Exemple #1
0
        protected override IConfigurable PrepareDataObject()
        {
            TaskLogger.LogEnter();
            ADGroup group = (ADGroup)base.PrepareDataObject();

            this.flagCloseGroupMemberJoinForNoArbitrationMbx   = false;
            this.flagCloseGroupMemberDepartForNoArbitrationMbx = false;
            this.UpdateRecipientDisplayType(group);
            ADObjectId adobjectId;
            bool       flag = base.TryGetExecutingUserId(out adobjectId);

            if (!this.IgnoreNamingPolicy.IsPresent && (base.UserSpecifiedParameters.IsChanged(ADObjectSchema.Name.Name) || base.UserSpecifiedParameters.IsChanged(MailEnabledRecipientSchema.DisplayName.Name)))
            {
                Organization organization;
                if (group.OrganizationId.ConfigurationUnit == null && group.OrganizationId.OrganizationalUnit == null)
                {
                    organization = this.ConfigurationSession.GetOrgContainer();
                }
                else
                {
                    organization = this.ConfigurationSession.Read <ExchangeConfigurationUnit>(group.OrganizationId.ConfigurationUnit);
                }
                if (flag)
                {
                    IRecipientSession recipientSession = RecipientTaskHelper.CreatePartitionOrRootOrgScopedGcSession(null, adobjectId);
                    ADUser            user             = (ADUser)recipientSession.Read(adobjectId);
                    if (base.UserSpecifiedParameters.IsChanged(ADObjectSchema.Name.Name))
                    {
                        group.Name = DistributionGroupTaskHelper.GetGroupNameWithNamingPolicy(organization, user, group, group.Name, ADObjectSchema.Name, new Task.ErrorLoggerDelegate(base.WriteError));
                    }
                    if (base.UserSpecifiedParameters.IsChanged(MailEnabledRecipientSchema.DisplayName.Name))
                    {
                        group.DisplayName = DistributionGroupTaskHelper.GetGroupNameWithNamingPolicy(organization, user, group, group.DisplayName, ADRecipientSchema.DisplayName, new Task.ErrorLoggerDelegate(base.WriteError));
                    }
                }
            }
            bool             flag2 = false;
            ADScopeException ex    = null;

            if (flag && adobjectId != null && !((IDirectorySession)base.DataSession).TryVerifyIsWithinScopes(group, true, out ex))
            {
                group.IsExecutingUserGroupOwner = true;
                flag2 = true;
                base.WriteVerbose(Strings.VerboseDGOwnershipDeepSearch(adobjectId.ToString(), group.Identity.ToString()));
                RecipientTaskHelper.ValidateUserIsGroupManager(adobjectId, group, delegate(LocalizedException exception, ExchangeErrorCategory category, object taget)
                {
                    group.IsExecutingUserGroupOwner = false;
                }, true, base.TenantGlobalCatalogSession);
                group.propertyBag.ResetChangeTracking(ADGroupSchema.IsExecutingUserGroupOwner);
            }
            if (group.RecipientDisplayType == RecipientDisplayType.SecurityDistributionGroup && !flag2 && !this.BypassSecurityGroupManagerCheck && (base.Fields.IsChanged(DistributionGroupSchema.ManagedBy) || base.Fields.IsChanged(MailEnabledRecipientSchema.GrantSendOnBehalfTo) || base.Fields.IsChanged(ADObjectSchema.Name) || base.Fields.IsChanged(DistributionGroupSchema.SamAccountName)))
            {
                if (!flag)
                {
                    base.WriteError(new RecipientTaskException(Strings.ErrorExecutingUserOutOfTargetOrg(base.MyInvocation.MyCommand.Name)), ExchangeErrorCategory.Client, group.Identity.ToString());
                }
                RecipientTaskHelper.ValidateUserIsGroupManager(adobjectId, group, new Task.ErrorLoggerDelegate(base.WriteError), true, base.TenantGlobalCatalogSession);
                group.IsExecutingUserGroupOwner = true;
                group.propertyBag.ResetChangeTracking(ADGroupSchema.IsExecutingUserGroupOwner);
            }
            base.SetMultiReferenceParameter <GeneralRecipientIdParameter>(DistributionGroupSchema.ManagedBy, this.ManagedBy, group, new GetRecipientDelegate <GeneralRecipientIdParameter>(this.GetRecipient));
            if (base.Fields.IsModified(ADGroupSchema.MemberJoinRestriction))
            {
                group.MemberJoinRestriction = this.MemberJoinRestriction;
            }
            if (base.Fields.IsModified(ADGroupSchema.MemberDepartRestriction))
            {
                group.MemberDepartRestriction = this.MemberDepartRestriction;
            }
            if (base.Fields.IsModified(ADRecipientSchema.ArbitrationMailbox))
            {
                if (base.ArbitrationMailbox == null)
                {
                    base.WriteError(new RecipientTaskException(Strings.ErrorNullParameter(ADRecipientSchema.ArbitrationMailbox.Name)), ExchangeErrorCategory.Client, group.Identity);
                }
                ADObjectId arbitrationMailbox = group.ArbitrationMailbox;
            }
            if (!group.ExchangeVersion.IsOlderThan(ADRecipientSchema.ArbitrationMailbox.VersionAdded) && (group.ArbitrationMailbox == null || group.ArbitrationMailbox.IsDescendantOf(ADSession.GetDeletedObjectsContainer(group.ArbitrationMailbox.DomainId))))
            {
                group.ArbitrationMailbox = MailboxTaskHelper.GetArbitrationMailbox(base.TenantGlobalCatalogSession, group.ConfigurationUnit ?? base.RootOrgContainerId);
                if (group.ArbitrationMailbox == null)
                {
                    if (group.MemberJoinRestriction == MemberUpdateType.ApprovalRequired)
                    {
                        if (base.Fields.IsModified(ADGroupSchema.MemberJoinRestriction))
                        {
                            base.WriteError(new RecipientTaskException(Strings.ErrorArbitrationMbxNotSetForApproval(this.Identity.ToString())), ExchangeErrorCategory.Client, group.Identity);
                        }
                        else
                        {
                            group.MemberJoinRestriction = MemberUpdateType.Closed;
                            this.flagCloseGroupMemberJoinForNoArbitrationMbx = true;
                        }
                    }
                    if (group.MemberDepartRestriction == MemberUpdateType.ApprovalRequired)
                    {
                        if (base.Fields.IsModified(ADGroupSchema.MemberDepartRestriction))
                        {
                            base.WriteError(new RecipientTaskException(Strings.ErrorArbitrationMbxNotSetForApproval(this.Identity.ToString())), ExchangeErrorCategory.Client, group.Identity);
                        }
                        else
                        {
                            group.MemberDepartRestriction = MemberUpdateType.Closed;
                            this.flagCloseGroupMemberDepartForNoArbitrationMbx = true;
                        }
                    }
                }
            }
            TaskLogger.LogExit();
            return(group);
        }
        protected override void PrepareRecipientObject(ADGroup group)
        {
            TaskLogger.LogEnter();
            base.PrepareRecipientObject(group);
            Organization organization;

