private void RemoveInvalidRoleGroups(RoleGroupCollection roleGroups)
{
foreach (RoleGroupDefinition roleGroupDefinition in roleGroups)
{
DNWithBinary dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(this.configurationUnit.OtherWellKnownObjects, roleGroupDefinition.RoleGroupGuid);
if (null != dnwithBinary)
{
this.configurationUnit.OtherWellKnownObjects.Remove(dnwithBinary);
this.configurationSession.Save(this.configurationUnit);
base.LogWriteObject(this.configurationUnit);
ADObjectId adobjectId = new ADObjectId(dnwithBinary.DistinguishedName);
foreach (ExchangeRoleAssignment exchangeRoleAssignment in this.configurationSession.FindPaged <ExchangeRoleAssignment>(base.OrgContainerId.GetDescendantId(ExchangeRoleAssignment.RdnContainer), QueryScope.OneLevel, new ComparisonFilter(ComparisonOperator.Equal, ExchangeRoleAssignmentSchema.User, adobjectId), null, 0))
{
this.configurationSession.Delete(exchangeRoleAssignment);
base.LogWriteObject(exchangeRoleAssignment);
}
if (!adobjectId.IsDeleted)
{
ADRecipient adrecipient = this.orgDomainRecipientSession.Read(adobjectId);
base.LogReadObject(adrecipient);
this.orgDomainRecipientSession.Delete(adrecipient);
base.LogWriteObject(adrecipient);
}
}
}
}
private void ValidateCreatedRoleGroups(RoleGroupCollection roleGroups)
{
foreach (RoleGroupDefinition roleGroupDefinition in roleGroups)
{
base.ResolveHostedExchangeGroupGuid <ADGroup>(roleGroupDefinition.RoleGroupGuid, this.organization.OrganizationId);
}
}
private void CreateAndValidateRoleGroups(ADObjectId usgContainerId, RoleGroupCollection roleGroups)
{
RoleGroupDefinition roleGroupDefinition = roleGroups.FirstOrDefault((RoleGroupDefinition x) => x.RoleGroupGuid.Equals(RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid));
if (roleGroupDefinition == null)
{
base.WriteError(new ExOrgAdminSGroupNotFoundException(WellKnownGuid.EoaWkGuid), ErrorCategory.ObjectNotFound, null);
}
roleGroups.Remove(roleGroupDefinition);
roleGroupDefinition.ADGroup = this.CreateRoleGroup(usgContainerId, roleGroupDefinition, null);
if (!roleGroupDefinition.ADGroup.ManagedBy.Contains(roleGroupDefinition.ADGroup.Id))
{
roleGroupDefinition.ADGroup.ManagedBy.Add(roleGroupDefinition.ADGroup.Id);
this.orgDomainRecipientSession.Save(roleGroupDefinition.ADGroup);
base.LogWriteObject(roleGroupDefinition.ADGroup);
}
List <ADObjectId> manageBy = new List <ADObjectId>
{
roleGroupDefinition.ADGroup.Id
};
foreach (RoleGroupDefinition roleGroupDefinition2 in roleGroups)
{
roleGroupDefinition2.ADGroup = this.CreateRoleGroup(usgContainerId, roleGroupDefinition2, manageBy);
}
roleGroups.Add(roleGroupDefinition);
}
private RoleGroupCollection GetInvalidRoleGroups()
{
bool flag = Datacenter.IsPartnerHostedOnly(false);
RoleGroupCollection roleGroupCollection = new RoleGroupCollection();
List <string> enabledRoleGroupRoleAssignmentFeatures = this.ServicePlanSettings.Organization.GetEnabledRoleGroupRoleAssignmentFeatures();
using (List <RoleGroupDefinition> .Enumerator enumerator = RoleGroupDefinitions.RoleGroups.GetEnumerator())
{
while (enumerator.MoveNext())
{
RoleGroupDefinition roleGroupDefinition = enumerator.Current;
RoleGroupRoleMapping roleGroupRoleMapping;
if (flag)
{
roleGroupRoleMapping = HostedTenant_RoleGroupDefinition.Definition.FirstOrDefault((RoleGroupRoleMapping x) => x.RoleGroup.Equals(roleGroupDefinition.Name, StringComparison.OrdinalIgnoreCase));
}
else
{
roleGroupRoleMapping = Tenant_RoleGroupDefinition.Definition.FirstOrDefault((RoleGroupRoleMapping x) => x.RoleGroup.Equals(roleGroupDefinition.Name, StringComparison.OrdinalIgnoreCase));
}
if (roleGroupRoleMapping != null && roleGroupRoleMapping.GetRolesAssignments(enabledRoleGroupRoleAssignmentFeatures).Count == 0)
{
roleGroupCollection.Add(new RoleGroupDefinition(roleGroupDefinition));
}
}
}
return(roleGroupCollection);
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
RoleGroupCollection roleGroupsToCreate = this.GetRoleGroupsToCreate();
this.CreateAndValidateRoleGroups(this.organization.Id, roleGroupsToCreate);
