identity8, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid11, ActiveDirectorySecurityInheritance.All));
                list7.Add(new ActiveDirectoryAccessRule(identity8, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid12, ActiveDirectorySecurityInheritance.All));
            }
            if (base.ShouldProcess(this.addressListsContainer.DistinguishedName, Strings.InfoProcessAction(this.addressListsContainer.DistinguishedName), null))
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.addressListsContainer, list7.ToArray());
            }
            if (this.isMultiTenancy)
            {
                base.ReplaceAddressListACEs(this.addressListsContainer.Id, securityIdentifier, new SecurityIdentifier[]
                {
                    this.eoa.Sid,
                    this.era.Sid
                });
            }
            if (base.ShouldProcess(this.offlineAddressListsContainer.DistinguishedName, Strings.InfoProcessAction(this.offlineAddressListsContainer.DistinguishedName), null))
            {
                ActiveDirectoryAccessRule[] aces2 = new ActiveDirectoryAccessRule[]
                {
                    new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.DownloadOABExtendedRightGuid, ActiveDirectorySecurityInheritance.All)
                };
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.offlineAddressListsContainer, aces2);
            }
            List <ActiveDirectoryAccessRule> list8 = new List <ActiveDirectoryAccessRule>();

            foreach (SecurityIdentifier identity9 in list6)
            {
                list8.Add(new ActiveDirectoryAccessRule(identity9, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid11, ActiveDirectorySecurityInheritance.All));
                list8.Add(new ActiveDirectoryAccessRule(identity9, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid12, ActiveDirectorySecurityInheritance.All));
            }
            if (base.ShouldProcess(this.recipPoliciesContainer.DistinguishedName, Strings.InfoProcessAction(this.recipPoliciesContainer.DistinguishedName), null))
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.recipPoliciesContainer, list8.ToArray());
            }
            List <ActiveDirectoryAccessRule> list9 = new List <ActiveDirectoryAccessRule>();
            Guid schemaClassGuid11 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchExchangeServer");

            foreach (SecurityIdentifier identity10 in list6)
            {
                list9.Add(new ActiveDirectoryAccessRule(identity10, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.RecipientUpdateExtendedRightGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid11));
            }
            if (base.ShouldProcess(this.administrativeGroup.Id.DistinguishedName, Strings.InfoProcessAction(this.administrativeGroup.Id.DistinguishedName), null))
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.administrativeGroup, list9.ToArray());
            }
            List <ActiveDirectoryAccessRule> list10 = new List <ActiveDirectoryAccessRule>();

            for (int j = 0; j < array.Length; j++)
            {
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid7, ActiveDirectorySecurityInheritance.All, schemaClassGuid6));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid10, ActiveDirectorySecurityInheritance.All, schemaClassGuid6));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid8, ActiveDirectorySecurityInheritance.All, schemaClassGuid6));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid15, ActiveDirectorySecurityInheritance.All, schemaClassGuid6));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid16, ActiveDirectorySecurityInheritance.All, schemaClassGuid6));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid9, ActiveDirectorySecurityInheritance.All, schemaClassGuid7));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid10, ActiveDirectorySecurityInheritance.All, schemaClassGuid7));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.DeleteTree, AccessControlType.Allow, schemaClassGuid8, ActiveDirectorySecurityInheritance.Children, schemaClassGuid6));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.DeleteTree, AccessControlType.Allow, schemaClassGuid9, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid9));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.DeleteTree, AccessControlType.Allow, schemaClassGuid10, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8));
                list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid10));
            }
            list10.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8));
            list10.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid9));
            list10.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid10));
            list10.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8));
            list10.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid9));
            list10.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid10));
            if (base.ShouldProcess(this.sitesContainer.Id.DistinguishedName, Strings.InfoProcessAction(this.sitesContainer.Id.DistinguishedName), null))
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, session, this.sitesContainer.Id, list10.ToArray());
            }
            this.SetDeletedObjectsSecurityDescriptor(sid, ActiveDirectoryRights.ListChildren);
            this.SetDeletedObjectsSecurityDescriptor(sid2, ActiveDirectoryRights.GenericRead);
            this.SetDeletedObjectsSecurityDescriptor(this.eoa.Sid, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.WriteDacl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject);
            this.SetDeletedObjectsSecurityDescriptor(securityIdentifier2, ActiveDirectoryRights.ListChildren);
            ActiveDirectoryAccessRule[] aces3 = new ActiveDirectoryAccessRule[]
            {
                new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ListChildren, AccessControlType.Allow)
            };
            if (base.ShouldProcess(this.arraysContainer.Id.DistinguishedName, Strings.InfoProcessAction(this.arraysContainer.Id.DistinguishedName), null))
            {
                DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.arraysContainer, aces3);
            }
            TaskLogger.LogExit();
        }
Beispiel #29
0
 public static void RemoveAces(Task.TaskVerboseLoggingDelegate verboseLogger, Task.TaskWarningLoggingDelegate warningLogger, Task.ErrorLoggerDelegate errorLogger, IDirectorySession session, ADObjectId id, params ActiveDirectoryAccessRule[] aces)
 {
     DirectoryCommon.SetAces(verboseLogger, warningLogger, errorLogger, session, id, true, aces);
 }
Beispiel #30
0
        internal static bool ApplyAcesOnAcl(Task.TaskVerboseLoggingDelegate verboseLogger, Task.TaskWarningLoggingDelegate warningLogger, Task.ErrorLoggerDelegate errorLogger, string objectIdentityString, ActiveDirectorySecurity acl, bool remove, params ActiveDirectoryAccessRule[] aces)
        {
            bool result = false;

