private void CreateRAPRoleAssignments(RoleAssignmentPolicy policy, IList <ExchangeRole> roles, string mailboxPlanIndex) { foreach (ExchangeRole exchangeRole in roles) { if (string.IsNullOrEmpty(mailboxPlanIndex) || mailboxPlanIndex.Equals(exchangeRole.MailboxPlanIndex, StringComparison.OrdinalIgnoreCase)) { RoleHelper.CreateRoleAssignment(exchangeRole, policy.Id, policy.OrganizationId, RoleAssigneeType.RoleAssignmentPolicy, policy.OriginatingServer, RoleAssignmentDelegationType.Regular, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, this.configurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); } } }
private void CreateRoleAssignment(ExchangeRole role, ADRecipient recipient, RoleAssignmentDelegationType delegationType) { if (this.adSplitPermissionMode && delegationType == RoleAssignmentDelegationType.Regular && InstallCannedRbacRoleAssignments.invalidRoleTypesInADSplitPermissionMode.Contains(role.RoleType)) { base.WriteVerbose(Strings.VerboseSkipCreatingRoleAssignment(recipient.Id.ToString(), role.Id.ToString(), delegationType.ToString())); return; } RoleAssigneeType roleAssigneeType = ExchangeRoleAssignment.RoleAssigneeTypeFromADRecipient(recipient); RoleHelper.CreateRoleAssignment(role, recipient.Id, recipient.OrganizationId, roleAssigneeType, recipient.OriginatingServer, delegationType, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, this.configurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(); if (!this.Force && SharedConfiguration.IsSharedConfiguration(this.DataObject.OrganizationId) && !base.ShouldContinue(Strings.ConfirmSharedConfiguration(this.DataObject.OrganizationId.OrganizationalUnit.Name))) { TaskLogger.LogExit(); return; } base.InternalProcessRecord(); if (this.UnScopedTopLevel) { try { if (base.ExecutingUserOrganizationId.Equals(this.DataObject.OrganizationId)) { ADObjectId id; RoleAssigneeType roleAssigneeType; if (base.TryGetExecutingUserId(out id)) { roleAssigneeType = RoleAssigneeType.User; } else { roleAssigneeType = RoleAssigneeType.RoleGroup; bool useGlobalCatalog = base.TenantGlobalCatalogSession.UseGlobalCatalog; bool useConfigNC = base.TenantGlobalCatalogSession.UseConfigNC; bool skipRangedAttributes = base.TenantGlobalCatalogSession.SkipRangedAttributes; ADGroup adgroup; try { base.TenantGlobalCatalogSession.UseGlobalCatalog = true; base.TenantGlobalCatalogSession.UseConfigNC = false; base.TenantGlobalCatalogSession.SkipRangedAttributes = true; adgroup = base.TenantGlobalCatalogSession.ResolveWellKnownGuid <ADGroup>(RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid, OrganizationId.ForestWideOrgId.Equals(base.CurrentOrganizationId) ? this.ConfigurationSession.ConfigurationNamingContext : base.TenantGlobalCatalogSession.SessionSettings.CurrentOrganizationId.ConfigurationUnit); } finally { base.TenantGlobalCatalogSession.UseGlobalCatalog = useGlobalCatalog; base.TenantGlobalCatalogSession.UseConfigNC = useConfigNC; base.TenantGlobalCatalogSession.SkipRangedAttributes = skipRangedAttributes; } if (adgroup != null) { id = adgroup.Id; } else { base.ThrowTerminatingError(new ManagementObjectNotFoundException(DirectoryStrings.ExceptionADTopologyCannotFindWellKnownExchangeGroup), (ErrorCategory)1001, RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid); } } RoleHelper.CreateRoleAssignment(this.DataObject, id, base.ExecutingUserOrganizationId, roleAssigneeType, this.DataObject.OriginatingServer, RoleAssignmentDelegationType.DelegatingOrgWide, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, base.DataSession as IConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); } } catch (Exception) { this.WriteWarning(Strings.WarningFailedToCreateAssignmentForNewRole(this.DataObject.Id.ToString())); base.DataSession.Delete(this.DataObject); throw; } if (base.ExchangeRunspaceConfig != null) { base.ExchangeRunspaceConfig.LoadRoleCmdletInfo(); } } TaskLogger.LogExit(); }