protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
if (!this.Force && SharedConfiguration.IsSharedConfiguration(this.DataObject.OrganizationId) && !base.ShouldContinue(Strings.ConfirmSharedConfiguration(this.DataObject.OrganizationId.OrganizationalUnit.Name)))
{
TaskLogger.LogExit();
return;
}
IConfigurationSession configurationSession = null;
base.InternalProcessRecord();
if (this.WellKnownObjectGuid != Guid.Empty || this.roleAssignments != null)
{
configurationSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(null, false, ConsistencyMode.PartiallyConsistent, base.SessionSettings, 676, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RBAC\\RoleGroup\\NewRoleGroup.cs");
configurationSession.LinkResolutionServer = this.DataObject.OriginatingServer;
}
if (this.WellKnownObjectGuid != Guid.Empty)
{
try
{
RoleGroupCommon.StampWellKnownObjectGuid(configurationSession, this.DataObject.OrganizationId, this.DataObject.DistinguishedName, this.WellKnownObjectGuid);
}
catch (Exception)
{
this.DataObject.ExternalDirectoryObjectId = null;
base.DataSession.Save(this.DataObject);
base.DataSession.Delete(this.DataObject);
throw;
}
}
if (this.roleAssignments != null)
{
List <ExchangeRoleAssignment> list = new List <ExchangeRoleAssignment>();
string id = string.Empty;
try
{
foreach (ExchangeRoleAssignment exchangeRoleAssignment in this.roleAssignments)
{
exchangeRoleAssignment.User = this.DataObject.Id;
id = exchangeRoleAssignment.Id.Name;
configurationSession.Save(exchangeRoleAssignment);
list.Add(exchangeRoleAssignment);
}
}
catch (Exception)
{
this.WriteWarning(Strings.WarningCouldNotCreateRoleAssignment(id, this.Name));
foreach (ExchangeRoleAssignment exchangeRoleAssignment2 in list)
{
base.WriteVerbose(Strings.VerboseRemovingRoleAssignment(exchangeRoleAssignment2.Id.ToString()));
configurationSession.Delete(exchangeRoleAssignment2);
base.WriteVerbose(Strings.VerboseRemovedRoleAssignment(exchangeRoleAssignment2.Id.ToString()));
}
base.WriteVerbose(Strings.VerboseRemovingRoleGroup(this.DataObject.Id.ToString()));
base.DataSession.Delete(this.DataObject);
throw;
}
}
TaskLogger.LogExit();
}
public void ValidateIsSafeToRemoveRoleGroupMember(ADGroup group, List <ADObjectId> membersToRemove)
{
if (group == null || membersToRemove == null)
{
return;
}
this.InitializeContextVariables();
this.excludedFromEmptinessValidation.AddRange(membersToRemove);
this.excludedFromAssignmentSearch.Add(group.Id);
if (!this.IsGroupEmpty(group))
{
return;
}
this.excludedFromEmptinessValidation.Add(group.Id);
string membersToRemove2 = RoleGroupCommon.NamesFromObjects(membersToRemove);
bool flag = RoleGroupCommon.IsPrecannedRoleGroup(group, this.configurationSession, new Guid[]
{
RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid
});
if (flag)
{
this.writeError(new TaskInvalidOperationException(Strings.ErrorCannedRoleGroupCannotBeEmpty(group.Name, membersToRemove2)), ExchangeErrorCategory.Client, null);
}
SharedConfiguration sharedConfiguration = SharedConfiguration.GetSharedConfiguration(group.OrganizationId);
if (sharedConfiguration != null)
{
return;
}
Result <ExchangeRoleAssignment>[] directRoleAssignmentsForGroup = this.GetDirectRoleAssignmentsForGroup(group);
if (directRoleAssignmentsForGroup != null)
{
foreach (Result <ExchangeRoleAssignment> result in directRoleAssignmentsForGroup)
{
if (!this.IsSafeToRemoveDisableAssignmentFromGroup(result.Data))
{
this.writeError(new TaskInvalidOperationException(Strings.ErrorGroupCannotBeEmptyRoleAssignmentConstraint(group.Name, membersToRemove2, result.Data.Name, result.Data.Role.Name)), ExchangeErrorCategory.Client, null);
}
}
}
ExchangeRoleAssignment exchangeRoleAssignment;
if (!this.HierarchicalCheckForGroupEmptiness(group, out exchangeRoleAssignment))
{
