private void CreateDkmContainer(string dkmContainerName, string dkmParentContainerDN, out DkmProxy dkmProxy) { dkmProxy = new DkmProxy(dkmContainerName, null, null) { PreferredReplicaName = this.rootDomain.OriginatingServer, DkmParentContainerDN = dkmParentContainerDN, DkmContainerName = "CN=Distributed KeyMan" }; dkmProxy.InitializeDkm(); dkmProxy.AddGroup(); }
private static void SetDkmContainerAccessRules(DkmProxy dkmProxy, IEnumerable <SecurityIdentifier> principalsToHaveKeyReadWritePermissionsAdded, IEnumerable <SecurityIdentifier> principalsToHaveFullControlPermissionsAdded) { try { foreach (SecurityIdentifier identity in principalsToHaveKeyReadWritePermissionsAdded) { dkmProxy.AddGroupMemberWithUpdateRights(identity); } foreach (SecurityIdentifier identity2 in principalsToHaveFullControlPermissionsAdded) { dkmProxy.AddGroupOwner(identity2); } } catch (COMException) { } catch (UnauthorizedAccessException) { } }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(); this.InternalBeginProcessing(); string text = this.rootDomain.Id.ToDNString(); foreach (Tuple <string, List <SecurityIdentifier>, List <SecurityIdentifier> > tuple in InitializeDkmDatacenter.DkmContainersToCreate) { try { DkmProxy dkmProxy = null; try { this.CreateDkmContainer(tuple.Item1, string.Format("{0},{1}", "CN=Microsoft,CN=Program Data", text), out dkmProxy); } catch (ObjectAlreadyExistsException) { this.WriteWarning(Strings.DkmContainerAlreadyExists(tuple.Item1)); } if (dkmProxy != null) { this.RemoveUnwantedDkmContainerAccessRules(tuple.Item1, tuple.Item2, tuple.Item3, text); InitializeDkmDatacenter.SetDkmContainerAccessRules(dkmProxy, tuple.Item2, tuple.Item3); } } catch (Exception ex) { this.WriteWarning(Strings.DkmProvisioningException(tuple.Item1, ex)); ExManagementApplicationLogger.LogEvent(ManagementEventLogConstants.Tuple_DkmProvisioningException, new string[] { ex.ToString() }); throw; } } ExManagementApplicationLogger.LogEvent(ManagementEventLogConstants.Tuple_DkmProvisioningSuccessful, new string[0]); TaskLogger.LogExit(); }