public IEnumerable <T> GetObjects <T>(ObjectId rootId, IConfigDataProvider session, OptionalIdentityData optionalData, out LocalizedString?notFoundReason) where T : IConfigurable, new()
{
if (session == null)
{
throw new ArgumentNullException("session");
}
if (!(session is IDirectorySession))
{
throw new ArgumentException("Session should be an IDirectorySession", "session");
}
if (rootId != null && !(rootId is ADObjectId))
{
throw new ArgumentException("RootId must be an ADObjectId", "rootId");
}
IDirectorySession directorySession = (IDirectorySession)session;
IDirectorySession directorySession2 = null;
if (!(this is OrganizationIdParameter) && VariantConfiguration.InvariantNoFlightingSnapshot.Global.MultiTenancy.Enabled && rootId == null && ADSessionSettings.GetProcessServerSettings() == null && directorySession is IConfigurationSession)
{
IConfigurationSession configurationSession = directorySession as IConfigurationSession;
ADObjectId configurationUnitsRoot = directorySession.GetConfigurationUnitsRoot();
bool flag = !string.IsNullOrEmpty(this.rawIdentity) && this.rawIdentity.IndexOf("\\") != -1;
if (this.InternalADObjectId != null)
{
flag = !string.IsNullOrEmpty(this.InternalADObjectId.DistinguishedName);
}
if (!flag && configurationSession.UseConfigNC && !configurationUnitsRoot.IsDescendantOf(directorySession.GetConfigurationNamingContext()) && typeof(ADConfigurationObject).IsAssignableFrom(typeof(T)) && !typeof(ADNonExchangeObject).IsAssignableFrom(typeof(T)))
{
T t = (default(T) == null) ? Activator.CreateInstance <T>() : default(T);
ADObject adobject = t as ADObject;
ObjectScopeAttribute objectScopeAttribute;
bool flag2 = adobject.IsApplicableToTenant(out objectScopeAttribute);
if (directorySession.SessionSettings.ExecutingUserOrganizationId.Equals(OrganizationId.ForestWideOrgId) && directorySession.SessionSettings.CurrentOrganizationId.Equals(directorySession.SessionSettings.ExecutingUserOrganizationId) && flag2)
{
directorySession2 = directorySession;
}
}
}
if (directorySession2 == null)
{
directorySession2 = ADSession.RescopeSessionToTenantSubTree(directorySession);
}
return(this.GetObjects <T>((ADObjectId)rootId, directorySession, directorySession2, optionalData, out notFoundReason));
}
internal IEnumerable <T> GetADObjectIdObjects <T>(ADObjectId identity, ADObjectId rootId, IDirectorySession session, OptionalIdentityData optionalData) where T : IConfigurable, new()
{
if (identity != null)
{
OrganizationId organizationId;
if (this.InternalADObjectId != null && this.InternalADObjectId.Equals(identity) && this.orgIdResolved)
{
organizationId = this.resolvedOrganizationId;
}
else
{
organizationId = this.GetOrganizationId(session.SessionSettings.CurrentOrganizationId, identity);
}
IDirectorySession directorySession = session;
if (organizationId != null)
{
directorySession = TaskHelper.UnderscopeSessionToOrganization(session, organizationId, true);
}
if (session.ConfigScope == ConfigScopes.TenantSubTree)
{
directorySession = ADSession.RescopeSessionToTenantSubTree(directorySession);
}
if (directorySession.IsRootIdWithinScope <T>(rootId))
{
if (ADObjectId.Equals(identity, identity.DomainId) && !typeof(OrganizationalUnitIdParameterBase).IsAssignableFrom(base.GetType()))
{
if (!typeof(ADRawEntryIdParameter).IsAssignableFrom(base.GetType()))
{
goto IL_15F;
}
}
try
{
ADObjectId rootId2 = rootId;
bool enforceContainerizedScoping = directorySession.EnforceContainerizedScoping;
bool flag = directorySession is IRecipientSession;
if (rootId == null && !string.IsNullOrEmpty(identity.DistinguishedName))
{
if (!ADObjectId.Equals(identity, identity.DomainId) && directorySession.IsRootIdWithinScope <T>(identity.Parent))
{
rootId2 = identity.Parent;
}
else if (directorySession.IsRootIdWithinScope <T>(identity))
{
rootId2 = identity;
if (flag)
{
directorySession.EnforceContainerizedScoping = false;
}
}
}
try
{
EnumerableWrapper <T> wrapper = EnumerableWrapper <T> .GetWrapper(this.PerformPrimarySearch <T>(new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Id, identity), rootId2, directorySession, true, optionalData));
if (wrapper.HasElements())
{
return(wrapper);
}
}
finally
{
if (flag)
{
directorySession.EnforceContainerizedScoping = enforceContainerizedScoping;
}
}
}
catch (LocalizedException exception)
{
if (!TaskHelper.IsTaskKnownException(exception))
{
throw;
}
}
IL_15F:
if (identity.ObjectGuid != Guid.Empty)
{
return(this.PerformPrimarySearch <T>(new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Guid, identity.ObjectGuid), rootId, directorySession, true, optionalData));
}
}
}
return(EnumerableWrapper <T> .Empty);
}
private void SetDeletedObjectsSecurityDescriptor(SecurityIdentifier sid, ActiveDirectoryRights adr)