this.writeError(new TaskInvalidOperationException(Strings.ErrorGroupCannotBeEmptyRoleAssignmentConstraint(group.Name, membersToRemove2, exchangeRoleAssignment.Name, exchangeRoleAssignment.Role.Name)), ExchangeErrorCategory.Client, null);
}
ADGroup adgroup = null;
if (!this.HierarchicalCheckForCannedRoleGroups(group, out adgroup))
{
this.writeError(new TaskInvalidOperationException(Strings.ErrorCannedRoleGroupCannotBeEmpty(adgroup.Name, membersToRemove2)), ExchangeErrorCategory.Client, null);
}
}
protected override IConfigurable ConvertDataObjectToPresentationObject(IConfigurable dataObject)
{
ADGroup adgroup = (ADGroup)dataObject;
if (null != adgroup.ForeignGroupSid)
{
adgroup.LinkedGroup = SecurityPrincipalIdParameter.GetFriendlyUserName(adgroup.ForeignGroupSid, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
adgroup.ResetChangeTracking();
}
RoleGroup roleGroup = RoleGroupCommon.PopulateRoleAssignmentsAndConvert(adgroup, this.ConfigurationSession);
roleGroup.PopulateCapabilitiesProperty();
return(roleGroup);
}
protected override void InternalValidate()
{
if (this.Identity == null)
{
if (base.CurrentOrganizationId == OrganizationId.ForestWideOrgId)
{
this.rootId = RoleGroupCommon.RoleGroupContainerId(base.TenantGlobalCatalogSession, this.ConfigurationSession);
}
}
else
{
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(base.ServerSettings.PreferredGlobalCatalog(base.TenantGlobalCatalogSession.SessionSettings.PartitionId.ForestFQDN), true, ConsistencyMode.PartiallyConsistent, base.NetCredential, ADSessionSettings.FromAccountPartitionRootOrgScopeSet(base.TenantGlobalCatalogSession.SessionSettings.PartitionId), 203, "InternalValidate", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RBAC\\RoleGroup\\GetRoleGroup.cs");
base.OptionalIdentityData.RootOrgDomainContainerId = RoleGroupCommon.RoleGroupContainerId(tenantOrRootOrgRecipientSession, this.ConfigurationSession);
}
base.InternalValidate();
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
if (!this.Force && SharedConfiguration.IsSharedConfiguration(this.DataObject.OrganizationId) && !base.ShouldContinue(Strings.ConfirmSharedConfiguration(this.DataObject.OrganizationId.OrganizationalUnit.Name)))
{
TaskLogger.LogExit();
return;
}
base.InternalProcessRecord();
if (this.WellKnownObjectGuid != Guid.Empty)
{
IConfigurationSession tenantOrTopologyConfigurationSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(null, false, ConsistencyMode.PartiallyConsistent, base.SessionSettings, 424, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RBAC\\RoleGroup\\SetRoleGroup.cs");
RoleGroupCommon.StampWellKnownObjectGuid(tenantOrTopologyConfigurationSession, this.DataObject.OrganizationId, this.DataObject.DistinguishedName, this.WellKnownObjectGuid);
}
TaskLogger.LogExit();
}
protected override IConfigurable PrepareDataObject()
{
TaskLogger.LogEnter();
ADGroup adgroup = (ADGroup)base.PrepareDataObject();
if (!this.BypassSecurityGroupManagerCheck)
{
ADObjectId user;
base.TryGetExecutingUserId(out user);
RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, adgroup, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError));
}
if ("crossforest" == base.ParameterSetName && adgroup.RoleGroupType == RoleGroupType.Standard)
{
base.WriteError(new RecipientTaskException(Strings.ErrorCannotChangeRoleGroupType), (ErrorCategory)1000, null);
}
if ("ExchangeDatacenterCrossForestParameterSet" == base.ParameterSetName)
{
if (Datacenter.ExchangeSku.ExchangeDatacenter != Datacenter.GetExchangeSku() && Datacenter.ExchangeSku.DatacenterDedicated != Datacenter.GetExchangeSku())
{
base.WriteError(new InvalidOperationException(Strings.ErrorLinkedSidParameterNotAllowed(RoleGroupParameters.ParameterLinkedForeignGroupSid)), (ErrorCategory)1000, null);
}
this.linkedGroupSid = this.LinkedForeignGroupSid;
}
if ("crossforest" == base.ParameterSetName || "ExchangeDatacenterCrossForestParameterSet" == base.ParameterSetName)