this.RemoveInvalidRoleGroups(this.GetInvalidRoleGroups());
TaskLogger.LogExit();
}
private void CreateAndValidateRoleGroups(ADOrganizationalUnit usgContainer, RoleGroupCollection roleGroups)
{
foreach (RoleGroupDefinition roleGroup in roleGroups)
{
this.CreateRoleGroup(usgContainer, roleGroup);
}
WindowsPrincipal windowsPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
string name = windowsPrincipal.Identity.Name;
string[] array = name.Split(new char[]
{
'\\'
}, 2);
ADRecipient adrecipient = (ADRecipient)this.recipientSession.FindByAccountName <ADRecipient>(array[0], array[1]);
if (adrecipient != null)
{
TaskLogger.Trace("Didn't find user {0})", new object[]
{
name
});
}
ADGroup adgroup = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EoaWkGuid);
if (adgroup == null)
{
base.WriteError(new ExOrgAdminSGroupNotFoundException(WellKnownGuid.EoaWkGuid), ErrorCategory.ObjectNotFound, null);
}
else if (adrecipient != null)
{
base.LogReadObject(adrecipient);
TaskLogger.Trace("User {0} is being set as member of RoleGroup {1}", new object[]
{
adrecipient.DistinguishedName,
adgroup.Name
});
InitializeExchangeUniversalGroups.AddMember(adrecipient, this.rootDomainRecipientSession, adgroup, new WriteVerboseDelegate(base.WriteVerbose));
}
foreach (RoleGroupDefinition roleGroupDefinition in roleGroups)
{
if (roleGroupDefinition.ADGroup == null)
{
roleGroupDefinition.ADGroup = base.ResolveExchangeGroupGuid <ADGroup>(roleGroupDefinition.RoleGroupGuid);
if (roleGroupDefinition.ADGroup == null)
{
base.WriteError(roleGroupDefinition.GuidNotFoundException, ErrorCategory.ObjectNotFound, null);
}
base.LogReadObject(roleGroupDefinition.ADGroup);
}
if (roleGroupDefinition.ADGroup != null && !roleGroupDefinition.ADGroup.ManagedBy.Contains(adgroup.Id))
{
roleGroupDefinition.ADGroup.ManagedBy.Add(adgroup.Id);
this.rootDomainRecipientSession.Save(roleGroupDefinition.ADGroup);
base.LogWriteObject(roleGroupDefinition.ADGroup);
}
}
}
internal static RoleGroupCollection RoleGroupsToCreate()
{
RoleGroupCollection roleGroupCollection = new RoleGroupCollection();
Datacenter.ExchangeSku exchangeSku = Datacenter.GetExchangeSku();
RoleGroupRoleMapping[] definition;
if (Datacenter.IsMicrosoftHostedOnly(false))
{
definition = Datacenter_RoleGroupDefinition.Definition;
}
else if (Datacenter.IsPartnerHostedOnly(false))
{
definition = Hosting_RoleGroupDefinition.Definition;
}
else if (Datacenter.IsDatacenterDedicated(false))
{
definition = Dedicated_RoleGroupDefinition.Definition;
}
else
{
definition = Enterprise_RoleGroupDefinition.Definition;
}
using (List <RoleGroupDefinition> .Enumerator enumerator = RoleGroupDefinitions.RoleGroups.GetEnumerator())
{
while (enumerator.MoveNext())
{
RoleGroupDefinition roleGroup = enumerator.Current;
if (roleGroup.AlwaysCreateOnSku != null && roleGroup.AlwaysCreateOnSku.Contains(exchangeSku))
{
roleGroupCollection.Add(new RoleGroupDefinition(roleGroup));
}
else
{
RoleGroupRoleMapping roleGroupRoleMapping = definition.FirstOrDefault((RoleGroupRoleMapping x) => x.RoleGroup.Equals(roleGroup.Name, StringComparison.OrdinalIgnoreCase));
if (roleGroupRoleMapping != null)
{
roleGroupCollection.Add(new RoleGroupDefinition(roleGroup));
}
}
}
}
return(roleGroupCollection);
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
RoleGroupCollection roleGroupCollection = InitializeExchangeUniversalGroups.RoleGroupsToCreate();
bool flag = false;
foreach (RoleGroupDefinition roleGroupDefinition in roleGroupCollection)
{
roleGroupDefinition.ADGroup = base.ResolveExchangeGroupGuid <ADGroup>(roleGroupDefinition.RoleGroupGuid);
if (roleGroupDefinition.ADGroup == null)
{
flag = true;
}
}
ADGroup adgroup = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.ExSWkGuid);
ADGroup adgroup2 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.E3iWkGuid);
ADGroup adgroup3 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EtsWkGuid);
ADGroup adgroup4 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EwpWkGuid);
this.adSplitPermissionMode = false;
