protected override IConfigurable PrepareDataObject() { TaskLogger.LogEnter(); ADGroup adgroup = (ADGroup)base.PrepareDataObject(); if (!this.BypassSecurityGroupManagerCheck) { ADObjectId user; base.TryGetExecutingUserId(out user); RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, adgroup, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError)); } if ("crossforest" == base.ParameterSetName && adgroup.RoleGroupType == RoleGroupType.Standard) { base.WriteError(new RecipientTaskException(Strings.ErrorCannotChangeRoleGroupType), (ErrorCategory)1000, null); } if ("ExchangeDatacenterCrossForestParameterSet" == base.ParameterSetName) { if (Datacenter.ExchangeSku.ExchangeDatacenter != Datacenter.GetExchangeSku() && Datacenter.ExchangeSku.DatacenterDedicated != Datacenter.GetExchangeSku()) { base.WriteError(new InvalidOperationException(Strings.ErrorLinkedSidParameterNotAllowed(RoleGroupParameters.ParameterLinkedForeignGroupSid)), (ErrorCategory)1000, null); } this.linkedGroupSid = this.LinkedForeignGroupSid; } if ("crossforest" == base.ParameterSetName || "ExchangeDatacenterCrossForestParameterSet" == base.ParameterSetName) { adgroup.ForeignGroupSid = this.linkedGroupSid; if (adgroup.Members.Count > 0) { base.WriteError(new RecipientTaskException(Strings.ErrorLinkedRoleGroupCannotHaveMembers), (ErrorCategory)1000, null); } } if (base.Fields.IsModified("DisplayName")) { adgroup[RoleGroupSchema.DisplayName] = this.DisplayName; } this.roleGroup = RoleGroupCommon.PopulateRoleAssignmentsAndConvert(adgroup, this.ConfigurationSession); if (base.Fields.IsModified("Description")) { adgroup[ADGroupSchema.RoleGroupDescription] = (string.IsNullOrEmpty(this.Description) ? null : this.Description); } if (this.ExternalDirectoryObjectId != Guid.Empty) { adgroup.ExternalDirectoryObjectId = this.ExternalDirectoryObjectId.ToString(); } TaskLogger.LogExit(); return(adgroup); }
protected override void InternalValidate() { TaskLogger.LogEnter(); base.OptionalIdentityData.RootOrgDomainContainerId = this.RootOrgUSGContainerId; base.InternalValidate(); if (base.HasErrors) { return; } if (!this.BypassSecurityGroupManagerCheck) { ADObjectId user; base.TryGetExecutingUserId(out user); RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, this.DataObject, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError)); } TaskLogger.LogExit(); }
protected override void InternalValidate() { base.OptionalIdentityData.RootOrgDomainContainerId = this.RootOrgUSGContainerId; base.InternalValidate(); if (!this.BypassSecurityGroupManagerCheck) { ADObjectId user; base.TryGetExecutingUserId(out user); RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, base.DataObject, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError)); } if (RoleGroupCommon.IsPrecannedRoleGroup(base.DataObject, this.ConfigurationSession, new Guid[0])) { base.WriteError(new TaskInvalidOperationException(Strings.ErrorCannotDeletePrecannedRoleGroup(base.DataObject.Name)), ExchangeErrorCategory.Client, null); } RoleAssignmentsGlobalConstraints roleAssignmentsGlobalConstraints = new RoleAssignmentsGlobalConstraints(this.ConfigurationSession, base.TenantGlobalCatalogSession, new Task.ErrorLoggerDelegate(base.WriteError)); roleAssignmentsGlobalConstraints.ValidateIsSafeToRemoveRoleGroup(base.DataObject, this.roleAssignmentResults, this); }