protected override void WriteResult(IConfigurable dataObject)
{
TaskLogger.LogEnter();
base.HasObjectMatchingIdentity = true;
ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadAdSecurityDescriptor((ADRawEntry)dataObject, (IConfigurationSession)base.DataSession, new Task.TaskErrorLoggingDelegate(base.WriteError));
if (!base.Owner.IsPresent)
{
AuthorizationRuleCollection accessRules = activeDirectorySecurity.GetAccessRules(true, true, typeof(SecurityIdentifier));
int num = 0;
while (accessRules.Count > num)
{
ActiveDirectoryAccessRule activeDirectoryAccessRule = (ActiveDirectoryAccessRule)accessRules[num];
if (base.SecurityPrincipal == null || (base.SecurityPrincipal != null && base.SecurityPrincipal == activeDirectoryAccessRule.IdentityReference))
{
ADAcePresentationObject adacePresentationObject = new ADAcePresentationObject(activeDirectoryAccessRule, ((ADRawEntry)dataObject).Id);
adacePresentationObject.ResetChangeTracking(true);
base.WriteResult(adacePresentationObject);
}
num++;
}
}
else
{
IdentityReference owner = activeDirectorySecurity.GetOwner(typeof(NTAccount));
base.WriteResult(new OwnerPresentationObject(((ADRawEntry)dataObject).Id, owner.ToString()));
}
TaskLogger.LogExit();
}
protected override void InternalBeginProcessing()
{
TaskLogger.LogEnter();
this.readOnlyRecipientSession = PermissionTaskHelper.GetReadOnlyRecipientSession(this.DomainController);
if (this.readOnlyRecipientSession.UseGlobalCatalog)
{
this.globalCatalogRecipientSession = this.readOnlyRecipientSession;
}
else
{
this.globalCatalogRecipientSession = PermissionTaskHelper.GetReadOnlyRecipientSession(null);
}
this.readOnlyConfigurationSession = DirectorySessionFactory.Default.CreateTopologyConfigurationSession(this.DomainController, true, ConsistencyMode.PartiallyConsistent, ADSessionSettings.FromRootOrgScopeSet(), 207, "InternalBeginProcessing", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\permission\\SetPermissionTaskBase.cs");
if (this.DomainController != null)
{
ADServer adserver = DirectoryUtilities.DomainControllerFromName(this.DomainController);
if (adserver == null)
{
base.ThrowTerminatingError(new RecipientTaskException(Strings.DCWithGivenNameCouldNotBeFound(this.DomainController)), ErrorCategory.ObjectNotFound, null);
}
this.domainControllerDomainId = adserver.DomainId;
}
this.modifiedAcl.Clear();
this.modifiedObjects.Clear();
TaskLogger.LogExit();
}
protected override void InternalBeginProcessing()
{
TaskLogger.LogEnter();
base.InternalBeginProcessing();
this.readOnlySession = PermissionTaskHelper.GetReadOnlySession(base.DomainController);
TaskLogger.LogExit();
}
protected override IConfigurable ResolveDataObject()
{
TaskLogger.LogEnter();
IConfigurable result = PermissionTaskHelper.ResolveDataObject(this.readOnlySession, base.ReadOnlyConfigurationSession, this.globalCatalogSession, this.Identity, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ADRawEntry>), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
TaskLogger.LogExit();
return(result);
}
protected override void WriteResult(IConfigurable dataObject)
{
TaskLogger.LogEnter();
this.HasObjectMatchingIdentity = true;
ADUser aduser = (ADUser)dataObject;
if (aduser.Database == null || aduser.ExchangeGuid == Guid.Empty)
{
base.Validate(aduser);
}
else
{
ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadMailboxSecurityDescriptor((ADUser)dataObject, PermissionTaskHelper.GetReadOnlySession(base.DomainController), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError));
if (!this.Owner.IsPresent)
{