{
ADObjectId deletedObjectsContainer = this.configurationSession.DeletedObjectsContainer;
if (base.ShouldProcess(deletedObjectsContainer.DistinguishedName, Strings.InfoProcessAction(sid.ToString()), null))
{
ActiveDirectoryAccessRule activeDirectoryAccessRule = new ActiveDirectoryAccessRule(sid, adr, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All);
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, (IConfigurationSession)ADSession.RescopeSessionToTenantSubTree(this.configurationSession), deletedObjectsContainer, new ActiveDirectoryAccessRule[]
{
activeDirectoryAccessRule
});
}
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
IConfigurationSession session = (IConfigurationSession)ADSession.RescopeSessionToTenantSubTree(this.configurationSession);
int count = DirectoryCommon.MailboxWriteAttrs.Count;
SecurityIdentifier sid = this.exs.Sid;
SecurityIdentifier sid2 = this.ets.Sid;
this.configurationSession.GetOrgContainer();
SecurityIdentifier[] array = new SecurityIdentifier[]
{
this.eoa.Sid,
this.ets.Sid
};
SecurityIdentifier identity = new SecurityIdentifier("WD");
SecurityIdentifier identity2 = new SecurityIdentifier("AN");
SecurityIdentifier securityIdentifier = new SecurityIdentifier("AU");
SecurityIdentifier securityIdentifier2 = new SecurityIdentifier("NS");
SecurityIdentifier identity3 = new SecurityIdentifier("SY");
SecurityIdentifier identity4 = new SecurityIdentifier(WellKnownSidType.AccountEnterpriseAdminsSid, this.rootDomain.Sid);
SecurityIdentifier identity5 = new SecurityIdentifier(WellKnownSidType.AccountDomainAdminsSid, this.rootDomain.Sid);
SecurityIdentifier identity6 = new SecurityIdentifier(WellKnownSidType.AccountSchemaAdminsSid, this.rootDomain.Sid);
List <ActiveDirectoryAccessRule> list = new List <ActiveDirectoryAccessRule>(2);
list.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.DsReplicationSynchronize, ActiveDirectorySecurityInheritance.None));
string distinguishedName = this.configurationSession.ConfigurationNamingContext.DistinguishedName;
if (base.ShouldProcess(distinguishedName, Strings.InfoProcessAction(distinguishedName), null))
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, session, this.configurationSession.ConfigurationNamingContext, list.ToArray());
}
Guid schemaClassGuid = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchSmtpReceiveConnector");
ADObjectId deletedObjectsContainer = this.configurationSession.DeletedObjectsContainer;
base.WriteVerbose(Strings.InfoTakeOwnership(deletedObjectsContainer.DistinguishedName));
DirectoryCommon.TakeOwnership(deletedObjectsContainer, null, session);
List <ActiveDirectoryAccessRule> list2 = new List <ActiveDirectoryAccessRule>(100);
list2.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
list2.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.None));
list2.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.GenericAll, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
list2.Add(new ActiveDirectoryAccessRule(sid2, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.DeleteTree | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
list2.Add(new ActiveDirectoryAccessRule(this.ets.Sid, ActiveDirectoryRights.WriteDacl, AccessControlType.Allow, schemaClassGuid, ActiveDirectorySecurityInheritance.All));
list2.Add(new ActiveDirectoryAccessRule(this.ets.Sid, ActiveDirectoryRights.GenericAll, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
if (this.epa != null)
{
list2.Add(new ActiveDirectoryAccessRule(this.epa.Sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
}
if (this.delegatedSetupRG != null)
{
list2.Add(new ActiveDirectoryAccessRule(this.delegatedSetupRG.Sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
}
if (base.ShouldProcess(this.meServicesContainer.DistinguishedName, Strings.InfoProcessAction(this.meServicesContainer.DistinguishedName), null))
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, session, this.meServicesContainer.Id, list2.ToArray());
if (this.confUnitsContainer != null && !this.confUnitsContainer.Id.IsDescendantOf(this.configurationSession.ConfigurationNamingContext))
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.confUnitsContainer, list2.ToArray());
}
}
Guid schemaClassGuid2 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchPrivateMDB");
Guid schemaClassGuid3 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchPublicMDB");
DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchAvailabilityConfig");
Guid schemaClassGuid4 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchAvailabilityAddressSpace");
Guid schemaPropertyGuid = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchAvailabilityUserPassword");
