private void FillTaskPopulatedFields(ADOrganizationConfig organization)
{
RbacContainer rbacContainer = null;
if (OrganizationId.ForestWideOrgId.Equals(organization.OrganizationId))
{
rbacContainer = this.ConfigurationSession.GetRbacContainer();
}
else
{
ExchangeConfigurationUnit exchangeConfigurationUnit = this.ConfigurationSession.GetOrgContainer() as ExchangeConfigurationUnit;
if (exchangeConfigurationUnit != null)
{
organization.ServicePlan = exchangeConfigurationUnit.ServicePlan;
organization.TargetServicePlan = exchangeConfigurationUnit.TargetServicePlan;
if (exchangeConfigurationUnit.IsStaticConfigurationShared)
{
SharedConfiguration sharedConfiguration = SharedConfiguration.GetSharedConfiguration(organization.OrganizationId);
rbacContainer = sharedConfiguration.GetRbacContainer();
}
else
{
rbacContainer = this.ConfigurationSession.GetRbacContainer();
}
}
}
if (rbacContainer != null)
{
organization.RBACConfigurationVersion = rbacContainer.ExchangeVersion;
}
}
private void StampCurrentVersionOnRBACContainer(RbacContainer rbacContainer)
{
rbacContainer.StampExchangeObjectVersion(OrganizationTaskHelper.ManagementDllVersion);
this.configurationSession.Save(rbacContainer);
base.LogWriteObject(rbacContainer);
}
protected override void InternalProcessRecord()
{
this.configurationSession.SessionSettings.IsSharedConfigChecked = true;
base.InternalProcessRecord();
List <string> enabledFeatures = (base.ServicePlanSettings == null) ? null : base.ServicePlanSettings.GetAggregatedMailboxPlanRoleAssignmentFeatures();
List <string> enabledFeatures2 = (this.PreviousServicePlanSettings == null) ? null : this.PreviousServicePlanSettings.GetAggregatedMailboxPlanRoleAssignmentFeatures();
RbacContainer rbacContainer = this.configurationSession.GetRbacContainer();
ExchangeBuild currentRBACConfigVersion = base.GetCurrentRBACConfigVersion(rbacContainer);
List <RoleToRAPAssignmentDefinition> list = new List <RoleToRAPAssignmentDefinition>();
foreach (RoleToRAPAssignmentDefinition roleToRAPAssignmentDefinition in this.GetRoleAssignmentDefinitions().Assignments)
{
if (roleToRAPAssignmentDefinition.SatisfyCondition(enabledFeatures))
{
switch (base.InvocationMode)
{
case InvocationMode.Install:
list.Add(roleToRAPAssignmentDefinition);
break;
case InvocationMode.BuildToBuildUpgrade:
if (roleToRAPAssignmentDefinition.IntroducedInBuild > currentRBACConfigVersion)
{
list.Add(roleToRAPAssignmentDefinition);
}
break;
case InvocationMode.ServicePlanUpdate:
if (!roleToRAPAssignmentDefinition.SatisfyCondition(enabledFeatures2) || roleToRAPAssignmentDefinition.IntroducedInBuild > currentRBACConfigVersion)
{
list.Add(roleToRAPAssignmentDefinition);
}
break;
}
}
}
List <ExchangeRole> list2 = new List <ExchangeRole>();
List <ExchangeRole> list3 = new List <ExchangeRole>();
List <ExchangeRole> list4 = new List <ExchangeRole>();
foreach (ExchangeRole exchangeRole in this.configurationSession.FindPaged <ExchangeRole>(this.rolesContainerId, QueryScope.OneLevel, new ComparisonFilter(ComparisonOperator.Equal, ExchangeRoleSchema.IsEndUserRole, true), null, 0))
{
if (exchangeRole.IsEndUserRole)
{
if (this.IsRoleInFilteredList(exchangeRole, list))
{
if (this.IsAutoGroupRelatedRole(exchangeRole))
{
list3.Add(exchangeRole);
}
else
{
list2.Add(exchangeRole);
}
}
if (this.IsAutoGroupRelatedRole(exchangeRole))
{
list4.Add(exchangeRole);
}
}
}
if (this.Organization == null)
{