            if (base.Organization == null)
            {
                organization = this.ConfigurationSession.GetOrgContainer();
            }
            else
            {
                organization = this.ConfigurationSession.Read <ExchangeConfigurationUnit>(base.CurrentOrgContainerId);
            }
            ADObjectId adobjectId = null;

            base.TryGetExecutingUserId(out adobjectId);
            if (!this.IgnoreNamingPolicy.IsPresent && adobjectId != null)
            {
                ADUser user = (ADUser)RecipientTaskHelper.CreatePartitionOrRootOrgScopedGcSession(null, adobjectId).Read(adobjectId);
                string groupNameWithNamingPolicy = DistributionGroupTaskHelper.GetGroupNameWithNamingPolicy(organization, user, group, base.Name, ADObjectSchema.Name, new Task.ErrorLoggerDelegate(base.WriteError));
                if (groupNameWithNamingPolicy.Length > 64)
                {
                    base.WriteError(new RecipientTaskException(Strings.ErrorDistributionGroupNameTooLong), ExchangeErrorCategory.Client, null);
                }
                base.Name = groupNameWithNamingPolicy;
                if (!string.IsNullOrEmpty(base.DisplayName))
                {
                    base.DisplayName = DistributionGroupTaskHelper.GetGroupNameWithNamingPolicy(organization, user, group, base.DisplayName, ADRecipientSchema.DisplayName, new Task.ErrorLoggerDelegate(base.WriteError));
                }
            }
            if (base.OrganizationalUnit == null && !ADObjectId.IsNullOrEmpty(organization.DistributionGroupDefaultOU))
            {
                group.SetId(organization.DistributionGroupDefaultOU.GetChildId(base.Name));
            }
            if (base.OrganizationalUnit == null && group[ADRecipientSchema.DefaultDistributionListOU] != null)
            {
                ADObjectId adobjectId2 = (ADObjectId)group[ADRecipientSchema.DefaultDistributionListOU];
                RecipientTaskHelper.ResolveOrganizationalUnitInOrganization(new OrganizationalUnitIdParameter(adobjectId2), this.ConfigurationSession, base.CurrentOrganizationId, new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), ExchangeErrorCategory.Client, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError));
                group.SetId(adobjectId2.GetChildId(base.Name));
            }
            if (this.Type != GroupType.Distribution && this.Type != GroupType.Security)
            {
                base.WriteError(new RecipientTaskException(Strings.ErrorGroupTypeInvalid), ExchangeErrorCategory.Client, null);
            }
            if (base.Fields.IsModified(DistributionGroupSchema.ManagedBy))
            {
                MailboxTaskHelper.StampOnManagedBy(this.DataObject, this.managedByRecipients, new Task.ErrorLoggerDelegate(base.WriteError));
            }
            if (this.RoomList.IsPresent)
            {
                if (this.Type != GroupType.Distribution)
                {
                    base.WriteError(new RecipientTaskException(Strings.ErrorCreateRoomListSecurityGroup(base.Name)), ExchangeErrorCategory.Client, base.Name);
                }
                group.RecipientTypeDetails = RecipientTypeDetails.RoomList;
                if (group.ManagedBy != null)
                {
                    group.AcceptMessagesOnlyFromSendersOrMembers = new MultiValuedProperty <ADObjectId>(group.ManagedBy);
                }
            }
            MailboxTaskHelper.ValidateGroupManagedBy(base.TenantGlobalCatalogSession, group, this.managedByRecipients, new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>), new Task.ErrorLoggerDelegate(base.WriteError));
            MailboxTaskHelper.ValidateGroupManagedByRecipientRestriction(base.TenantGlobalCatalogSession, group, this.managedByRecipients, new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskWarningLoggingDelegate(this.WriteWarning));
            group.GroupType = (GroupTypeFlags)((GroupType)8 | this.Type);
            if (!group.IsChanged(ADRecipientSchema.RecipientDisplayType))
            {
                if ((group.GroupType & GroupTypeFlags.SecurityEnabled) == GroupTypeFlags.SecurityEnabled)
                {
                    group.RecipientDisplayType = new RecipientDisplayType?(RecipientDisplayType.SecurityDistributionGroup);
