public static void CreateMpr(string hostname, NetworkCredential creds, string accountName, string setName, string mprName) { ResourceManagementClient c = new ResourceManagementClient(hostname, creds); Dictionary <string, object> keys = new Dictionary <string, object>(); string[] split = Global.GetNtAccountName(accountName); if (split.Length > 1) { keys.Add("Domain", split[0]); keys.Add("AccountName", split[1]); } else { keys.Add("AccountName", accountName); } ResourceObject user = c.GetResourceByKey("Person", keys); if (user == null) { Logger.Trace($"Person {accountName} was not found. Creating"); user = c.CreateResource("Person"); SecurityIdentifier sid = (SecurityIdentifier) new NTAccount(accountName).Translate(typeof(SecurityIdentifier)); user.SetValue("AccountName", split[1]); user.SetValue("Domain", split[0]); byte[] sidBytes = new byte[sid.BinaryLength]; sid.GetBinaryForm(sidBytes, 0); user.SetValue("ObjectSID", sidBytes); user.Save(); } ResourceObject set = c.GetResourceByKey("Set", "DisplayName", setName); if (set == null) { Logger.Trace($"Set {setName} was not found"); set = c.CreateResource("Set"); } set.SetValue("DisplayName", setName); set.AddValue("ExplicitMember", user); set.SetValue("Description", "Contains the Lithnet AutoSync service account"); set.Save(); Logger.Trace($"Set {setName} saved"); ResourceObject allRequestsSet = c.GetResourceByKey("Set", "DisplayName", "All Requests"); if (allRequestsSet == null) { Logger.Trace("Set All Requests was not found"); allRequestsSet = c.CreateResource("Set"); allRequestsSet.SetValue("DisplayName", "All Requests"); allRequestsSet.SetValue("Filter", "<Filter xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" Dialect=\"http://schemas.microsoft.com/2006/11/XPathFilterDialect\" xmlns=\"http://schemas.xmlsoap.org/ws/2004/09/enumeration\">/Request</Filter>"); allRequestsSet.Save(); Logger.Trace($"Set All Requests created"); } ResourceObject mpr = c.GetResourceByKey("ManagementPolicyRule", "DisplayName", mprName); if (mpr == null) { Logger.Trace($"MPR {mprName} does not exist"); mpr = c.CreateResource("ManagementPolicyRule"); } mpr.SetValue("DisplayName", mprName); mpr.SetValue("Description", "Allows the Lithnet AutoSync service account access to read the msidmCompletedTime attribute from Request objects"); mpr.SetValue("ActionParameter", "msidmCompletedTime"); mpr.SetValue("ActionType", "Read"); mpr.SetValue("GrantRight", true); mpr.SetValue("Disabled", false); mpr.SetValue("ManagementPolicyRuleType", "Request"); mpr.SetValue("ResourceCurrentSet", allRequestsSet); mpr.SetValue("PrincipalSet", set); mpr.Save(); Logger.Trace($"MPR {mprName} saved"); }