protected override IConfigurable PrepareDataObject()
{
TaskLogger.LogEnter();
ADGroup adgroup = (ADGroup)base.PrepareDataObject();
if (!this.BypassSecurityGroupManagerCheck)
{
ADObjectId user;
base.TryGetExecutingUserId(out user);
RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, adgroup, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError));
}
if ("crossforest" == base.ParameterSetName && adgroup.RoleGroupType == RoleGroupType.Standard)
{
base.WriteError(new RecipientTaskException(Strings.ErrorCannotChangeRoleGroupType), (ErrorCategory)1000, null);
}
if ("ExchangeDatacenterCrossForestParameterSet" == base.ParameterSetName)
{
if (Datacenter.ExchangeSku.ExchangeDatacenter != Datacenter.GetExchangeSku() && Datacenter.ExchangeSku.DatacenterDedicated != Datacenter.GetExchangeSku())
{
base.WriteError(new InvalidOperationException(Strings.ErrorLinkedSidParameterNotAllowed(RoleGroupParameters.ParameterLinkedForeignGroupSid)), (ErrorCategory)1000, null);
}
this.linkedGroupSid = this.LinkedForeignGroupSid;
}
if ("crossforest" == base.ParameterSetName || "ExchangeDatacenterCrossForestParameterSet" == base.ParameterSetName)
{
adgroup.ForeignGroupSid = this.linkedGroupSid;
if (adgroup.Members.Count > 0)
{
base.WriteError(new RecipientTaskException(Strings.ErrorLinkedRoleGroupCannotHaveMembers), (ErrorCategory)1000, null);
}
}
if (base.Fields.IsModified("DisplayName"))
{
adgroup[RoleGroupSchema.DisplayName] = this.DisplayName;
}
this.roleGroup = RoleGroupCommon.PopulateRoleAssignmentsAndConvert(adgroup, this.ConfigurationSession);
if (base.Fields.IsModified("Description"))
{
adgroup[ADGroupSchema.RoleGroupDescription] = (string.IsNullOrEmpty(this.Description) ? null : this.Description);
}
if (this.ExternalDirectoryObjectId != Guid.Empty)
{
adgroup.ExternalDirectoryObjectId = this.ExternalDirectoryObjectId.ToString();
}
TaskLogger.LogExit();
return(adgroup);
}
protected override void InternalValidate()
{
TaskLogger.LogEnter();
base.OptionalIdentityData.RootOrgDomainContainerId = this.RootOrgUSGContainerId;
base.InternalValidate();
if (base.HasErrors)
{
return;
}
if (!this.BypassSecurityGroupManagerCheck)
{
ADObjectId user;
base.TryGetExecutingUserId(out user);
RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, this.DataObject, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError));
}
TaskLogger.LogExit();
}
protected override void InternalValidate()
{
base.OptionalIdentityData.RootOrgDomainContainerId = this.RootOrgUSGContainerId;
base.InternalValidate();
if (!this.BypassSecurityGroupManagerCheck)
{
ADObjectId user;
base.TryGetExecutingUserId(out user);
RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, base.DataObject, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError));
}
if (RoleGroupCommon.IsPrecannedRoleGroup(base.DataObject, this.ConfigurationSession, new Guid[0]))
{
base.WriteError(new TaskInvalidOperationException(Strings.ErrorCannotDeletePrecannedRoleGroup(base.DataObject.Name)), ExchangeErrorCategory.Client, null);
}
RoleAssignmentsGlobalConstraints roleAssignmentsGlobalConstraints = new RoleAssignmentsGlobalConstraints(this.ConfigurationSession, base.TenantGlobalCatalogSession, new Task.ErrorLoggerDelegate(base.WriteError));
roleAssignmentsGlobalConstraints.ValidateIsSafeToRemoveRoleGroup(base.DataObject, this.roleAssignmentResults, this);
}
