private void RemoveRAPRoleAssignmentsIfNeeded(RoleAssignmentPolicy policy, IList <ExchangeRole> roles, string mailboxPlanIndex)
{
List <ExchangeRole> list = new List <ExchangeRole>(2);
foreach (ExchangeRole exchangeRole in roles)
{
if (string.IsNullOrEmpty(mailboxPlanIndex))
{
list.Add(exchangeRole);
}
else if (!string.IsNullOrEmpty(mailboxPlanIndex) && string.Equals(exchangeRole.MailboxPlanIndex, mailboxPlanIndex, StringComparison.OrdinalIgnoreCase))
{
list.Add(exchangeRole);
}
}
if (list.Count == 0)
{
return;
}
QueryFilter filter = new ComparisonFilter(ComparisonOperator.Equal, ExchangeRoleAssignmentSchema.User, policy.Id);
foreach (ExchangeRoleAssignment exchangeRoleAssignment in this.configurationSession.FindPaged <ExchangeRoleAssignment>(base.OrgContainerId.GetDescendantId(ExchangeRoleAssignment.RdnContainer), QueryScope.OneLevel, filter, null, 0))
{
if (InstallCannedRbacRoleAssignmentsRAP.IsRoleInListOrDerived(exchangeRoleAssignment.Role, list))
{
this.configurationSession.Delete(exchangeRoleAssignment);
base.LogWriteObject(exchangeRoleAssignment);
}
}
}
private void CreateRAPRoleAssignments(RoleAssignmentPolicy policy, IList <ExchangeRole> roles, string mailboxPlanIndex)
{
foreach (ExchangeRole exchangeRole in roles)
{
if (string.IsNullOrEmpty(mailboxPlanIndex) || mailboxPlanIndex.Equals(exchangeRole.MailboxPlanIndex, StringComparison.OrdinalIgnoreCase))
{
RoleHelper.CreateRoleAssignment(exchangeRole, policy.Id, policy.OrganizationId, RoleAssigneeType.RoleAssignmentPolicy, policy.OriginatingServer, RoleAssignmentDelegationType.Regular, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, this.configurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
}
protected override void ResolveLocalSecondaryIdentities()
{
base.ResolveLocalSecondaryIdentities();
Mailbox mailbox = (Mailbox)this.GetDynamicParameters();
if (this.RemoveManagedFolderAndPolicy)
{
mailbox.ManagedFolderMailboxPolicy = null;
}
if (base.Fields.IsModified(MailboxSchema.RetentionPolicy))
{
if (this.RetentionPolicy != null)
{
RetentionPolicy retentionPolicy = (RetentionPolicy)base.GetDataObject<RetentionPolicy>(this.RetentionPolicy, this.ConfigurationSession, null, new LocalizedString?(Strings.ErrorRetentionPolicyNotFound(this.RetentionPolicy.ToString())), new LocalizedString?(Strings.ErrorRetentionPolicyNotUnique(this.RetentionPolicy.ToString())), ExchangeErrorCategory.Client);
mailbox.RetentionPolicy = (ADObjectId)retentionPolicy.Identity;
mailbox.ManagedFolderMailboxPolicy = null;
}
else
{
mailbox.RetentionPolicy = null;
}
}
base.SetReferenceParameter<RecipientIdParameter>(MailboxSchema.ForwardingAddress, this.ForwardingAddress, mailbox, new GetRecipientDelegate<RecipientIdParameter>(this.GetRecipient));
if (base.Fields.IsModified(MailboxSchema.OfflineAddressBook))
{
if (this.OfflineAddressBook != null)
{
OfflineAddressBook offlineAddressBook = (OfflineAddressBook)base.GetDataObject<OfflineAddressBook>(this.OfflineAddressBook, this.ConfigurationSession, null, new LocalizedString?(Strings.ErrorOfflineAddressBookNotFound(this.OfflineAddressBook.ToString())), new LocalizedString?(Strings.ErrorOfflineAddressBookNotUnique(this.OfflineAddressBook.ToString())), ExchangeErrorCategory.Client);
mailbox.OfflineAddressBook = (ADObjectId)offlineAddressBook.Identity;