Guid schemaClassGuid5 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "siteAddressing");
Guid schemaClassGuid6 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "site");
Guid schemaClassGuid7 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "siteLink");
Guid schemaClassGuid8 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchEdgeSyncServiceConfig");
Guid schemaClassGuid9 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchEdgeSyncMservConnector");
Guid schemaClassGuid10 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchEdgeSyncEhfConnector");
Guid schemaPropertyGuid2 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "siteFolderServer");
Guid schemaPropertyGuid3 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "siteFolderGUID");
Guid schemaPropertyGuid4 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchDatabaseCreated");
Guid schemaPropertyGuid5 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchPatchMDB");
Guid schemaPropertyGuid6 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchEDBOffline");
Guid schemaPropertyGuid7 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchTransportSiteFlags");
Guid schemaPropertyGuid8 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchPartnerId");
Guid schemaPropertyGuid9 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchCost");
Guid schemaPropertyGuid10 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchVersion");
Guid schemaPropertyGuid11 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchLastAppliedRecipientFilter");
Guid schemaPropertyGuid12 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchRecipientFilterFlags");
Guid schemaPropertyGuid13 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "legacyExchangeDN");
Guid schemaPropertyGuid14 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchOwningServer");
Guid schemaPropertyGuid15 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchMinorPartnerId");
Guid schemaPropertyGuid16 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchResponsibleForSites");
List <ActiveDirectoryAccessRule> list3 = new List <ActiveDirectoryAccessRule>();
list3.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
List <ActiveDirectoryAccessRule> list4 = new List <ActiveDirectoryAccessRule>();
List <ActiveDirectoryAccessRule> list5 = new List <ActiveDirectoryAccessRule>();
list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.SendAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreTransportAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreConstrainedDelegationExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadWriteAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.SendAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreTransportAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreConstrainedDelegationExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadWriteAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreTransportAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All));
list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreConstrainedDelegationExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadWriteAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ReadProperty, AccessControlType.Deny, schemaPropertyGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid4));
list4.Add(new ActiveDirectoryAccessRule(securityIdentifier2, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.None));
list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreatePublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreCreateNamedPropertiesExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid2));
list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid3));
list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreatePublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreCreateNamedPropertiesExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid2));
list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid3));
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, WellKnownGuid.PublicInfoPropSetGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, WellKnownGuid.PersonalInfoPropSetGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, WellKnownGuid.ExchangeInfoPropSetGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid5));
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid3, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid2, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity6, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity6, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.SendAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreVisibleExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
if (this.epa != null)