AuthorizationRuleCollection accessRules = activeDirectorySecurity.GetAccessRules(true, true, typeof(SecurityIdentifier));
int num = 0;
while (accessRules.Count > num)
{
ActiveDirectoryAccessRule activeDirectoryAccessRule = (ActiveDirectoryAccessRule)accessRules[num];
if (this.SecurityPrincipal == null || this.SecurityPrincipal.Sid == activeDirectoryAccessRule.IdentityReference || this.SecurityPrincipal.SidHistory.Contains(activeDirectoryAccessRule.IdentityReference as SecurityIdentifier))
{
MailboxAcePresentationObject mailboxAcePresentationObject = new MailboxAcePresentationObject(activeDirectoryAccessRule, ((ADRawEntry)dataObject).Id);
if (Globals.IsDatacenter && base.TenantGlobalCatalogSession != null)
{
SecurityIdentifier securityIdentifier = (SecurityIdentifier)activeDirectoryAccessRule.IdentityReference;
ADRecipient adrecipient = null;
try
{
adrecipient = base.TenantGlobalCatalogSession.FindBySid(securityIdentifier);
}
catch
{
}
if (adrecipient != null)
{
string friendlyName = (!string.IsNullOrEmpty(adrecipient.DisplayName)) ? adrecipient.DisplayName : adrecipient.Name;
mailboxAcePresentationObject.User = new SecurityPrincipalIdParameter(securityIdentifier, friendlyName);
}
}
mailboxAcePresentationObject.ResetChangeTracking(true);
base.WriteResult(mailboxAcePresentationObject);
}
num++;
}
}
else
{
IdentityReference owner = activeDirectorySecurity.GetOwner(typeof(NTAccount));
OwnerPresentationObject dataObject2 = new OwnerPresentationObject(((ADUser)dataObject).Id, owner.ToString());
base.WriteResult(dataObject2);
}
}
TaskLogger.LogExit();
}
private void GrantServerAdminRole()
{
try
{
ActiveDirectoryAccessRule[] acesToServerAdmin = PermissionTaskHelper.GetAcesToServerAdmin(this.ConfigurationSession, ((IADSecurityPrincipal)this.user).Sid);
DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskWarningLoggingDelegate(this.WriteWarning), this.server, acesToServerAdmin);
}
catch (SecurityDescriptorAccessDeniedException exception)
{
base.WriteError(exception, ErrorCategory.PermissionDenied, null);
}
this.WriteWarning(Strings.CouldNotFindLocalAdministratorGroup(this.server.Name, this.Identity.ToString()));
}
protected override void WriteResult(IConfigurable dataObject)
{
TaskLogger.LogEnter();
IDirectorySession directorySession = (IDirectorySession)base.DataSession;
if (TaskHelper.ShouldUnderscopeDataSessionToOrganization(directorySession, (ADObject)dataObject))
{
directorySession = TaskHelper.UnderscopeSessionToOrganization(directorySession, ((ADObject)dataObject).OrganizationId, true);
}
ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadAdSecurityDescriptor((ADRawEntry)dataObject, directorySession, new Task.TaskErrorLoggingDelegate(base.WriteError));
AuthorizationRuleCollection accessRules = activeDirectorySecurity.GetAccessRules(true, true, typeof(SecurityIdentifier));
foreach (object obj in accessRules)
{
ActiveDirectoryAccessRule activeDirectoryAccessRule = (ActiveDirectoryAccessRule)obj;
if (this.Trustee == null || this.trusteeSid == activeDirectoryAccessRule.IdentityReference)
{
RecipientAccessRight?recipientAccessRight = this.FilterByRecipientAccessRights(activeDirectoryAccessRule, this.AccessRights);
if (recipientAccessRight != null)
{
string text = string.Empty;
if (Globals.IsDatacenter && base.TenantGlobalCatalogSession != null)
{
try
{
SecurityIdentifier sId = (SecurityIdentifier)activeDirectoryAccessRule.IdentityReference;
ADRecipient adrecipient = base.TenantGlobalCatalogSession.FindBySid(sId);
if (adrecipient != null)
{