}
else
{
mailbox.OfflineAddressBook = null;
}
}
if (base.Fields.IsModified(ADRecipientSchema.AddressBookPolicy))
{
AddressBookMailboxPolicyIdParameter addressBookMailboxPolicyIdParameter = (AddressBookMailboxPolicyIdParameter)base.Fields[ADRecipientSchema.AddressBookPolicy];
if (addressBookMailboxPolicyIdParameter != null)
{
AddressBookMailboxPolicy addressBookMailboxPolicy = (AddressBookMailboxPolicy)base.GetDataObject<AddressBookMailboxPolicy>(addressBookMailboxPolicyIdParameter, this.ConfigurationSession, null, new LocalizedString?(Strings.ErrorAddressBookMailboxPolicyNotFound(addressBookMailboxPolicyIdParameter.ToString())), new LocalizedString?(Strings.ErrorAddressBookMailboxPolicyNotUnique(addressBookMailboxPolicyIdParameter.ToString())), ExchangeErrorCategory.Client);
mailbox[ADRecipientSchema.AddressBookPolicy] = (ADObjectId)addressBookMailboxPolicy.Identity;
}
else
{
mailbox[ADRecipientSchema.AddressBookPolicy] = null;
}
}
if (base.Fields.IsModified(ADRecipientSchema.ThrottlingPolicy))
{
if (SharedConfiguration.IsDehydratedConfiguration(base.CurrentOrganizationId))
{
base.WriteError(new TaskInvalidOperationException(Strings.ErrorLinkOpOnDehydratedTenant("ThrottlingPolicy")), ExchangeErrorCategory.Context, this.DataObject.Identity);
}
ThrottlingPolicyIdParameter throttlingPolicyIdParameter = (ThrottlingPolicyIdParameter)base.Fields[ADRecipientSchema.ThrottlingPolicy];
if (throttlingPolicyIdParameter != null)
{
ThrottlingPolicy throttlingPolicy = (ThrottlingPolicy)base.GetDataObject<ThrottlingPolicy>(throttlingPolicyIdParameter, this.ConfigurationSession, null, new LocalizedString?(Strings.ErrorThrottlingPolicyNotFound(throttlingPolicyIdParameter.ToString())), new LocalizedString?(Strings.ErrorThrottlingPolicyNotUnique(throttlingPolicyIdParameter.ToString())), ExchangeErrorCategory.Client);
mailbox[ADRecipientSchema.ThrottlingPolicy] = (ADObjectId)throttlingPolicy.Identity;
}
else
{
mailbox[ADRecipientSchema.ThrottlingPolicy] = null;
}
}
if (base.Fields.IsModified(ADUserSchema.SharingPolicy))
{
if (SharedConfiguration.IsDehydratedConfiguration(base.CurrentOrganizationId))
{
base.WriteError(new LocalizedException(Strings.ErrorLinkOpOnDehydratedTenant("SharingPolicy")), ExchangeErrorCategory.Client, this.DataObject);
}
SharingPolicyIdParameter sharingPolicyIdParameter = (SharingPolicyIdParameter)base.Fields[ADUserSchema.SharingPolicy];
if (sharingPolicyIdParameter != null)
{
SharingPolicy sharingPolicy = (SharingPolicy)base.GetDataObject<SharingPolicy>(sharingPolicyIdParameter, this.ConfigurationSession, null, new LocalizedString?(Strings.ErrorSharingPolicyNotFound(sharingPolicyIdParameter.ToString())), new LocalizedString?(Strings.ErrorSharingPolicyNotUnique(sharingPolicyIdParameter.ToString())), ExchangeErrorCategory.Client);
mailbox[ADUserSchema.SharingPolicy] = (ADObjectId)sharingPolicy.Identity;
}
else
{
mailbox[ADUserSchema.SharingPolicy] = null;
}
}
if (base.Fields.IsModified(ADUserSchema.RemoteAccountPolicy))
{
RemoteAccountPolicyIdParameter remoteAccountPolicyIdParameter = (RemoteAccountPolicyIdParameter)base.Fields[ADUserSchema.RemoteAccountPolicy];
if (remoteAccountPolicyIdParameter != null)
{