{
adgroup.ForeignGroupSid = this.linkedGroupSid;
if (adgroup.Members.Count > 0)
{
base.WriteError(new RecipientTaskException(Strings.ErrorLinkedRoleGroupCannotHaveMembers), (ErrorCategory)1000, null);
}
}
if (base.Fields.IsModified("DisplayName"))
{
adgroup[RoleGroupSchema.DisplayName] = this.DisplayName;
}
this.roleGroup = RoleGroupCommon.PopulateRoleAssignmentsAndConvert(adgroup, this.ConfigurationSession);
if (base.Fields.IsModified("Description"))
{
adgroup[ADGroupSchema.RoleGroupDescription] = (string.IsNullOrEmpty(this.Description) ? null : this.Description);
}
if (this.ExternalDirectoryObjectId != Guid.Empty)
{
adgroup.ExternalDirectoryObjectId = this.ExternalDirectoryObjectId.ToString();
}
TaskLogger.LogExit();
return(adgroup);
}
protected override void InternalValidate()
{
TaskLogger.LogEnter();
base.OptionalIdentityData.RootOrgDomainContainerId = this.RootOrgUSGContainerId;
base.InternalValidate();
if (base.HasErrors)
{
return;
}
if (!this.BypassSecurityGroupManagerCheck)
{
ADObjectId user;
base.TryGetExecutingUserId(out user);
RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, this.DataObject, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError));
}
TaskLogger.LogExit();
}
protected override void InternalValidate()
{
base.OptionalIdentityData.RootOrgDomainContainerId = this.RootOrgUSGContainerId;
base.InternalValidate();
if (!this.BypassSecurityGroupManagerCheck)
{
ADObjectId user;
base.TryGetExecutingUserId(out user);
RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, base.DataObject, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError));
}
if (RoleGroupCommon.IsPrecannedRoleGroup(base.DataObject, this.ConfigurationSession, new Guid[0]))
{
base.WriteError(new TaskInvalidOperationException(Strings.ErrorCannotDeletePrecannedRoleGroup(base.DataObject.Name)), ExchangeErrorCategory.Client, null);
}
RoleAssignmentsGlobalConstraints roleAssignmentsGlobalConstraints = new RoleAssignmentsGlobalConstraints(this.ConfigurationSession, base.TenantGlobalCatalogSession, new Task.ErrorLoggerDelegate(base.WriteError));
roleAssignmentsGlobalConstraints.ValidateIsSafeToRemoveRoleGroup(base.DataObject, this.roleAssignmentResults, this);
}
private static string DumpMultiValuedPropertyWithChanges(MultiValuedPropertyBase mvp)
{
StringBuilder stringBuilder = new StringBuilder();
object[] added = mvp.Added;
object[] removed = mvp.Removed;
if (added.Length > 0)
{
stringBuilder.Append(MultiValuedProperty <string> .AddKeys[0]);
stringBuilder.Append("=");
stringBuilder.Append(RoleGroupCommon.NamesFromObjects(added));
stringBuilder.Append(";");
}
if (removed.Length > 0)
{
stringBuilder.Append(MultiValuedProperty <string> .RemoveKeys[0]);
stringBuilder.Append("=");
stringBuilder.Append(RoleGroupCommon.NamesFromObjects(removed));
}
return(stringBuilder.ToString());
}
internal static string NamesFromObjects(IEnumerable objects)
{
if (objects == null)
{
return(string.Empty);
}
StringBuilder stringBuilder = new StringBuilder();
bool flag = false;
MultiValuedPropertyBase multiValuedPropertyBase = objects as MultiValuedPropertyBase;
if (multiValuedPropertyBase != null && multiValuedPropertyBase.Count == 0)
{
return(RoleGroupCommon.DumpMultiValuedPropertyWithChanges(multiValuedPropertyBase));
}
foreach (object obj in objects)
{
if (flag)
{
stringBuilder.Append(", ");
}
flag = true;
if (obj is ADObject)
{
stringBuilder.Append(((ADObject)obj).Name);
}
else if (obj is ADObjectId)
{
stringBuilder.Append(((ADObjectId)obj).Name);
}
else
{
if (!(obj is SecurityPrincipalIdParameter))
{
throw new ArgumentException("objects");
}
stringBuilder.Append(((SecurityPrincipalIdParameter)obj).ToString());
}
}
return(stringBuilder.ToString());
}
protected override void PrepareRecipientObject(ADGroup group)
{
TaskLogger.LogEnter();
base.PrepareRecipientObject(group);