using (IEnumerator <RoleAssignmentPolicy> enumerator2 = this.FindAllRoleAssignmentPolicies().GetEnumerator())
{
while (enumerator2.MoveNext())
{
RoleAssignmentPolicy policy = enumerator2.Current;
this.CreateRAPRoleAssignments(policy, list2);
}
goto IL_455;
}
}
if (!base.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled)
{
foreach (RoleAssignmentPolicy policy2 in this.FindAllRoleAssignmentPolicies())
{
this.CreateRAPRoleAssignments(policy2, list2);
}
RoleAssignmentPolicy policy3 = this.FindDefaultRoleAssignmentPolicy();
bool currentPlanAutoGroupEnabled = false;
base.ServicePlanSettings.MailboxPlans.ForEach(delegate(ServicePlan.MailboxPlan x)
{
currentPlanAutoGroupEnabled |= x.AutoGroupPermissions;
});
bool previousPlanAutoGroupEnabled = false;
bool flag = false;
bool flag2 = false;
if (this.PreviousServicePlanSettings != null)
{
this.PreviousServicePlanSettings.MailboxPlans.ForEach(delegate(ServicePlan.MailboxPlan x)
{
previousPlanAutoGroupEnabled |= x.AutoGroupPermissions;
});
if (previousPlanAutoGroupEnabled && !this.PreviousServicePlanSettings.Organization.ShareableConfigurationEnabled)
{
flag = true;
}
else
{
flag2 = true;
}
}
else
{
flag2 = true;
}
if (currentPlanAutoGroupEnabled && !flag)
{
this.CreateRAPRoleAssignments(policy3, list3);
}
else if (!currentPlanAutoGroupEnabled && !flag2)
{
this.RemoveRAPRoleAssignmentsIfNeeded(policy3, list4, null);
}
}
else
{
foreach (ServicePlan.MailboxPlan mailboxPlan in base.ServicePlanSettings.MailboxPlans)
{
ADUser aduser = this.FindMailboxPlanByName(mailboxPlan.Name);
if (aduser.RoleAssignmentPolicy == null)
{
base.WriteError(new InvalidOperationException(Strings.ErrorRBACPolicyLinkNotFound(aduser.Name)), ErrorCategory.InvalidArgument, null);
}
RoleAssignmentPolicy roleAssignmentPolicy = this.configurationSession.Read <RoleAssignmentPolicy>(aduser.RoleAssignmentPolicy);
if (roleAssignmentPolicy == null)
{
base.WriteError(new InvalidOperationException(Strings.ErrorRBACPolicyNotFound(aduser.RoleAssignmentPolicy.ToString())), ErrorCategory.InvalidArgument, null);
}
ServicePlan.MailboxPlan mailboxPlan2 = null;
if (this.PreviousServicePlanSettings != null)
{
mailboxPlan2 = this.PreviousServicePlanSettings.GetMailboxPlanByName(mailboxPlan.Name);
}
if (this.PreviousServicePlanSettings == null || mailboxPlan2 == null)
{
this.CreateRAPRoleAssignments(roleAssignmentPolicy, list2, aduser.MailboxPlanIndex);
}
bool flag3 = false;
bool flag4 = false;
if (mailboxPlan2 != null)
{
if (mailboxPlan2.AutoGroupPermissions)
{
flag3 = true;
}
else
{
flag4 = true;
}
}
else
{
flag4 = true;
}
if (mailboxPlan.AutoGroupPermissions && !flag3)
{
this.CreateRAPRoleAssignments(roleAssignmentPolicy, list3, aduser.MailboxPlanIndex);
}
else if (!mailboxPlan.AutoGroupPermissions && !flag4)
{
this.RemoveRAPRoleAssignmentsIfNeeded(roleAssignmentPolicy, list4, aduser.MailboxPlanIndex);
}
}
}
IL_455:
this.StampCurrentVersionOnRBACContainer(rbacContainer);
}
protected override void InternalProcessRecord()
{
InstallCannedRbacRoleAssignments.isFfoEnvironment = (base.Fields.Contains("IsFfo") && this.IsFfo);
this.configurationSession.SessionSettings.IsSharedConfigChecked = true;
base.InternalProcessRecord();
this.RemoveInvalidRoleAssignments();
this.UpdateRoleAssignments();
List <string> enabledFeatures = (base.ServicePlanSettings == null) ? null : base.ServicePlanSettings.Organization.GetEnabledRoleGroupRoleAssignmentFeatures();