RemoteAccountPolicy remoteAccountPolicy = (RemoteAccountPolicy)base.GetDataObject<RemoteAccountPolicy>(remoteAccountPolicyIdParameter, this.ConfigurationSession, null, new LocalizedString?(Strings.ErrorRemoteAccountPolicyNotFound(remoteAccountPolicyIdParameter.ToString())), new LocalizedString?(Strings.ErrorRemoteAccountPolicyNotUnique(remoteAccountPolicyIdParameter.ToString())), ExchangeErrorCategory.Client);
mailbox[ADUserSchema.RemoteAccountPolicy] = (ADObjectId)remoteAccountPolicy.Identity;
}
else
{
mailbox[ADUserSchema.RemoteAccountPolicy] = null;
}
}
if (base.Fields.IsModified(ADRecipientSchema.RoleAssignmentPolicy))
{
MailboxPolicyIdParameter mailboxPolicyIdParameter = (MailboxPolicyIdParameter)base.Fields[ADRecipientSchema.RoleAssignmentPolicy];
if (mailboxPolicyIdParameter != null)
{
IConfigurationSession tenantLocalConfigSession = RecipientTaskHelper.GetTenantLocalConfigSession(base.CurrentOrganizationId, base.ExecutingUserOrganizationId, base.RootOrgContainerId);
RoleAssignmentPolicy roleAssignmentPolicy = (RoleAssignmentPolicy)base.GetDataObject<RoleAssignmentPolicy>(mailboxPolicyIdParameter, tenantLocalConfigSession, null, new LocalizedString?(Strings.ErrorRoleAssignmentPolicyNotFound(mailboxPolicyIdParameter.ToString())), new LocalizedString?(Strings.ErrorRoleAssignmentPolicyNotUnique(mailboxPolicyIdParameter.ToString())), ExchangeErrorCategory.Client);
mailbox[ADRecipientSchema.RoleAssignmentPolicy] = (ADObjectId)roleAssignmentPolicy.Identity;
}
else
{
mailbox[ADRecipientSchema.RoleAssignmentPolicy] = null;
}
}
if (base.Fields.IsModified(ADRecipientSchema.MailboxPlan))
{
if (this.MailboxPlan != null)
{
ADUser aduser = base.ProvisioningCache.TryAddAndGetOrganizationDictionaryValue<ADUser, string>(CannedProvisioningCacheKeys.CacheKeyMailboxPlanIdParameterId, base.CurrentOrganizationId, this.MailboxPlan.RawIdentity, () => (ADUser)base.GetDataObject<ADUser>(this.MailboxPlan, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorMailboxPlanNotFound(this.MailboxPlan.ToString())), new LocalizedString?(Strings.ErrorMailboxPlanNotUnique(this.MailboxPlan.ToString())), ExchangeErrorCategory.Client));
MailboxTaskHelper.ValidateMailboxPlanRelease(aduser, new Task.ErrorLoggerDelegate(base.WriteError));
mailbox[ADRecipientSchema.MailboxPlan] = (ADObjectId)aduser.Identity;
return;
}
mailbox[ADRecipientSchema.MailboxPlan] = null;
}
}
// Token: 0x06000B8A RID: 2954 RVA: 0x00024843 File Offset: 0x00022A43
public RoleAssigneeIdParameter(RoleAssignmentPolicy policy) : base(policy.Id)
{
this.policyParameter = new MailboxPolicyIdParameter(policy);
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter(new object[]
{
this.DataObject
});
if (base.ParameterSetName == "ValidateOnly" || this.needListMatchingUser)
{
base.WriteObject(this.matchedUsers, true);
}
else if (this.Archive)
{
if (!this.Force && this.User == null && !base.ShouldContinue(Strings.ComfirmConnectToMatchingUser(this.userToConnect.Identity.ToString(), this.userToConnect.Alias)))
{
TaskLogger.LogExit();
return;
}
ConnectMailbox.ConnectArchiveCore(this.userToConnect, this.DataObject.MailboxGuid, base.ParameterSetName, this.RecipientSession, this.TenantConfigurationSession, (MapiAdministrationSession)base.DataSession, this.alias, this.linkedUserSid, this.databaseLocationInfo, this.OwnerMailboxDatabase, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskWarningLoggingDelegate(this.WriteWarning));