group.GroupType = (GroupTypeFlags.Universal | GroupTypeFlags.SecurityEnabled);
group[ADRecipientSchema.Description] = new MultiValuedProperty <string>(this.Description);
if (string.Equals(this.Description, CoreStrings.MsoManagedTenantAdminGroupDescription, StringComparison.Ordinal))
{
group[ADGroupSchema.RoleGroupTypeId] = 23;
}
else if (string.Equals(this.Description, CoreStrings.MsoMailTenantAdminGroupDescription, StringComparison.Ordinal))
{
group[ADGroupSchema.RoleGroupTypeId] = 24;
}
else if (string.Equals(this.Description, CoreStrings.MsoManagedTenantHelpdeskGroupDescription, StringComparison.Ordinal))
{
group[ADGroupSchema.RoleGroupTypeId] = 25;
}
if (base.CurrentOrganizationId == OrganizationId.ForestWideOrgId)
{
ADObjectId adobjectId = RoleGroupCommon.RoleGroupContainerId(base.TenantGlobalCatalogSession, this.ConfigurationSession);
group.SetId(adobjectId.GetChildId(this.Name));
}
MailboxTaskHelper.StampOnManagedBy(this.DataObject, this.managedByRecipients, new Task.ErrorLoggerDelegate(base.WriteError));
this.DataObject.RecipientTypeDetails = RecipientTypeDetails.RoleGroup;
MailboxTaskHelper.ValidateGroupManagedBy(base.TenantGlobalCatalogSession, group, this.managedByRecipients, RoleGroupCommon.OwnerRecipientTypeDetails, true, new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>), new Task.ErrorLoggerDelegate(base.WriteError));
if (string.IsNullOrEmpty(group.SamAccountName))
{
IRecipientSession[] recipientSessions = new IRecipientSession[]
{
base.RootOrgGlobalCatalogSession
};
if (VariantConfiguration.InvariantNoFlightingSnapshot.CmdletInfra.ServiceAccountForest.Enabled && base.CurrentOrganizationId != OrganizationId.ForestWideOrgId)
{
recipientSessions = new IRecipientSession[]
{
base.RootOrgGlobalCatalogSession,
base.PartitionOrRootOrgGlobalCatalogSession
};
}
group.SamAccountName = RecipientTaskHelper.GenerateUniqueSamAccountName(recipientSessions, group.Id.DomainId, group.Name, true, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), false);
}
else
{
RecipientTaskHelper.IsSamAccountNameUnique(group, group.SamAccountName, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError), ExchangeErrorCategory.Client);
}
if ("crossforest" == base.ParameterSetName)
{
group.ForeignGroupSid = this.linkedGroupSid;
}
if ("linkedpartnergroup" == base.ParameterSetName)
{
group.LinkedPartnerGroupId = this.LinkedPartnerGroupId;
group.LinkedPartnerOrganizationId = this.LinkedPartnerOrganizationId;
}
if (this.PartnerManaged.IsPresent)
{
group.RawCapabilities.Add(Capability.Partner_Managed);
}
if (base.Fields.IsChanged(RoleGroupParameters.ParameterMembers) && this.Members != null)
{
foreach (SecurityPrincipalIdParameter member in this.Members)
{
MailboxTaskHelper.ValidateAndAddMember(base.TenantGlobalCatalogSession, group, member, false, new Task.ErrorLoggerDelegate(base.WriteError), new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>));
}
}
MailboxTaskHelper.ValidateAddedMembers(base.TenantGlobalCatalogSession, group, new Task.ErrorLoggerDelegate(base.WriteError), new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>));
TaskLogger.LogExit();
}
internal static ADObjectId GetRootOrgUsgContainerId(IConfigurationSession configurationSession, ADServerSettings adServerSettings, IRecipientSession globalCatalogSession, OrganizationId organizationId)
{
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(adServerSettings.PreferredGlobalCatalog(globalCatalogSession.SessionSettings.PartitionId.ForestFQDN), true, ConsistencyMode.PartiallyConsistent, null, ADSessionSettings.FromAccountPartitionRootOrgScopeSet(globalCatalogSession.SessionSettings.PartitionId), 110, "GetRootOrgUsgContainerId", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RBAC\\RoleGroup\\RoleGroupCommon.cs");
return(RoleGroupCommon.RoleGroupContainerId(tenantOrRootOrgRecipientSession, configurationSession));
}