{
list4.Add(new ActiveDirectoryAccessRule(this.epa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreVisibleExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
}
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid4, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid6, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid5, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid13, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid14, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(this.mas.Sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
List <SecurityIdentifier> list6 = new List <SecurityIdentifier>();
list6.Add(this.eoa.Sid);
if (this.epa != null)
{
list6.Add(this.epa.Sid);
}
foreach (SecurityIdentifier identity7 in list6)
{
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.MailEnablePublicFolderGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreatePublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreateTopLevelPublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderACLExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderAdminACLExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderDeletedItemRetentionExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderExpiryExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderQuotasExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderReplicaListExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreAdminExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreCreateNamedPropertiesExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreVisibleExtendedRightGuid, ActiveDirectorySecurityInheritance.All));
}
for (int i = 0; i < count; i++)
{
Guid schemaPropertyGuid17 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, DirectoryCommon.MailboxWriteAttrs[i]);
list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid17, ActiveDirectorySecurityInheritance.All));
}
if (base.ShouldProcess(this.autodiscoverContainer.DistinguishedName, Strings.InfoProcessAction(this.autodiscoverContainer.DistinguishedName), null))
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.autodiscoverContainer, list3.ToArray());
}
if (base.ShouldProcess(this.orgContainer.DistinguishedName, Strings.InfoProcessAction(this.orgContainer.DistinguishedName), null))
{
DirectoryCommon.RemoveAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, null, this.orgContainer, list5.ToArray());
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.orgContainer, list4.ToArray());
}
if (this.confUnitsContainer != null && base.ShouldProcess(this.confUnitsContainer.DistinguishedName, Strings.InfoProcessAction(this.confUnitsContainer.DistinguishedName), null))
{
DirectoryCommon.RemoveAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, null, this.confUnitsContainer, list5.ToArray());
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.confUnitsContainer, list4.ToArray());
}
ActiveDirectoryAccessRule[] aces = new ActiveDirectoryAccessRule[]
{
new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)
};
if (base.ShouldProcess(this.addressingContainer.DistinguishedName, Strings.InfoProcessAction(this.addressingContainer.DistinguishedName), null))
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.addressingContainer, aces);
}
List <ActiveDirectoryAccessRule> list7 = new List <ActiveDirectoryAccessRule>();
if (this.isMultiTenancy)
{
list7.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ListChildren, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
list7.Add(new ActiveDirectoryAccessRule(this.era.Sid, ActiveDirectoryRights.ListChildren, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
}
else
{
list7.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ListChildren, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All));
}
foreach (SecurityIdentifier identity8 in list6)
{
list7.Add(new ActiveDirectoryAccessRule(identity8, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid11, ActiveDirectorySecurityInheritance.All));
list7.Add(new ActiveDirectoryAccessRule(identity8, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid12, ActiveDirectorySecurityInheritance.All));
}
if (base.ShouldProcess(this.addressListsContainer.DistinguishedName, Strings.InfoProcessAction(this.addressListsContainer.DistinguishedName), null))
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.addressListsContainer, list7.ToArray());
}
if (this.isMultiTenancy)
{
base.ReplaceAddressListACEs(this.addressListsContainer.Id, securityIdentifier, new SecurityIdentifier[]
{
this.eoa.Sid,
this.era.Sid
});
}
if (base.ShouldProcess(this.offlineAddressListsContainer.DistinguishedName, Strings.InfoProcessAction(this.offlineAddressListsContainer.DistinguishedName), null))