}
else
{
Organization orgContainer = this.TenantConfigurationSession.GetOrgContainer();
if (this.DataObject.MailboxType != StoreMailboxType.Private)
{
if (orgContainer.DefaultPublicFolderMailbox.HierarchyMailboxGuid == Guid.Empty)
{
if (this.DataObject.MailboxType == StoreMailboxType.PublicFolderSecondary)
{
this.WriteWarning(Strings.WarningPromotingSecondaryToPrimary);
}
}
else if (this.DataObject.MailboxType == StoreMailboxType.PublicFolderPrimary)
{
this.WriteWarning(Strings.WarningConnectingPrimaryAsSecondary);
}
}
if (!this.Force && this.User == null && !base.ShouldContinue(Strings.ComfirmConnectToMatchingUser(this.userToConnect.Identity.ToString(), this.alias)))
{
TaskLogger.LogExit();
return;
}
if (this.elcPolicyId != null && !this.Force && !this.ManagedFolderMailboxPolicyAllowed.IsPresent && !base.ShouldContinue(Strings.ConfirmManagedFolderMailboxPolicyAllowed(this.userToConnect.Identity.ToString())))
{
TaskLogger.LogExit();
return;
}
if (!base.IsProvisioningLayerAvailable)
{
base.WriteError(new InvalidOperationException(Strings.ErrorNoProvisioningHandlerAvailable), ErrorCategory.InvalidOperation, null);
}
ADObjectId roleAssignmentPolicyId = null;
RoleAssignmentPolicy roleAssignmentPolicy = RecipientTaskHelper.FindDefaultRoleAssignmentPolicy(this.TenantConfigurationSession, new Task.ErrorLoggerDelegate(base.WriteError), Strings.ErrorDefaultRoleAssignmentPolicyNotUnique, Strings.ErrorDefaultRoleAssignmentPolicyNotFound);
if (roleAssignmentPolicy != null)
{
roleAssignmentPolicyId = (ADObjectId)roleAssignmentPolicy.Identity;
}
ConnectMailbox.ConnectMailboxCore(this.userToConnect, this.DataObject.MailboxGuid, this.DataObject.MailboxType, this.DataObject.LegacyDN, base.ParameterSetName, true, this.RecipientSession, (MapiAdministrationSession)base.DataSession, this.alias, this.linkedUserSid, this.databaseLocationInfo, this.OwnerMailboxDatabase, this.elcPolicyId, this.retentionPolicyId, this.mobilePolicyId, this.addressBookPolicyId, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskWarningLoggingDelegate(this.WriteWarning), roleAssignmentPolicyId, this);
if (this.DataObject.MailboxType != StoreMailboxType.Private && orgContainer.DefaultPublicFolderMailbox.HierarchyMailboxGuid == Guid.Empty)
{
orgContainer.DefaultPublicFolderMailbox = orgContainer.DefaultPublicFolderMailbox.Clone();
orgContainer.DefaultPublicFolderMailbox.SetHierarchyMailbox(this.DataObject.MailboxGuid, PublicFolderInformation.HierarchyType.MailboxGuid);
this.TenantConfigurationSession.Save(orgContainer);
MailboxTaskHelper.PrepopulateCacheForMailbox(this.OwnerMailboxDatabase, this.databaseLocationInfo.ServerFqdn, this.userToConnect.OrganizationId, this.DataObject.LegacyDN, this.DataObject.MailboxGuid, this.TenantConfigurationSession.LastUsedDc, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
}
}
TaskLogger.LogExit();
}
protected override IConfigurable PrepareDataObject()
{
TaskLogger.LogEnter();
ExchangeOrganizationalUnit exchangeOrganizationalUnit = null;
((IConfigurationSession)base.DataSession).SessionSettings.IsSharedConfigChecked = true;
this.ConfigurationSession.SessionSettings.IsSharedConfigChecked = true;
this.DataObject = (ExchangeRoleAssignment)base.PrepareDataObject();
if (base.HasErrors)
{
return(null);
}