                }
                else
                {
                    group.RecipientDisplayType = new RecipientDisplayType?(RecipientDisplayType.DistributionGroup);
                }
            }
            if (string.IsNullOrEmpty(group.SamAccountName))
            {
                IRecipientSession[] recipientSessions = new IRecipientSession[]
                {
                    base.RootOrgGlobalCatalogSession
                };
                if (VariantConfiguration.InvariantNoFlightingSnapshot.CmdletInfra.ServiceAccountForest.Enabled && base.CurrentOrganizationId != OrganizationId.ForestWideOrgId)
                {
                    recipientSessions = new IRecipientSession[]
                    {
                        base.RootOrgGlobalCatalogSession,
                        base.PartitionOrRootOrgGlobalCatalogSession
                    };
                }
                group.SamAccountName = RecipientTaskHelper.GenerateUniqueSamAccountName(recipientSessions, group.Id.DomainId, group.Name, true, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), false);
            }
            else
            {
                RecipientTaskHelper.IsSamAccountNameUnique(group, group.SamAccountName, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError), ExchangeErrorCategory.Client);
            }
            if (string.IsNullOrEmpty(group.Alias))
            {
                group.Alias = RecipientTaskHelper.GenerateUniqueAlias(base.TenantGlobalCatalogSession, base.CurrentOrganizationId, group.SamAccountName, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
            }
            if (base.Fields.IsChanged(ADGroupSchema.Members) && this.Members != null)
            {
                foreach (RecipientIdParameter member in this.Members)
                {
                    MailboxTaskHelper.ValidateAndAddMember(base.TenantGlobalCatalogSession, group, member, false, new Task.ErrorLoggerDelegate(base.WriteError), new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>));
                }
            }
            if (this.CopyOwnerToMember.IsPresent && this.managedByRecipients != null)
            {
                foreach (ADRecipient adrecipient in this.managedByRecipients)
                {
                    if (!group.Members.Contains(adrecipient.Id))
                    {
                        MailboxTaskHelper.ValidateMemberInGroup(adrecipient, group, new Task.ErrorLoggerDelegate(base.WriteError));
                        group.Members.Add(adrecipient.Id);
                    }
                }
            }
            if ((group.GroupType & GroupTypeFlags.Universal) == GroupTypeFlags.Universal)
            {
                MailboxTaskHelper.ValidateAddedMembers(base.TenantGlobalCatalogSession, group, new Task.ErrorLoggerDelegate(base.WriteError), new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>));
            }
            if (!this.DataObject.IsModified(ADGroupSchema.MemberDepartRestriction))
            {
                this.DataObject.MemberDepartRestriction = ((this.Type == GroupType.Security) ? MemberUpdateType.Closed : MemberUpdateType.Open);
            }
            if (group.ArbitrationMailbox == null)
            {
                group.ArbitrationMailbox = MailboxTaskHelper.GetArbitrationMailbox(base.TenantGlobalCatalogSession, base.CurrentOrgContainerId);
                if (group.ArbitrationMailbox == null)
                {
                    if (group.MemberJoinRestriction == MemberUpdateType.ApprovalRequired || group.MemberDepartRestriction == MemberUpdateType.ApprovalRequired)
                    {
                        base.WriteError(new RecipientTaskException(Strings.ErrorArbitrationMbxNotSetForApproval(base.Name)), ExchangeErrorCategory.Client, group.Identity);
                    }
                    if (group.ModerationEnabled)
                    {
                        base.WriteError(new RecipientTaskException(Strings.ErrorArbitrationMbxNotSetForModeration(base.Name)), ExchangeErrorCategory.Client, group.Identity);
                    }
                }
            }
            DistributionGroupTaskHelper.CheckMembershipRestriction(group, new Task.ErrorLoggerDelegate(base.WriteError));
            TaskLogger.LogExit();
        }