private IEnumerable <MailboxAuditLogRecord> SearchMailboxStorage(EwsAuditClient ewsClient, bool isArchive)
{
FolderIdType auditRootId;
bool auditExists = ewsClient.FindFolder("Audits", isArchive ? MailboxAuditLogSearchWorker.ArchiveRecoverableItemsRootId : MailboxAuditLogSearchWorker.RecoverableItemsRootId, out auditRootId);
if (auditExists)
{
TaskLogger.Trace("Search query filter is defined. Searching audit log messages in audit folder", new object[0]);
int maxCount = this.resultSize.IsUnlimited ? int.MaxValue : ((this.resultSize.Value > this.outputCount) ? (this.resultSize.Value - this.outputCount) : 0);
EwsAuditLogCollection logCollection = new EwsAuditLogCollection(ewsClient, auditRootId);
IEnumerable <MailboxAuditLogRecord> records;
if (this.queryString != null)
{
records = AuditLogSearchQuery.SearchAuditLogs <MailboxAuditLogRecord, QueryStringType>(logCollection, this.queryString, maxCount, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new MailboxAuditLogSearchWorker.QueryStrategy(this), MailboxAuditLogSearchWorker.Tracer);
}
else
{
records = AuditLogSearchQuery.SearchAuditLogs <MailboxAuditLogRecord, RestrictionType>(logCollection, this.queryFilter, maxCount, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new MailboxAuditLogSearchWorker.QueryStrategy(this), MailboxAuditLogSearchWorker.Tracer);
}
foreach (MailboxAuditLogRecord record in records)
{
yield return(record);
}
}
yield break;
}
public AdminAuditLogEvent[] Search()
{
TaskLogger.LogEnter();
TaskLogger.Trace("Search criteria:\\r\\n{0}", new object[]
{
this.searchCriteria.ToString()
});
if (DatacenterRegistry.IsForefrontForOffice())
{
return(this.SearchInFFO());
}
ADUser tenantArbitrationMailbox;
try
{
tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(this.searchCriteria.OrganizationId);
}
catch (ObjectNotFoundException innerException)
{
TaskLogger.Trace("ObjectNotFoundException occurred when getting Exchange principal from the discovery mailbox user.", new object[0]);
throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException);
}
catch (NonUniqueRecipientException innerException2)
{
TaskLogger.Trace("More than one tenant arbitration mailbox found for the current organization.", new object[0]);
throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException2);
}
Exception ex = null;
ExchangePrincipal principal = ExchangePrincipal.FromADUser(this.searchCriteria.OrganizationId.ToADSessionSettings(), tenantArbitrationMailbox, RemotingOptions.AllowCrossSite);
AdminAuditLogEvent[] result;
try
{
TaskLogger.Trace("Opening EWS connection for the tenant arbitration mailbox", new object[0]);
EwsAuditClient ewsAuditClient = new EwsAuditClient(new EwsConnectionManager(principal, OpenAsAdminOrSystemServiceBudgetTypeType.Default, AdminAuditLogSearchWorker.Tracer), TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), AdminAuditLogSearchWorker.Tracer);
FolderIdType folderIdType = null;
ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.root, DistinguishedFolderIdNameType.recoverableitemsroot, out folderIdType);
ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.recoverableitemsroot, DistinguishedFolderIdNameType.adminauditlogs, out folderIdType);
if (folderIdType == null)
{
result = Array <AdminAuditLogEvent> .Empty;
}
else
{
EwsAuditLogCollection logCollection = new EwsAuditLogCollection(ewsAuditClient, folderIdType);
AuditLogSearchId auditLogSearchId = this.searchCriteria.Identity as AuditLogSearchId;
IEnumerable <AdminAuditLogEvent> source;
if (this.UseFASTQuery())
{
QueryStringType queryFilter = this.GenerateFASTSearchQueryString();
source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, QueryStringType>(logCollection, queryFilter, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer);
}
else
{
RestrictionType queryFilter2 = this.GenerateSearchQueryFilterForEWS();
source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, RestrictionType>(logCollection, queryFilter2, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer);
}
if (this.searchStatistics != null)
{
this.searchStatistics.QueryComplexity = this.searchCriteria.QueryComplexity;
this.searchStatistics.CorrelationID = ((auditLogSearchId != null) ? auditLogSearchId.Guid.ToString() : string.Empty);
}
AdminAuditLogEvent[] array = source.Take(this.searchCriteria.ResultSize).ToArray <AdminAuditLogEvent>();
this.RedactCallerField(array);
if (this.searchStatistics != null)
{
this.searchStatistics.ResultsReturned += array.LongLength;
this.searchStatistics.CallResult = true;
}
result = array;
}
}
catch (StorageTransientException ex2)
{
ex = ex2;
TaskLogger.Trace("Search admin audit log failed with transient storage exception. {0}", new object[]
{
ex2
});
throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex2, this.searchCriteria);
}
catch (StoragePermanentException ex3)
{
ex = ex3;
TaskLogger.Trace("Search admin audit log failed with permanent storage exception. {0}", new object[]
{
ex3
});
throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex3, this.searchCriteria);
}
catch (AuditLogException ex4)
{
ex = ex4;
TaskLogger.Trace("Search admin audit log failed with storage exception. {0}", new object[]
{
ex4
});
throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex4, this.searchCriteria);
}
finally
{
if (this.searchStatistics != null && ex != null)
{
this.searchStatistics.ErrorType = ex;
this.searchStatistics.ErrorCount++;
}
TaskLogger.LogExit();
}
return(result);
}