if (!this.IgnoreDehydratedFlag)
{
SharedConfigurationTaskHelper.VerifyIsNotTinyTenant(base.CurrentOrgState, new Task.ErrorLoggerDelegate(base.WriteError));
}
this.role = (ExchangeRole)base.GetDataObject <ExchangeRole>(this.Role, base.DataSession, null, new LocalizedString?(Strings.ErrorRoleNotFound(this.Role.ToString())), new LocalizedString?(Strings.ErrorRoleNotUnique(this.Role.ToString())));
RoleHelper.VerifyNoScopeForUnScopedRole(base.Fields, this.role, new Task.TaskErrorLoggingDelegate(base.WriteError));
if (this.role != null && this.role.IsDeprecated)
{
base.WriteError(new InvalidOperationException(Strings.ErrorCannotCreateRoleAssignmentToADeprecatedRole(this.role.ToString())), ErrorCategory.InvalidOperation, null);
}
RoleAssigneeType roleAssigneeType;
ADObject adobject;
if (this.Policy != null)
{
RoleAssignmentPolicy roleAssignmentPolicy = (RoleAssignmentPolicy)base.GetDataObject <RoleAssignmentPolicy>(this.Policy, RecipientTaskHelper.GetTenantLocalConfigSession(base.CurrentOrganizationId, base.ExecutingUserOrganizationId, base.RootOrgContainerId), null, new LocalizedString?(Strings.ErrorRBACPolicyNotFound(this.Policy.ToString())), new LocalizedString?(Strings.ErrorRBACPolicyNotUnique(this.Policy.ToString())));
if (!this.role.IsEndUserRole)
{
base.WriteError(new InvalidOperationException(Strings.ErrorNonEndUserRoleCannoBeAssignedToPolicy(this.role.Name)), ErrorCategory.InvalidOperation, roleAssignmentPolicy.Id);
}
OrganizationId organizationId = OrganizationId.ForestWideOrgId;
if (this.ConfigurationSession is ITenantConfigurationSession)
{
organizationId = TaskHelper.ResolveOrganizationId(this.role.Id, ExchangeRole.RdnContainer, (ITenantConfigurationSession)this.ConfigurationSession);
}
ADObjectId adobjectId;
if (OrganizationId.ForestWideOrgId.Equals(organizationId))
{
adobjectId = this.ConfigurationSession.GetOrgContainerId();
}
else
{
adobjectId = organizationId.ConfigurationUnit;
}
if (!roleAssignmentPolicy.Id.IsDescendantOf(adobjectId))
{
base.WriteError(new InvalidOperationException(Strings.ErrorPolicyOutOfRoleScope(roleAssignmentPolicy.Id.ToString(), adobjectId.Name)), ErrorCategory.InvalidOperation, null);
}
roleAssigneeType = RoleAssigneeType.RoleAssignmentPolicy;
adobject = roleAssignmentPolicy;
}
else
{
ADRecipient adrecipient = null;
if (this.User != null)
{
adrecipient = (ADUser)base.GetDataObject <ADUser>(this.User, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorAssigneeUserNotFound(this.User.ToString())), new LocalizedString?(Strings.ErrorAssigneeUserNotUnique(this.User.ToString())));
}
else if (this.SecurityGroup != null)
{
adrecipient = (ADGroup)base.GetDataObject <ADGroup>(this.SecurityGroup, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorAssigneeSecurityGroupNotFound(this.SecurityGroup.ToString())), new LocalizedString?(Strings.ErrorAssigneeSecurityGroupNotUnique(this.SecurityGroup.ToString())));
}
else if (this.Computer != null)
{
adrecipient = (ADComputerRecipient)base.GetDataObject <ADComputerRecipient>(this.Computer, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorAssigneeComputerNotFound(this.Computer.ToString())), new LocalizedString?(Strings.ErrorAssigneeComputerNotUnique(this.Computer.ToString())));
}
RoleHelper.ValidateRoleAssignmentUser(adrecipient, new Task.TaskErrorLoggingDelegate(base.WriteError), false);
