protected override IConfigDataProvider CreateSession() { OrganizationId organizationId = this.ResolveCurrentOrganization(); ADUser tenantArbitrationMailbox; try { tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(organizationId); } catch (ObjectNotFoundException innerException) { TaskLogger.Trace("ObjectNotFoundException occurred when getting Exchange principal from the arbitration mailbox.", new object[0]); throw new AuditLogSearchArbitrationMailboxNotFoundException(organizationId.ToString(), innerException); } catch (NonUniqueRecipientException innerException2) { TaskLogger.Trace("More than one tenant arbitration mailbox found for the current organization.", new object[0]); throw new AuditLogSearchNonUniqueArbitrationMailboxFoundException(organizationId.ToString(), innerException2); } ExchangePrincipal principal = ExchangePrincipal.FromADUser(ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(organizationId), tenantArbitrationMailbox, RemotingOptions.AllowCrossSite); ADSessionSettings sessionSettings = base.CurrentOrganizationId.ToADSessionSettings(); this.recipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(true, ConsistencyMode.FullyConsistent, sessionSettings, 310, "CreateSession", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\AuditLogSearch\\NewAuditLogSearch.cs"); return(this.InternalCreateSearchDataProvider(principal, organizationId)); }
public static ArbitrationMailboxStatus CheckArbitrationMailboxStatus(OrganizationId organizationId, out ADUser user, out ExchangePrincipal principal, out Exception exception) { user = null; principal = null; exception = null; try { if (DatacenterRegistry.IsForefrontForOffice()) { return(ArbitrationMailboxStatus.FFO); } user = AdminAuditLogHelper.GetTenantArbitrationMailbox(organizationId); principal = ExchangePrincipal.FromADUser(ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(organizationId), user, RemotingOptions.AllowCrossSite); AdminAuditLogHelper.Tracer.TraceDebug <int>(0L, "AdminAuditLogHelper: Tenant arbitration mailbox server version is {0}", principal.MailboxInfo.Location.ServerVersion); if (principal.MailboxInfo.Location.ServerVersion < Server.E14SP1MinVersion) { return(ArbitrationMailboxStatus.R4); } if (principal.MailboxInfo.Location.ServerVersion < Server.E15MinVersion) { return(ArbitrationMailboxStatus.R5); } return(ArbitrationMailboxStatus.E15); } catch (ObjectNotFoundException ex) { exception = ex; AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, ObjectNotFoundException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex); } catch (MailboxInfoStaleException ex2) { exception = ex2; AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, MailboxInfoStaleException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex2); } catch (SuitabilityDirectoryException ex3) { exception = ex3; AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, SuitabilityDirectoryException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex3); } catch (DatabaseLocationUnavailableException ex4) { exception = ex4; AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, DatabaseLocationUnavailableException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex4); } return(ArbitrationMailboxStatus.UnableToKnow); }
protected override IConfigDataProvider CreateSession() { OrganizationId organizationId = this.ResolveOrganizationId(); ADUser tenantArbitrationMailbox; try { tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(organizationId); } catch (ObjectNotFoundException innerException) { TaskLogger.Trace("ObjectNotFoundException occurred when getting Exchange principal from the discovery mailbox user.", new object[0]); throw new AdminAuditLogSearchException(Strings.AuditLogSearchArbitrationMailboxNotFound(organizationId.ToString()), innerException); } catch (NonUniqueRecipientException innerException2) { TaskLogger.Trace("More than one tenant arbitration mailbox found for the current organization.", new object[0]); throw new AdminAuditLogSearchException(Strings.AuditLogSearchNonUniqueArbitrationMailbox(organizationId.ToString()), innerException2); } ExchangePrincipal primaryMailbox = ExchangePrincipal.FromADUser(ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(organizationId), tenantArbitrationMailbox, RemotingOptions.AllowCrossSite); return(new AuditLogSearchEwsDataProvider(primaryMailbox)); }