List <string> enabledFeatures2 = (this.PreviousServicePlanSettings == null) ? null : this.PreviousServicePlanSettings.Organization.GetEnabledRoleGroupRoleAssignmentFeatures();
RoleGroupRoleMapping[] roleGroupAssignmentsDefinition = this.GetRoleGroupAssignmentsDefinition();
List <string> cannedRoleNames = this.GetCannedRoleNames();
List <ExchangeRole> list = new List <ExchangeRole>();
foreach (ExchangeRole exchangeRole in this.configurationSession.FindPaged <ExchangeRole>(this.rolesContainerId, QueryScope.OneLevel, null, null, 0))
{
if (cannedRoleNames.Contains(exchangeRole.Name))
{
list.Add(exchangeRole);
}
}
RbacContainer rbacContainer = this.configurationSession.GetRbacContainer();
ExchangeBuild currentRBACConfigVersion = base.GetCurrentRBACConfigVersion(rbacContainer);
foreach (RoleGroupRoleMapping roleGroupRoleMapping in roleGroupAssignmentsDefinition)
{
ADGroup adgroup = null;
foreach (RoleAssignmentDefinition roleAssignmentDefinition in roleGroupRoleMapping.Assignments)
{
bool flag = false;
if (roleAssignmentDefinition.SatisfyCondition(enabledFeatures))
{
switch (base.InvocationMode)
{
case InvocationMode.Install:
flag = true;
break;
case InvocationMode.BuildToBuildUpgrade:
flag = (roleAssignmentDefinition.IntroducedInBuild > currentRBACConfigVersion);
break;
case InvocationMode.ServicePlanUpdate:
flag = (!roleAssignmentDefinition.SatisfyCondition(enabledFeatures2) || roleAssignmentDefinition.IntroducedInBuild > currentRBACConfigVersion);
break;
}
}
if (InstallCannedRbacRoleAssignments.MonitoredDCOnlyRoleGroups.Contains(roleGroupRoleMapping.RoleGroup))
{
flag = true;
}
if (flag)
{
if (adgroup == null)
{
adgroup = this.FindCannedRoleGroupByName(roleGroupRoleMapping.RoleGroup);
}
this.CreateRoleAssignmentDefinition(roleAssignmentDefinition, adgroup, list);
}
else if (!roleAssignmentDefinition.SatisfyCondition(enabledFeatures, roleGroupAssignmentsDefinition))
{
if (this.Organization == null)
{
throw new InvalidOperationException(roleGroupRoleMapping.RoleGroup.ToString());
}
this.RemoveRoleAssignmentDefinition(roleAssignmentDefinition, list);
}
}
if (InstallCannedRbacRoleAssignments.MonitoredDCOnlyRoleGroups.Contains(roleGroupRoleMapping.RoleGroup))
{
if (adgroup == null)
{
adgroup = this.FindCannedRoleGroupByName(roleGroupRoleMapping.RoleGroup);
}
this.PurgeInvalidAssignmentsFromRoleGroup(roleGroupRoleMapping, adgroup, list);
}
}
ADGroup adgroup2 = this.ResolveWellKnownGuid(RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid);
if (adgroup2 == null)
{
base.WriteError(new ExRbacRoleGroupNotFoundException(RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid, "Organization Management"), ErrorCategory.InvalidData, null);
}
base.LogReadObject(adgroup2);
if ((base.ServicePlanSettings != null && base.ServicePlanSettings.Organization.PermissionManagementEnabled) || this.Organization == null)
{
using (List <ExchangeRole> .Enumerator enumerator2 = list.GetEnumerator())
{
while (enumerator2.MoveNext())
{
ExchangeRole exchangeRole2 = enumerator2.Current;
if (exchangeRole2.IsEndUserRole && !exchangeRole2.IsDeprecated && !this.FindRoleAssignment(exchangeRole2, adgroup2, RoleAssignmentDelegationType.DelegatingOrgWide))
{
this.CreateRoleAssignment(exchangeRole2, adgroup2, RoleAssignmentDelegationType.DelegatingOrgWide);
}
}
return;
}
}
foreach (ExchangeRole exchangeRole3 in list)
{
if (exchangeRole3.IsEndUserRole && !exchangeRole3.IsDeprecated)
{
this.RemoveRoleAssignmentsFromGroup(exchangeRole3, adgroup2, RoleAssignmentDelegationType.DelegatingOrgWide);
}
}
}