roleAssigneeType = ExchangeRoleAssignment.RoleAssigneeTypeFromADRecipient(adrecipient);
adobject = adrecipient;
}
((IDirectorySession)base.DataSession).LinkResolutionServer = adobject.OriginatingServer;
RoleHelper.PrepareNewRoleAssignmentWithUniqueNameAndDefaultScopes(this.Name, this.DataObject, this.role, adobject.Id, adobject.OrganizationId, roleAssigneeType, this.Delegating.IsPresent ? RoleAssignmentDelegationType.Delegating : RoleAssignmentDelegationType.Regular, this.ConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
if (this.role.IsUnscopedTopLevel && this.UnScopedTopLevel)
{
this.skipHRoleCheck = true;
if (this.Delegating)
{
this.DataObject.RoleAssignmentDelegationType = RoleAssignmentDelegationType.DelegatingOrgWide;
}
}
else
{
RoleHelper.AnalyzeAndStampCustomizedWriteScopes(this, this.DataObject, this.role, this.ConfigurationSession, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ManagementScope>), ref this.skipHRoleCheck, ref exchangeOrganizationalUnit, ref this.customRecipientScope, ref this.customConfigScope);
}
TaskLogger.LogExit();
return(this.DataObject);
}
protected override IConfigurable PrepareDataObject()
{
TaskLogger.LogEnter();
ADRecipient adrecipient = (ADRecipient)base.PrepareDataObject();
if (base.IsProvisioningLayerAvailable)
{
Fqdn value = (Fqdn)base.UserSpecifiedParameters["DomainController"];
try
{
base.UserSpecifiedParameters["DomainController"] = this.globalCatalog;
ProvisioningLayer.UpdateAffectedIConfigurable(this, RecipientTaskHelper.ConvertRecipientToPresentationObject(adrecipient), false);
goto IL_82;
}
finally
{
base.UserSpecifiedParameters["DomainController"] = value;
}
}
base.WriteError(new InvalidOperationException(Strings.ErrorNoProvisioningHandlerAvailable), (ErrorCategory)1012, null);
IL_82:
if (RecipientType.UserMailbox == adrecipient.RecipientType)
{
ADUser aduser = (ADUser)adrecipient;
if (string.IsNullOrEmpty(aduser.ServerLegacyDN))
{
base.WriteError(new InvalidOperationException(Strings.ErrorInvalidObjectMissingCriticalProperty(typeof(Mailbox).Name, adrecipient.Identity.ToString(), MailEnabledRecipientSchema.LegacyExchangeDN.Name)), (ErrorCategory)1009, this.Identity);
}
Server server = this.configurationSession.FindServerByLegacyDN(aduser.ServerLegacyDN);
if (server != null)
{
if (!server.IsExchange2007OrLater)
{
base.WriteError(new InvalidOperationException(Strings.ErrorCannotUpdateLegacyMailbox(this.Identity.ToString())), (ErrorCategory)1010, this.Identity);
}
else if (RecipientTaskHelper.IsE15OrLater(server.VersionNumber))
{
if (adrecipient.ExchangeVersion.IsOlderThan(ExchangeObjectVersion.Exchange2012))
{
adrecipient.SetExchangeVersion(ExchangeObjectVersion.Exchange2012);
}
}
else if (server.IsE14OrLater)
{
if (adrecipient.ExchangeVersion.IsOlderThan(ExchangeObjectVersion.Exchange2010))
{
adrecipient.SetExchangeVersion(ExchangeObjectVersion.Exchange2010);
}
}
else if (adrecipient.ExchangeVersion.IsOlderThan(ExchangeObjectVersion.Exchange2007))
{
adrecipient.SetExchangeVersion(ExchangeObjectVersion.Exchange2007);
}
}
SetMailboxBase <MailboxIdParameter, Mailbox> .StampMailboxTypeDetails(adrecipient, true);
MailboxTaskHelper.StampMailboxRecipientDisplayType(adrecipient);
if (server != null && server.IsE14OrLater)
{
NetID netID = aduser.NetID;