if (this.ActiveDirectorySplitPermissions != null)
{
if (this.ActiveDirectorySplitPermissions.Value)
{
this.adSplitPermissionMode = true;
}
else
{
this.adSplitPermissionMode = false;
}
}
else if (adgroup3 == null)
{
this.adSplitPermissionMode = false;
}
else if (adgroup4 == null)
{
this.adSplitPermissionMode = false;
}
else if (!adgroup4.Members.Contains(adgroup3.Id))
{
this.adSplitPermissionMode = true;
}
else
{
this.adSplitPermissionMode = false;
}
ADOrganizationalUnit adorganizationalUnit = this.FindExchangeUSGContainer("Microsoft Exchange Protected Groups", this.domainConfigurationSession, this.rootDomain.Id);
if (this.adSplitPermissionMode && adorganizationalUnit == null)
{
adorganizationalUnit = this.CreateExchangeUSGContainer("Microsoft Exchange Protected Groups", this.domainConfigurationSession, this.rootDomain.Id);
if (adorganizationalUnit == null)
{
base.WriteError(new USGContainerNotFoundException("Microsoft Exchange Protected Groups", this.rootDomain.DistinguishedName), ErrorCategory.ObjectNotFound, null);
}
}
ADOrganizationalUnit adorganizationalUnit2 = null;
if (flag || adgroup == null || adgroup2 == null || adgroup3 == null || (!this.adSplitPermissionMode && adgroup4 == null))
{
adorganizationalUnit2 = this.CreateExchangeUSGContainer("Microsoft Exchange Security Groups", this.domainConfigurationSession, this.rootDomain.Id);
if (adorganizationalUnit2 == null)
{
base.WriteError(new USGContainerNotFoundException("Microsoft Exchange Security Groups", this.rootDomain.DistinguishedName), ErrorCategory.ObjectNotFound, null);
}
}
else
{
adorganizationalUnit2 = this.FindExchangeUSGContainer("Microsoft Exchange Security Groups", this.domainConfigurationSession, this.rootDomain.Id);
}
this.CreateAndValidateRoleGroups(adorganizationalUnit2, roleGroupCollection);
this.CreateGroup(adorganizationalUnit2, "Exchange Servers", 0, WellKnownGuid.ExSWkGuid, Strings.ExchangeServersUSGDescription);
this.CreateGroup(adorganizationalUnit2, "Exchange Trusted Subsystem", 0, WellKnownGuid.EtsWkGuid, Strings.ExchangeTrustedSubsystemDescription);
this.CreateGroup(adorganizationalUnit2, "Managed Availability Servers", 0, WellKnownGuid.MaSWkGuid, Strings.ManagedAvailabilityServersUSGDescription);
if (this.adSplitPermissionMode)
{
this.CreateOrMoveEWPGroup(adgroup4, adorganizationalUnit);
}
else
{
this.CreateOrMoveEWPGroup(adgroup4, adorganizationalUnit2);
if (adorganizationalUnit != null)
{
this.domainConfigurationSession.Delete(adorganizationalUnit);
base.LogWriteObject(adorganizationalUnit);
}
}
this.CreateGroup(adorganizationalUnit2, "ExchangeLegacyInterop", 0, WellKnownGuid.E3iWkGuid, Strings.ExchangeInteropUSGDescription);
if (adgroup == null)
{
adgroup = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.ExSWkGuid);
if (adgroup == null)
{
base.WriteError(new ExSGroupNotFoundException(WellKnownGuid.ExSWkGuid), ErrorCategory.InvalidData, null);
}
}
base.LogReadObject(adgroup);
ADGroup adgroup5 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.MaSWkGuid);
if (adgroup5 == null)
{
base.WriteError(new MaSGroupNotFoundException(WellKnownGuid.MaSWkGuid), ErrorCategory.InvalidData, null);
}
base.LogReadObject(adgroup5);
InitializeExchangeUniversalGroups.AddMember(adgroup, this.rootDomainRecipientSession, adgroup5, new WriteVerboseDelegate(base.WriteVerbose));
if (adgroup2 == null)
{
adgroup2 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.E3iWkGuid);
if (adgroup2 == null)
{
base.WriteError(new E2k3InteropGroupNotFoundException(WellKnownGuid.E3iWkGuid), ErrorCategory.InvalidData, null);
}
}
base.LogReadObject(adgroup2);
bool etsExisted = adgroup3 != null;
if (adgroup3 == null)
{
adgroup3 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EtsWkGuid);
if (adgroup3 == null)
{
base.WriteError(new ExTrustedSubsystemGroupNotFoundException(WellKnownGuid.EtsWkGuid), ErrorCategory.InvalidData, null);
}
}
base.LogReadObject(adgroup3);
bool ewpExisted = adgroup4 != null;
if (adgroup4 == null)
{
adgroup4 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EwpWkGuid);
