public static void SetAclOnAlternateProperty(ADObject obj, GenericAce[] aces, PropertyDefinition sdProperty)
{
using (WindowsIdentity current = WindowsIdentity.GetCurrent())
{
SecurityIdentifier user = current.User;
SecurityIdentifier group = user;
DirectoryCommon.SetAclOnAlternateProperty(obj, aces, sdProperty, user, group);
}
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
ADSystemAttendantMailbox adsystemAttendantMailbox = null;
Server server = null;
SecurityIdentifier sid = this.exs.Sid;
SecurityIdentifier securityIdentifier = new SecurityIdentifier("SY");
try
{
server = ((ITopologyConfigurationSession)this.configurationSession).FindLocalServer();
}
catch (LocalServerNotFoundException ex)
{
base.WriteError(new CouldNotFindExchangeServerDirectoryEntryException(ex.Fqdn), ErrorCategory.InvalidData, null);
}
if (server != null)
{
base.LogReadObject(server);
this.recipientSession.DomainController = server.OriginatingServer;
ADRecipient[] array = this.recipientSession.Find(server.Id.GetChildId("Microsoft System Attendant"), QueryScope.Base, null, null, 1);
if (array.Length > 0)
{
adsystemAttendantMailbox = (array[0] as ADSystemAttendantMailbox);
}
}
if (adsystemAttendantMailbox != null)
{
base.LogReadObject(adsystemAttendantMailbox);
GenericAce[] aces = new GenericAce[]
{
new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 131073, securityIdentifier, false, null)
};
DirectoryCommon.SetAclOnAlternateProperty(adsystemAttendantMailbox, aces, ADSystemAttendantMailboxSchema.ExchangeSecurityDescriptor);
if (base.ShouldProcess(adsystemAttendantMailbox.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null))
{
this.recipientSession.Save(adsystemAttendantMailbox);
}
}
TaskLogger.LogExit();
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
QueryFilter filter = null;
if (base.Fields.IsModified("AdministrativeGroup"))
{
filter = new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Name, this.AdministrativeGroup);
}
IEnumerable <AdministrativeGroup> enumerable = this.configurationSession.FindPaged <AdministrativeGroup>(null, QueryScope.SubTree, filter, null, 0);
IEnumerator <AdministrativeGroup> enumerator = enumerable.GetEnumerator();
if (enumerator == null || !enumerator.MoveNext())
{
if (base.Fields.IsModified("AdministrativeGroup"))
{
base.WriteError(new AdminGroupNotFoundException(this.AdministrativeGroup), ErrorCategory.ObjectNotFound, null);
}
else
{
base.WriteError(new AdminGroupsNotFoundException(), ErrorCategory.ObjectNotFound, null);
}
}
SecurityIdentifier sid = this.exs.Sid;
SecurityIdentifier securityIdentifier = new SecurityIdentifier("AU");
SecurityIdentifier identity = new SecurityIdentifier("SY");
Guid schemaClassGuid = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchExchangeServer");
List <ActiveDirectoryAccessRule> list = new List <ActiveDirectoryAccessRule>();
list.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.RecipientUpdateExtendedRightGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid));
list.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.RecipientUpdateExtendedRightGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid));
GenericAce[] aces = new GenericAce[]
{
new ObjectAce(AceFlags.None, AceQualifier.AccessAllowed, 256, securityIdentifier, ObjectAceFlags.ObjectAceTypePresent, WellKnownGuid.CreatePublicFolderExtendedRightGuid, Guid.Empty, false, null)
};
do
{
AdministrativeGroup administrativeGroup = enumerator.Current;
base.LogReadObject(administrativeGroup);
if (base.ShouldProcess(administrativeGroup.DistinguishedName, Strings.InfoProcessAction(this.eoa.Sid.ToString()), null))
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, administrativeGroup, list.ToArray());
}
DirectoryCommon.SetAclOnAlternateProperty(administrativeGroup, aces, AdministrativeGroupSchema.PublicFolderDefaultAdminAcl);
if (base.ShouldProcess(administrativeGroup.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null))
{
this.configurationSession.Save(administrativeGroup);
}
PublicFolderTree[] array = this.configurationSession.Find <PublicFolderTree>(administrativeGroup.Id, QueryScope.SubTree, new ComparisonFilter(ComparisonOperator.Equal, PublicFolderTreeSchema.PublicFolderTreeType, PublicFolderTreeType.Mapi), null, 0);
if (array.Length == 0)
{
base.WriteVerbose(Strings.InfoCouldNotFindMAPITLHInAdminGroup(administrativeGroup.AdminDisplayName));
}
else
{
PublicFolderTree publicFolderTree = array[0];
base.LogReadObject(publicFolderTree);
DirectoryCommon.SetAclOnAlternateProperty(publicFolderTree, aces, AdministrativeGroupSchema.PublicFolderDefaultAdminAcl);
if (base.ShouldProcess(publicFolderTree.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null))
{
this.configurationSession.Save(publicFolderTree);
}
}
ActiveDirectoryAccessRule ace = new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All);
this.SetAceByObjectClass <ServersContainer>(administrativeGroup.Id, ace);
}while (enumerator.MoveNext());
TaskLogger.LogExit();
}
