Esempio n. 1
0
        protected override IConfigurable PrepareDataObject()
        {
            TaskLogger.LogEnter();
            ADGroup adgroup = (ADGroup)base.PrepareDataObject();

            if (!this.BypassSecurityGroupManagerCheck)
            {
                ADObjectId user;
                base.TryGetExecutingUserId(out user);
                RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, adgroup, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError));
            }
            if ("crossforest" == base.ParameterSetName && adgroup.RoleGroupType == RoleGroupType.Standard)
            {
                base.WriteError(new RecipientTaskException(Strings.ErrorCannotChangeRoleGroupType), (ErrorCategory)1000, null);
            }
            if ("ExchangeDatacenterCrossForestParameterSet" == base.ParameterSetName)
            {
                if (Datacenter.ExchangeSku.ExchangeDatacenter != Datacenter.GetExchangeSku() && Datacenter.ExchangeSku.DatacenterDedicated != Datacenter.GetExchangeSku())
                {
                    base.WriteError(new InvalidOperationException(Strings.ErrorLinkedSidParameterNotAllowed(RoleGroupParameters.ParameterLinkedForeignGroupSid)), (ErrorCategory)1000, null);
                }
                this.linkedGroupSid = this.LinkedForeignGroupSid;
            }
            if ("crossforest" == base.ParameterSetName || "ExchangeDatacenterCrossForestParameterSet" == base.ParameterSetName)
            {
                adgroup.ForeignGroupSid = this.linkedGroupSid;
                if (adgroup.Members.Count > 0)
                {
                    base.WriteError(new RecipientTaskException(Strings.ErrorLinkedRoleGroupCannotHaveMembers), (ErrorCategory)1000, null);
                }
            }
            if (base.Fields.IsModified("DisplayName"))
            {
                adgroup[RoleGroupSchema.DisplayName] = this.DisplayName;
            }
            this.roleGroup = RoleGroupCommon.PopulateRoleAssignmentsAndConvert(adgroup, this.ConfigurationSession);
            if (base.Fields.IsModified("Description"))
            {
                adgroup[ADGroupSchema.RoleGroupDescription] = (string.IsNullOrEmpty(this.Description) ? null : this.Description);
            }
            if (this.ExternalDirectoryObjectId != Guid.Empty)
            {
                adgroup.ExternalDirectoryObjectId = this.ExternalDirectoryObjectId.ToString();
            }
            TaskLogger.LogExit();
            return(adgroup);
        }
Esempio n. 2
0
 protected override void InternalValidate()
 {
     TaskLogger.LogEnter();
     base.OptionalIdentityData.RootOrgDomainContainerId = this.RootOrgUSGContainerId;
     base.InternalValidate();
     if (base.HasErrors)
     {
         return;
     }
     if (!this.BypassSecurityGroupManagerCheck)
     {
         ADObjectId user;
         base.TryGetExecutingUserId(out user);
         RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, this.DataObject, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError));
     }
     TaskLogger.LogExit();
 }
Esempio n. 3
0
        protected override void InternalValidate()
        {
            base.OptionalIdentityData.RootOrgDomainContainerId = this.RootOrgUSGContainerId;
            base.InternalValidate();
            if (!this.BypassSecurityGroupManagerCheck)
            {
                ADObjectId user;
                base.TryGetExecutingUserId(out user);
                RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, base.DataObject, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError));
            }
            if (RoleGroupCommon.IsPrecannedRoleGroup(base.DataObject, this.ConfigurationSession, new Guid[0]))
            {
                base.WriteError(new TaskInvalidOperationException(Strings.ErrorCannotDeletePrecannedRoleGroup(base.DataObject.Name)), ExchangeErrorCategory.Client, null);
            }
            RoleAssignmentsGlobalConstraints roleAssignmentsGlobalConstraints = new RoleAssignmentsGlobalConstraints(this.ConfigurationSession, base.TenantGlobalCatalogSession, new Task.ErrorLoggerDelegate(base.WriteError));

            roleAssignmentsGlobalConstraints.ValidateIsSafeToRemoveRoleGroup(base.DataObject, this.roleAssignmentResults, this);
        }