{
ActiveDirectoryAccessRule[] aces2 = new ActiveDirectoryAccessRule[]
{
new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.DownloadOABExtendedRightGuid, ActiveDirectorySecurityInheritance.All)
};
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.offlineAddressListsContainer, aces2);
}
List <ActiveDirectoryAccessRule> list8 = new List <ActiveDirectoryAccessRule>();
foreach (SecurityIdentifier identity9 in list6)
{
list8.Add(new ActiveDirectoryAccessRule(identity9, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid11, ActiveDirectorySecurityInheritance.All));
list8.Add(new ActiveDirectoryAccessRule(identity9, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid12, ActiveDirectorySecurityInheritance.All));
}
if (base.ShouldProcess(this.recipPoliciesContainer.DistinguishedName, Strings.InfoProcessAction(this.recipPoliciesContainer.DistinguishedName), null))
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.recipPoliciesContainer, list8.ToArray());
}
List <ActiveDirectoryAccessRule> list9 = new List <ActiveDirectoryAccessRule>();
Guid schemaClassGuid11 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchExchangeServer");
foreach (SecurityIdentifier identity10 in list6)
{
list9.Add(new ActiveDirectoryAccessRule(identity10, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.RecipientUpdateExtendedRightGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid11));
}
if (base.ShouldProcess(this.administrativeGroup.Id.DistinguishedName, Strings.InfoProcessAction(this.administrativeGroup.Id.DistinguishedName), null))
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.administrativeGroup, list9.ToArray());
}
List <ActiveDirectoryAccessRule> list10 = new List <ActiveDirectoryAccessRule>();
for (int j = 0; j < array.Length; j++)
{
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid7, ActiveDirectorySecurityInheritance.All, schemaClassGuid6));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid10, ActiveDirectorySecurityInheritance.All, schemaClassGuid6));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid8, ActiveDirectorySecurityInheritance.All, schemaClassGuid6));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid15, ActiveDirectorySecurityInheritance.All, schemaClassGuid6));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid16, ActiveDirectorySecurityInheritance.All, schemaClassGuid6));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid9, ActiveDirectorySecurityInheritance.All, schemaClassGuid7));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid10, ActiveDirectorySecurityInheritance.All, schemaClassGuid7));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.DeleteTree, AccessControlType.Allow, schemaClassGuid8, ActiveDirectorySecurityInheritance.Children, schemaClassGuid6));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.DeleteTree, AccessControlType.Allow, schemaClassGuid9, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid9));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.DeleteTree, AccessControlType.Allow, schemaClassGuid10, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8));
list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid10));
}
list10.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8));
list10.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid9));
list10.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid10));
list10.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8));
list10.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid9));
list10.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid10));
if (base.ShouldProcess(this.sitesContainer.Id.DistinguishedName, Strings.InfoProcessAction(this.sitesContainer.Id.DistinguishedName), null))
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, session, this.sitesContainer.Id, list10.ToArray());
}
this.SetDeletedObjectsSecurityDescriptor(sid, ActiveDirectoryRights.ListChildren);
this.SetDeletedObjectsSecurityDescriptor(sid2, ActiveDirectoryRights.GenericRead);
this.SetDeletedObjectsSecurityDescriptor(this.eoa.Sid, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.WriteDacl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject);
this.SetDeletedObjectsSecurityDescriptor(securityIdentifier2, ActiveDirectoryRights.ListChildren);
ActiveDirectoryAccessRule[] aces3 = new ActiveDirectoryAccessRule[]
{
new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ListChildren, AccessControlType.Allow)
};
if (base.ShouldProcess(this.arraysContainer.Id.DistinguishedName, Strings.InfoProcessAction(this.arraysContainer.Id.DistinguishedName), null))
{
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.arraysContainer, aces3);
}
TaskLogger.LogExit();
}