text = ((!string.IsNullOrEmpty(adrecipient.DisplayName)) ? adrecipient.DisplayName : adrecipient.Name);
}
}
catch
{
}
}
if (string.IsNullOrEmpty(text))
{
text = RecipientPermissionTaskHelper.GetFriendlyNameOfSecurityIdentifier((SecurityIdentifier)activeDirectoryAccessRule.IdentityReference, base.TenantGlobalCatalogSession, new Task.TaskErrorLoggingDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
}
RecipientPermission dataObject2 = new RecipientPermission(activeDirectoryAccessRule, ((ADRawEntry)dataObject).Id, text, recipientAccessRight.Value);
base.WriteResult(dataObject2);
}
}
}
TaskLogger.LogExit();
}
protected override void InternalBeginProcessing()
{
TaskLogger.LogEnter();
base.InternalBeginProcessing();
this.readOnlySession = PermissionTaskHelper.GetReadOnlySession(base.DomainController);
if (this.readOnlySession.UseGlobalCatalog)
{
this.globalCatalogSession = this.readOnlySession;
}
else
{
this.globalCatalogSession = PermissionTaskHelper.GetReadOnlySession(null);
}
this.writableSessionOnSpcecifiedDC = PermissionTaskHelper.GetWritableSession(base.DomainController);
this.writableSession = PermissionTaskHelper.GetWritableSession(null);
TaskLogger.LogExit();
}
protected override void InternalBeginProcessing()
{
TaskLogger.LogEnter();
base.InternalBeginProcessing();
this.readOnlyRecipientSession = PermissionTaskHelper.GetReadOnlyRecipientSession(this.DomainController);
if (this.readOnlyRecipientSession.UseGlobalCatalog)
{
this.globalCatalogRecipientSession = this.readOnlyRecipientSession;
}
else
{
this.globalCatalogRecipientSession = PermissionTaskHelper.GetReadOnlyRecipientSession(null);
}
if (this.User != null)
{
this.securityPrincipal = SecurityPrincipalIdParameter.GetUserSid(this.GlobalCatalogRecipientSession, this.User, new Task.TaskErrorLoggingDelegate(base.ThrowTerminatingError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
}
TaskLogger.LogExit();
}
protected void ApplyDelegationInternal(bool removeDelegation)
{
ADRecipient adrecipient = this.SecurityPrincipal.Sid.IsWellKnown(WellKnownSidType.SelfSid) ? this.DataObject : ((ADRecipient)this.SecurityPrincipal);
if (adrecipient.RecipientType == RecipientType.UserMailbox)
{
ADUser dataObject = this.DataObject;
ADUser aduser = this.GetADUser(base.DataSession, dataObject);
if (aduser != null)
{
try
{
PermissionTaskHelper.SetDelegation(aduser, adrecipient, base.DataSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), removeDelegation);
if (!removeDelegation && ((ADUser)adrecipient).DelegateListBL.Count >= 16)
{
this.WriteWarning(Strings.WarningDelegatesExceededOutlookLimit);
}
return;
}
catch (DataValidationException exception)
{
base.WriteError(exception, ErrorCategory.WriteError, null);
return;
}
catch (DataSourceOperationException exception2)
{
base.WriteError(exception2, ErrorCategory.WriteError, null);
return;
}
catch (DataSourceTransientException exception3)
{
base.WriteError(exception3, ErrorCategory.WriteError, null);
return;
}
}
base.WriteVerbose(Strings.VerboseMailboxDelegateSkipNotADUser(this.DataObject.ToString()));
return;
}
base.WriteVerbose(Strings.VerboseMailboxDelegateSkip(this.Instance.User.ToString()));
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
if (base.IsInherited)
{
return;
}
if ("Owner" == base.ParameterSetName)
{
ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadMailboxSecurityDescriptor(this.DataObject, PermissionTaskHelper.GetReadOnlySession(base.DomainController), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError));
SecurityIdentifier sid = this.owner;