if (netID != null)
{
aduser.NetID = netID;
}
}
if (aduser.RoleAssignmentPolicy == null && RecipientTypeDetails.None == (aduser.RecipientTypeDetails & (RecipientTypeDetails.PublicFolder | RecipientTypeDetails.SystemMailbox | RecipientTypeDetails.ArbitrationMailbox | RecipientTypeDetails.DiscoveryMailbox | RecipientTypeDetails.AuditLogMailbox)))
{
RoleAssignmentPolicy roleAssignmentPolicy = RecipientTaskHelper.FindDefaultRoleAssignmentPolicy(RecipientTaskHelper.GetTenantLocalConfigSession(base.CurrentOrganizationId, base.ExecutingUserOrganizationId, base.RootOrgContainerId), new Task.ErrorLoggerDelegate(base.WriteError), Strings.ErrorDefaultRoleAssignmentPolicyNotUnique, Strings.ErrorDefaultRoleAssignmentPolicyNotFound);
if (roleAssignmentPolicy != null)
{
aduser.RoleAssignmentPolicy = (ADObjectId)roleAssignmentPolicy.Identity;
}
}
}
TaskLogger.LogExit();
return(adrecipient);
}
protected override void InternalProcessRecord()
{
this.configurationSession.SessionSettings.IsSharedConfigChecked = true;
base.InternalProcessRecord();
List <string> enabledFeatures = (base.ServicePlanSettings == null) ? null : base.ServicePlanSettings.GetAggregatedMailboxPlanRoleAssignmentFeatures();
List <string> enabledFeatures2 = (this.PreviousServicePlanSettings == null) ? null : this.PreviousServicePlanSettings.GetAggregatedMailboxPlanRoleAssignmentFeatures();
RbacContainer rbacContainer = this.configurationSession.GetRbacContainer();
ExchangeBuild currentRBACConfigVersion = base.GetCurrentRBACConfigVersion(rbacContainer);
List <RoleToRAPAssignmentDefinition> list = new List <RoleToRAPAssignmentDefinition>();
foreach (RoleToRAPAssignmentDefinition roleToRAPAssignmentDefinition in this.GetRoleAssignmentDefinitions().Assignments)
{
if (roleToRAPAssignmentDefinition.SatisfyCondition(enabledFeatures))
{
switch (base.InvocationMode)
{
case InvocationMode.Install:
list.Add(roleToRAPAssignmentDefinition);
break;
case InvocationMode.BuildToBuildUpgrade:
if (roleToRAPAssignmentDefinition.IntroducedInBuild > currentRBACConfigVersion)
{
list.Add(roleToRAPAssignmentDefinition);
}
break;
case InvocationMode.ServicePlanUpdate:
if (!roleToRAPAssignmentDefinition.SatisfyCondition(enabledFeatures2) || roleToRAPAssignmentDefinition.IntroducedInBuild > currentRBACConfigVersion)
{
list.Add(roleToRAPAssignmentDefinition);
}
break;
}
}
}
List <ExchangeRole> list2 = new List <ExchangeRole>();
List <ExchangeRole> list3 = new List <ExchangeRole>();
List <ExchangeRole> list4 = new List <ExchangeRole>();
foreach (ExchangeRole exchangeRole in this.configurationSession.FindPaged <ExchangeRole>(this.rolesContainerId, QueryScope.OneLevel, new ComparisonFilter(ComparisonOperator.Equal, ExchangeRoleSchema.IsEndUserRole, true), null, 0))
{
if (exchangeRole.IsEndUserRole)
{
if (this.IsRoleInFilteredList(exchangeRole, list))
{
if (this.IsAutoGroupRelatedRole(exchangeRole))
{
list3.Add(exchangeRole);
}
else
{
list2.Add(exchangeRole);
}
}
if (this.IsAutoGroupRelatedRole(exchangeRole))
{
list4.Add(exchangeRole);
}
}
}
if (this.Organization == null)
{
using (IEnumerator <RoleAssignmentPolicy> enumerator2 = this.FindAllRoleAssignmentPolicies().GetEnumerator())
{
while (enumerator2.MoveNext())
{
RoleAssignmentPolicy policy = enumerator2.Current;
this.CreateRAPRoleAssignments(policy, list2);