public static StoreObjectId GetOrCreateAdminAuditLogsFolderId(OrganizationId orgId) { ADUser tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(orgId); return(AdminAuditLogHelper.GetOrCreateAdminAuditLogsFolderId(tenantArbitrationMailbox)); }
public AdminAuditLogEvent[] Search() { TaskLogger.LogEnter(); TaskLogger.Trace("Search criteria:\\r\\n{0}", new object[] { this.searchCriteria.ToString() }); if (DatacenterRegistry.IsForefrontForOffice()) { return(this.SearchInFFO()); } ADUser tenantArbitrationMailbox; try { tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(this.searchCriteria.OrganizationId); } catch (ObjectNotFoundException innerException) { TaskLogger.Trace("ObjectNotFoundException occurred when getting Exchange principal from the discovery mailbox user.", new object[0]); throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException); } catch (NonUniqueRecipientException innerException2) { TaskLogger.Trace("More than one tenant arbitration mailbox found for the current organization.", new object[0]); throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException2); } Exception ex = null; ExchangePrincipal principal = ExchangePrincipal.FromADUser(this.searchCriteria.OrganizationId.ToADSessionSettings(), tenantArbitrationMailbox, RemotingOptions.AllowCrossSite); AdminAuditLogEvent[] result; try { TaskLogger.Trace("Opening EWS connection for the tenant arbitration mailbox", new object[0]); EwsAuditClient ewsAuditClient = new EwsAuditClient(new EwsConnectionManager(principal, OpenAsAdminOrSystemServiceBudgetTypeType.Default, AdminAuditLogSearchWorker.Tracer), TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), AdminAuditLogSearchWorker.Tracer); FolderIdType folderIdType = null; ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.root, DistinguishedFolderIdNameType.recoverableitemsroot, out folderIdType); ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.recoverableitemsroot, DistinguishedFolderIdNameType.adminauditlogs, out folderIdType); if (folderIdType == null) { result = Array <AdminAuditLogEvent> .Empty; } else { EwsAuditLogCollection logCollection = new EwsAuditLogCollection(ewsAuditClient, folderIdType); AuditLogSearchId auditLogSearchId = this.searchCriteria.Identity as AuditLogSearchId; IEnumerable <AdminAuditLogEvent> source; if (this.UseFASTQuery()) { QueryStringType queryFilter = this.GenerateFASTSearchQueryString(); source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, QueryStringType>(logCollection, queryFilter, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer); } else { RestrictionType queryFilter2 = this.GenerateSearchQueryFilterForEWS(); source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, RestrictionType>(logCollection, queryFilter2, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer); } if (this.searchStatistics != null) { this.searchStatistics.QueryComplexity = this.searchCriteria.QueryComplexity; this.searchStatistics.CorrelationID = ((auditLogSearchId != null) ? auditLogSearchId.Guid.ToString() : string.Empty); } AdminAuditLogEvent[] array = source.Take(this.searchCriteria.ResultSize).ToArray <AdminAuditLogEvent>(); this.RedactCallerField(array); if (this.searchStatistics != null) { this.searchStatistics.ResultsReturned += array.LongLength; this.searchStatistics.CallResult = true; } result = array; } } catch (StorageTransientException ex2) { ex = ex2; TaskLogger.Trace("Search admin audit log failed with transient storage exception. {0}", new object[] { ex2 }); throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex2, this.searchCriteria); } catch (StoragePermanentException ex3) { ex = ex3; TaskLogger.Trace("Search admin audit log failed with permanent storage exception. {0}", new object[] { ex3 }); throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex3, this.searchCriteria); } catch (AuditLogException ex4) { ex = ex4; TaskLogger.Trace("Search admin audit log failed with storage exception. {0}", new object[] { ex4 }); throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex4, this.searchCriteria); } finally { if (this.searchStatistics != null && ex != null) { this.searchStatistics.ErrorType = ex; this.searchStatistics.ErrorCount++; } TaskLogger.LogExit(); } return(result); }