activeDirectorySecurity.SetOwner(sid);
new RawSecurityDescriptor(activeDirectorySecurity.GetSecurityDescriptorBinaryForm(), 0);
PermissionTaskHelper.SaveMailboxSecurityDescriptor(this.DataObject, activeDirectorySecurity, base.DataSession, ref this.storeSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError));
string friendlyUserName = SecurityPrincipalIdParameter.GetFriendlyUserName(sid, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
base.WriteObject(new OwnerPresentationObject(this.DataObject.Id, friendlyUserName));
}
else
{
base.InternalProcessRecord();
}
TaskLogger.LogExit();
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
if (base.IsInherited)
{
return;
}
if ("Owner" == base.ParameterSetName)
{
IConfigurationSession writableSession = base.GetWritableSession(this.DataObject.Id);
ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadAdSecurityDescriptor(this.DataObject, writableSession, new Task.TaskErrorLoggingDelegate(base.WriteError));
SecurityIdentifier sid = this.owner;
activeDirectorySecurity.SetOwner(sid);
RawSecurityDescriptor sd = new RawSecurityDescriptor(activeDirectorySecurity.GetSecurityDescriptorBinaryForm(), 0);
writableSession.SaveSecurityDescriptor(this.DataObject.Id, sd, true);
string friendlyUserName = SecurityPrincipalIdParameter.GetFriendlyUserName(sid, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
base.WriteObject(new OwnerPresentationObject(this.DataObject.Id, friendlyUserName));
}
else
{
base.InternalProcessRecord();
}
TaskLogger.LogExit();
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter(new object[]
{
this.DataObject
});
bool flag = false;
if (false == this.Force && this.Arbitration)
{
TIdentity identity = this.Identity;
if (!base.ShouldContinue(Strings.SetArbitrationMailboxConfirmationMessage(identity.ToString())))
{
TaskLogger.LogExit();
return;
}
}
if (false == this.Force && this.originalForwardingAddress == null && this.DataObject.ForwardingAddress != null && this.DataObject.ForwardingSmtpAddress != null)
{
LocalizedString message = (this.originalForwardingSmtpAddress != null) ? Strings.SetMailboxForwardingAddressConfirmationMessage : Strings.SetBothForwardingAddressConfirmationMessage;
if (!base.ShouldContinue(message))
{
TaskLogger.LogExit();
return;
}
}
if (this.DataObject.IsModified(MailboxSchema.ForwardingSmtpAddress) && this.DataObject.ForwardingSmtpAddress != null && this.DataObject.ForwardingAddress != null && !base.Fields.IsModified(MailboxSchema.ForwardingAddress))
{
this.WriteWarning(Strings.ContactAdminForForwardingWarning);
}
if (false == this.Force && this.DataObject.IsModified(ADRecipientSchema.AuditLogAgeLimit))
{
EnhancedTimeSpan t;
if (this.DataObject.MailboxAuditLogAgeLimit == EnhancedTimeSpan.Zero)
{
TIdentity identity2 = this.Identity;
if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitZero(identity2.ToString())))
{
TaskLogger.LogExit();
return;
}
}
else if (this.DataObject.TryGetOriginalValue<EnhancedTimeSpan>(ADRecipientSchema.AuditLogAgeLimit, out t))
{
EnhancedTimeSpan mailboxAuditLogAgeLimit = this.DataObject.MailboxAuditLogAgeLimit;
if (t > mailboxAuditLogAgeLimit)
{
TIdentity identity3 = this.Identity;
if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitSmaller(identity3.ToString(), mailboxAuditLogAgeLimit.ToString())))
{
TaskLogger.LogExit();
return;
}
}
}
}
bool flag2 = false;
bool flag3 = false;
MapiMessageStoreSession mapiMessageStoreSession = null;
try
{
if (this.needChangeMailboxSubtype)
{
if (this.originalRecipientTypeDetails == RecipientTypeDetails.UserMailbox)
{
MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag2 = true;
flag3 = true;
}
else if (this.targetRecipientTypeDetails == RecipientTypeDetails.UserMailbox)
{
MailboxTaskHelper.ClearExternalAssociatedAccountPermission(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag = true;
flag3 = true;
}
}
else if (this.DataObject.IsChanged(ADRecipientSchema.MasterAccountSid))
{
MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag2 = true;
flag3 = true;
}
base.InternalProcessRecord();
if (flag3)
{
PermissionTaskHelper.SaveMailboxSecurityDescriptor(this.DataObject, SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(this.DataObject.ExchangeSecurityDescriptor), (IRecipientSession)base.DataSession, ref mapiMessageStoreSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError));
}
}
finally
{
if (mapiMessageStoreSession != null)
{
mapiMessageStoreSession.Dispose();
}
}
if (flag2)
{
base.WriteVerbose(Strings.VerboseSaveADSecurityDescriptor(this.DataObject.Id.ToString()));
this.DataObject.SaveSecurityDescriptor(((SecurityDescriptor)this.DataObject[ADObjectSchema.NTSecurityDescriptor]).ToRawSecurityDescriptor());
}
bool flag4 = base.Fields.IsModified(ADUserSchema.SharingPolicy);
if (this.RemoveManagedFolderAndPolicy || flag || flag4)
{
ADSessionSettings sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopes(base.RootOrgContainerId, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, false);
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(base.DomainController, true, ConsistencyMode.IgnoreInvalid, sessionSettings, 4021, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs");
if (!tenantOrRootOrgRecipientSession.IsReadConnectionAvailable())
{
tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 4030, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs");
}
MailboxSession mailboxSession = this.OpenMailboxSession(tenantOrRootOrgRecipientSession, this.DataObject);
if (mailboxSession == null)
{
base.WriteError(new RecipientTaskException(Strings.LogonFailure), ExchangeErrorCategory.ServerOperation, null);
return;
}
using (mailboxSession)
{
if (this.RemoveManagedFolderAndPolicy && !ElcMailboxHelper.RemoveElcInMailbox(mailboxSession))
{
this.WriteWarning(Strings.WarningNonemptyManagedFolderNotDeleted);
}
if (flag)
{
using (CalendarConfigurationDataProvider calendarConfigurationDataProvider = new CalendarConfigurationDataProvider(mailboxSession))
{
CalendarConfiguration calendarConfiguration = (CalendarConfiguration)calendarConfigurationDataProvider.Read<CalendarConfiguration>(null);
calendarConfiguration.AutomateProcessing = CalendarProcessingFlags.None;
try
{
calendarConfigurationDataProvider.Save(calendarConfiguration);
}
catch (LocalizedException exception)
{
base.WriteError(exception, ExchangeErrorCategory.ServerOperation, null);
}
}
}
if (flag4)
{
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedId);
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedHash);
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedTime);
mailboxSession.Mailbox.Save();
}
}
}
if (base.IsSetRandomPassword)
{
MailboxTaskHelper.SetMailboxPassword((IRecipientSession)base.DataSession, this.DataObject, null, new Task.ErrorLoggerDelegate(base.WriteError));
}
TaskLogger.LogExit();
}
private static bool CheckPermissionsOnDkmObjects(IEnumerable <ADRawEntry> dkmObjects, IRootOrganizationRecipientSession session, Dictionary <SecurityIdentifier, ActiveDirectoryRights> expectedAccessRights, StringBuilder detailStatus)
{
bool result = true;
foreach (ADRawEntry adrawEntry in dkmObjects)