            if (!acl.AreAccessRulesCanonical)
            {
                LocalizedString message = Strings.InfoAclNotCanonical(objectIdentityString);
                if (errorLogger != null)
                {
                    errorLogger(new TaskInvalidOperationException(message), ExchangeErrorCategory.ServerOperation, null);
                }
                else if (warningLogger != null)
                {
                    warningLogger(message);
                }
                else if (verboseLogger != null)
                {
                    verboseLogger(message);
                }
                return(false);
            }
            int i = 0;

            while (i < aces.Length)
            {
                ActiveDirectoryAccessRule activeDirectoryAccessRule = aces[i];
                bool flag = false;
                ActiveDirectoryAccessRule activeDirectoryAccessRule2 = DirectoryCommon.FindAce(activeDirectoryAccessRule, acl, true, remove);
                if (null != activeDirectoryAccessRule2 != remove && (activeDirectoryAccessRule2 == null || !activeDirectoryAccessRule2.IsInherited))
                {
                    goto IL_13D;
                }
                if (!remove || !activeDirectoryAccessRule2.IsInherited)
                {
                    if (verboseLogger != null)
                    {
                        if (remove)
                        {
                            verboseLogger(Strings.InfoRemovingAce(objectIdentityString, DirectoryCommon.AceToString(activeDirectoryAccessRule)));
                        }
                        else
                        {
                            verboseLogger(Strings.InfoAddingAce(objectIdentityString, DirectoryCommon.AceToString(activeDirectoryAccessRule)));
                        }
                    }
                    if (remove)
                    {
                        DirectoryCommon.RemoveAccessRule(acl, activeDirectoryAccessRule);
                    }
                    else
                    {
                        acl.AddAccessRule(activeDirectoryAccessRule);
                    }
                    flag = (result = true);
                    goto IL_13D;
                }
                LocalizedString message2 = Strings.ErrorWillNotPerformOnInheritedAce(activeDirectoryAccessRule2.ActiveDirectoryRights.ToString(), activeDirectoryAccessRule2.AccessControlType.ToString(), objectIdentityString);
                if (errorLogger != null)
                {
                    errorLogger(new TaskInvalidOperationException(message2), ExchangeErrorCategory.ServerOperation, null);
                }
                else if (warningLogger != null)
                {
                    warningLogger(message2);
                }
                else if (verboseLogger != null)
                {
                    verboseLogger(message2);
                }
IL_1DB:
                i++;
                continue;
IL_13D:
                if ((flag && DirectoryCommon.FindAce(activeDirectoryAccessRule, acl, false, remove) == null == remove) || (verboseLogger == null && warningLogger == null && errorLogger == null))
                {
                    goto IL_1DB;
                }
                LocalizedString message3;
                if (remove)
                {
                    if (activeDirectoryAccessRule.ObjectFlags == ObjectAceFlags.ObjectAceTypePresent)
                    {
                        string attr = string.Format("{0} (ObjectType: {1})", activeDirectoryAccessRule.ActiveDirectoryRights, activeDirectoryAccessRule.ObjectType);
                        message3 = Strings.InfoAttributeAceNotPresent(objectIdentityString, attr);
                    }
                    else
                    {
                        message3 = Strings.InfoAceNotPresent(objectIdentityString, SecurityPrincipalIdParameter.GetFriendlyUserName(activeDirectoryAccessRule.IdentityReference, verboseLogger));
                    }
                }
                else
                {
                    message3 = Strings.InfoAceAlreadyPresent(objectIdentityString, SecurityPrincipalIdParameter.GetFriendlyUserName(activeDirectoryAccessRule.IdentityReference, verboseLogger));
                }
                if (warningLogger != null)
                {
                    warningLogger(message3);
                    goto IL_1DB;
                }
                if (verboseLogger != null)
                {
                    verboseLogger(message3);
                    goto IL_1DB;
                }
                goto IL_1DB;
            }
            return(result);
        }