}
goto IL_455;
}
}
if (!base.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled)
{
foreach (RoleAssignmentPolicy policy2 in this.FindAllRoleAssignmentPolicies())
{
this.CreateRAPRoleAssignments(policy2, list2);
}
RoleAssignmentPolicy policy3 = this.FindDefaultRoleAssignmentPolicy();
bool currentPlanAutoGroupEnabled = false;
base.ServicePlanSettings.MailboxPlans.ForEach(delegate(ServicePlan.MailboxPlan x)
{
currentPlanAutoGroupEnabled |= x.AutoGroupPermissions;
});
bool previousPlanAutoGroupEnabled = false;
bool flag = false;
bool flag2 = false;
if (this.PreviousServicePlanSettings != null)
{
this.PreviousServicePlanSettings.MailboxPlans.ForEach(delegate(ServicePlan.MailboxPlan x)
{
previousPlanAutoGroupEnabled |= x.AutoGroupPermissions;
});
if (previousPlanAutoGroupEnabled && !this.PreviousServicePlanSettings.Organization.ShareableConfigurationEnabled)
{
flag = true;
}
else
{
flag2 = true;
}
}
else
{
flag2 = true;
}
if (currentPlanAutoGroupEnabled && !flag)
{
this.CreateRAPRoleAssignments(policy3, list3);
}
else if (!currentPlanAutoGroupEnabled && !flag2)
{
this.RemoveRAPRoleAssignmentsIfNeeded(policy3, list4, null);
}
}
else
{
foreach (ServicePlan.MailboxPlan mailboxPlan in base.ServicePlanSettings.MailboxPlans)
{
ADUser aduser = this.FindMailboxPlanByName(mailboxPlan.Name);
if (aduser.RoleAssignmentPolicy == null)
{
base.WriteError(new InvalidOperationException(Strings.ErrorRBACPolicyLinkNotFound(aduser.Name)), ErrorCategory.InvalidArgument, null);
}
RoleAssignmentPolicy roleAssignmentPolicy = this.configurationSession.Read <RoleAssignmentPolicy>(aduser.RoleAssignmentPolicy);
if (roleAssignmentPolicy == null)
{
base.WriteError(new InvalidOperationException(Strings.ErrorRBACPolicyNotFound(aduser.RoleAssignmentPolicy.ToString())), ErrorCategory.InvalidArgument, null);
}
ServicePlan.MailboxPlan mailboxPlan2 = null;
if (this.PreviousServicePlanSettings != null)
{
mailboxPlan2 = this.PreviousServicePlanSettings.GetMailboxPlanByName(mailboxPlan.Name);
}
if (this.PreviousServicePlanSettings == null || mailboxPlan2 == null)
{
this.CreateRAPRoleAssignments(roleAssignmentPolicy, list2, aduser.MailboxPlanIndex);
}
bool flag3 = false;
bool flag4 = false;
if (mailboxPlan2 != null)
{
if (mailboxPlan2.AutoGroupPermissions)
{
flag3 = true;
}
else
{
flag4 = true;
}
}
else
{
flag4 = true;
}
if (mailboxPlan.AutoGroupPermissions && !flag3)
{
this.CreateRAPRoleAssignments(roleAssignmentPolicy, list3, aduser.MailboxPlanIndex);
}
else if (!mailboxPlan.AutoGroupPermissions && !flag4)
{
this.RemoveRAPRoleAssignmentsIfNeeded(roleAssignmentPolicy, list4, aduser.MailboxPlanIndex);
}
}
}
IL_455:
this.StampCurrentVersionOnRBACContainer(rbacContainer);
}
private void CreateRAPRoleAssignments(RoleAssignmentPolicy policy, IList <ExchangeRole> roles)
{
this.CreateRAPRoleAssignments(policy, roles, null);
}
public static bool RoleAssignmentsForPolicyExist(IConfigurationSession session, RoleAssignmentPolicy policy)
{
if (session == null)
{
throw new ArgumentNullException("session");
}
QueryFilter queryFilter = new ComparisonFilter(ComparisonOperator.Equal, ExchangeRoleAssignmentSchema.User, policy.Id);
ExchangeRoleAssignment[] array = session.Find <ExchangeRoleAssignment>(null, QueryScope.SubTree, queryFilter, null, 1);
return(array.Length > 0);
}