{
RawSecurityDescriptor rawSecurityDescriptor;
ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadAdSecurityDescriptor(adrawEntry, session, null, out rawSecurityDescriptor);
if (activeDirectorySecurity == null)
{
result = false;
detailStatus.AppendFormat("Failed to read security descriptor for DKM object {0}. Examine the ACL settings on DKM objects.\r\n", adrawEntry.Id.DistinguishedName);
}
else
{
AuthorizationRuleCollection accessRules = activeDirectorySecurity.GetAccessRules(true, true, typeof(SecurityIdentifier));
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.AppendLine(string.Format("Object DN: {0}\r\n", adrawEntry.Id.DistinguishedName));
bool flag = false;
Dictionary <SecurityIdentifier, ActiveDirectoryRights> dictionary = new Dictionary <SecurityIdentifier, ActiveDirectoryRights>();
foreach (object obj in accessRules)
{
ActiveDirectoryAccessRule activeDirectoryAccessRule = (ActiveDirectoryAccessRule)obj;
try
{
if (!expectedAccessRights.ContainsKey((SecurityIdentifier)activeDirectoryAccessRule.IdentityReference))
{
int num = AuthzAuthorization.CheckGenericPermission((SecurityIdentifier)activeDirectoryAccessRule.IdentityReference, rawSecurityDescriptor, AccessMask.MaximumAllowed);
if (num != 0)
{
stringBuilder.AppendFormat("Unexpected ACE with Identity: {0}, Rights: {1}\r\n\r\n", TestDataCenterDKMAccess.AccountNameFromSid(activeDirectoryAccessRule.IdentityReference.ToString()), (ActiveDirectoryRights)num);
result = false;
flag = true;
}
}
else
{
dictionary[(SecurityIdentifier)activeDirectoryAccessRule.IdentityReference] = (ActiveDirectoryRights)AuthzAuthorization.CheckGenericPermission((SecurityIdentifier)activeDirectoryAccessRule.IdentityReference, rawSecurityDescriptor, AccessMask.MaximumAllowed);
}
}
catch (Win32Exception ex)
{
stringBuilder.AppendFormat("Failed to check ACL for Identity: {0} with Win32Exception {1} and ErrorCode {2}\r\n", TestDataCenterDKMAccess.AccountNameFromSid(activeDirectoryAccessRule.IdentityReference.ToString()), ex.Message, ex.ErrorCode);
result = false;
flag = true;
}
}
Dictionary <SecurityIdentifier, ActiveDirectoryRights> dictionary2 = new Dictionary <SecurityIdentifier, ActiveDirectoryRights>(expectedAccessRights);
foreach (KeyValuePair <SecurityIdentifier, ActiveDirectoryRights> keyValuePair in dictionary)
{
if (dictionary2[keyValuePair.Key] != keyValuePair.Value)
{
stringBuilder.AppendFormat("Wrong rights in ACE for Identity {0}\r\nExpected Rights: {1}\r\nActual Rights: {2}\r\n\r\n", TestDataCenterDKMAccess.AccountNameFromSid(keyValuePair.Key.ToString()), dictionary2[keyValuePair.Key], keyValuePair.Value);
result = false;
flag = true;
}
dictionary2.Remove(keyValuePair.Key);
}
if (dictionary2.Count > 0)
{
foreach (KeyValuePair <SecurityIdentifier, ActiveDirectoryRights> keyValuePair2 in dictionary2)
{
stringBuilder.AppendFormat("Missing expected ACE for Identity {0}\r\nExpected Rights: {1}\r\n\r\n", TestDataCenterDKMAccess.AccountNameFromSid(keyValuePair2.Key.ToString()), keyValuePair2.Value);
result = false;
flag = true;
}
}
if (flag)
{
detailStatus.AppendLine(stringBuilder.ToString());
}
}
}
return(result);
}
internal override void ApplyModification(ADUser modifiedObject, ActiveDirectoryAccessRule[] modifiedAces, IConfigDataProvider modifyingSession)
{
PermissionTaskHelper.SetMailboxAces(modifiedObject, modifyingSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.ErrorLoggerDelegate(base.WriteError), PermissionTaskHelper.GetReadOnlySession(base.DomainController), ref this.storeSession, false, modifiedAces);
}