if (adgroup4 == null)
{
base.WriteError(new ExWindowsPermissionsGroupNotFoundException(WellKnownGuid.EwpWkGuid), ErrorCategory.InvalidData, null);
}
}
base.LogReadObject(adgroup4);
this.GrantWriteMembershipPermission(adgroup3.Sid, adorganizationalUnit2);
this.FixExchangeTrustedSubsystemGroupMembership(adgroup3, adgroup4, adgroup, roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EmaWkGuid), etsExisted, ewpExisted);
WindowsPrincipal windowsPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
string name = windowsPrincipal.Identity.Name;
string[] array = name.Split(new char[]
{
'\\'
}, 2);
ADCrossRef[] domainPartitions = ADForest.GetLocalForest(base.DomainController).GetDomainPartitions();
if (domainPartitions == null || domainPartitions.Length == 0)
{
base.WriteError(new DomainsNotFoundException(), ErrorCategory.InvalidData, null);
}
List <SecurityIdentifier> list = new List <SecurityIdentifier>();
foreach (ADCrossRef adcrossRef in domainPartitions)
{
Exception ex = null;
try
{
this.domainConfigurationSession.DomainController = null;
ADDomain addomain = this.domainConfigurationSession.Read <ADDomain>(adcrossRef.NCName);
base.LogReadObject(addomain);
SecurityIdentifier item = new SecurityIdentifier(WellKnownSidType.AccountDomainAdminsSid, addomain.Sid);
list.Add(item);
}
catch (ADExternalException ex2)
{
ex = ex2;
}
catch (ADTransientException ex3)
{
ex = ex3;
}
if (ex != null)
{
this.WriteWarning(Strings.DomainNotReachableWarning(adcrossRef.DnsRoot[0]));
}
}
this.domainConfigurationSession.DomainController = null;
ADGroup adgroupByGuid = roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EoaWkGuid);
ADGroup adgroupByGuid2 = roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EpaWkGuid);
ActiveDirectoryAccessRule activeDirectoryAccessRule = new ActiveDirectoryAccessRule(adgroupByGuid.Sid, ActiveDirectoryRights.GenericAll, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All);
List <ActiveDirectoryAccessRule> list2 = new List <ActiveDirectoryAccessRule>();
list2.Add(activeDirectoryAccessRule);
Guid schemaPropertyGuid = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "member");
foreach (SecurityIdentifier identity in list)
{
list2.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid, ActiveDirectorySecurityInheritance.All));
}
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroup, list2.ToArray());
try
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroupByGuid, new ActiveDirectoryAccessRule[]
{
activeDirectoryAccessRule
});
}
catch (ADOperationException ex4)
{
this.WriteWarning(Strings.UnableToGrantFullControlOnEOA(adgroupByGuid.Id.ToString(), adgroupByGuid.Id.ToString(), ex4.Message));
}
if (adgroupByGuid2 != null)
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroupByGuid2, new ActiveDirectoryAccessRule[]
{
activeDirectoryAccessRule
});
}
if (adorganizationalUnit2 != null)
{
base.WriteVerbose(Strings.InfoSetAces(adorganizationalUnit2.Id.DistinguishedName));
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adorganizationalUnit2, new ActiveDirectoryAccessRule[]
{
activeDirectoryAccessRule
});
}
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroup2, new ActiveDirectoryAccessRule[]
{
activeDirectoryAccessRule
});
bool useGlobalCatalog = this.recipientSession.UseGlobalCatalog;
this.recipientSession.UseGlobalCatalog = true;
try
{
ADRecipient adrecipient = (ADRecipient)this.recipientSession.FindByAccountName <ADRecipient>(array[0], array[1]);
if (adrecipient != null)
{
TaskLogger.Trace("Adding user {0} ({1}), to group {2}.", new object[]
{
name,
adrecipient.DistinguishedName,
adgroupByGuid.DistinguishedName
});
InitializeExchangeUniversalGroups.AddMember(adrecipient, this.rootDomainRecipientSession, adgroupByGuid, new WriteVerboseDelegate(base.WriteVerbose));
}
else
{
TaskLogger.Trace("Didn't find user {0})", new object[]
{
name
});
}
}
catch (ADOperationException ex5)
{
base.WriteVerbose(new LocalizedString(ex5.Message));
}
this.recipientSession.UseGlobalCatalog = useGlobalCatalog;
TaskLogger.LogExit();
}
