internal IEnumerable <VersionedId> FindMessageIds(ObjectId rootId, SortBy sortBy, bool latest) { SortBy[] sortColumns = (sortBy == null) ? null : new SortBy[] { sortBy }; ExDateTime momentsAgo = new ExDateTime(ExTimeZone.UtcTimeZone, DateTime.UtcNow.Add(AuditLogSearchDataProviderBase.DelayPeriod)); QueryFilter queryFilter = this.setting.MessageQueryFilter; using (QueryResult queryResult = this.Folder.ItemQuery(ItemQueryType.None, queryFilter, sortColumns, AuditLogSearchDataProviderBase.MessageProperties)) { AuditLogSearchId requestId = rootId as AuditLogSearchId; if (requestId != null) { QueryFilter seekFilter = new ComparisonFilter(ComparisonOperator.Equal, AuditLogSearchItemSchema.Identity, requestId.Guid); SeekReference seekReference = SeekReference.OriginBeginning; while (queryResult.SeekToCondition(seekReference, seekFilter)) { seekReference = SeekReference.OriginCurrent; foreach (VersionedId messageId in this.ReadMessageIdsFromQueryResult(queryResult, momentsAgo, latest)) { yield return(messageId); } } } else { foreach (VersionedId messageId2 in this.ReadMessageIdsFromQueryResult(queryResult, momentsAgo, latest)) { yield return(messageId2); } } } yield break; }
public IEnumerable <MailboxAuditLogRecord> SearchMailboxAudits(ADUser mailbox) { if (mailbox == null) { throw new ArgumentNullException("mailbox"); } this.mailboxUser = mailbox; this.outputCount = 0; AuditLogSearchId auditLogSearchId = (this.searchCriteria.Identity != null) ? (this.searchCriteria.Identity as AuditLogSearchId) : null; if (this.searchStatistics != null) { this.searchStatistics.CorrelationID = ((auditLogSearchId != null) ? auditLogSearchId.Guid.ToString() : string.Empty); } if (this.searchCriteria.ShowDetails) { return(this.DeepSearch()); } return(this.ShallowSearch()); }
public override IConfigurable Read <T>(ObjectId identity) { AuditLogSearchId auditLogSearchId = identity as AuditLogSearchId; if (auditLogSearchId != null) { SearchFilter filter = new SearchFilter.IsEqualTo(AuditLogSearchBaseEwsSchema.Identity.StorePropertyDefinition, auditLogSearchId.Guid.ToString()); using (IEnumerator <AdminAuditLogSearch> enumerator = this.FindInFolder <AdminAuditLogSearch>(filter, this.GetDefaultFolder()).GetEnumerator()) { if (enumerator.MoveNext()) { AdminAuditLogSearch adminAuditLogSearch = enumerator.Current; AdminAuditLogSearch adminAuditLogSearch2 = new AdminAuditLogSearch(); adminAuditLogSearch2.SetId(adminAuditLogSearch.Identity); adminAuditLogSearch2.Name = adminAuditLogSearch.Name; adminAuditLogSearch2.StartDateUtc = new DateTime?(adminAuditLogSearch.StartDateUtc.Value); adminAuditLogSearch2.EndDateUtc = new DateTime?(adminAuditLogSearch.EndDateUtc.Value); adminAuditLogSearch2.StatusMailRecipients = NewAuditLogSearchBase <AdminAuditLogSearch> .GetMultiValuedStringsAsSmptAddresses(adminAuditLogSearch.StatusMailRecipients); adminAuditLogSearch2.CreatedBy = adminAuditLogSearch.CreatedBy; adminAuditLogSearch2.CreatedByEx = adminAuditLogSearch.CreatedByEx; adminAuditLogSearch2.Cmdlets = adminAuditLogSearch.Cmdlets; adminAuditLogSearch2.Parameters = adminAuditLogSearch.Parameters; adminAuditLogSearch2.ObjectIds = adminAuditLogSearch.ObjectIds; bool value; if (!string.IsNullOrEmpty(adminAuditLogSearch.ExternalAccess) && bool.TryParse(adminAuditLogSearch.ExternalAccess, out value)) { adminAuditLogSearch2.ExternalAccess = new bool?(value); } adminAuditLogSearch2.UserIds = adminAuditLogSearch.UserIds; adminAuditLogSearch2.ResolvedUsers = adminAuditLogSearch.ResolvedUsers; return(adminAuditLogSearch2); } } } return(null); }
public override IConfigurable Read <T>(ObjectId identity) { AuditLogSearchId auditLogSearchId = identity as AuditLogSearchId; if (auditLogSearchId != null) { SearchFilter filter = new SearchFilter.IsEqualTo(AuditLogSearchBaseEwsSchema.Identity.StorePropertyDefinition, auditLogSearchId.Guid.ToString()); using (IEnumerator <MailboxAuditLogSearch> enumerator = this.FindInFolder <MailboxAuditLogSearch>(filter, this.GetDefaultFolder()).GetEnumerator()) { if (enumerator.MoveNext()) { MailboxAuditLogSearch mailboxAuditLogSearch = enumerator.Current; MailboxAuditLogSearch mailboxAuditLogSearch2 = new MailboxAuditLogSearch(); mailboxAuditLogSearch2.SetId(mailboxAuditLogSearch.Identity); mailboxAuditLogSearch2.Name = mailboxAuditLogSearch.Name; mailboxAuditLogSearch2.StartDateUtc = new DateTime?(mailboxAuditLogSearch.StartDateUtc.Value); mailboxAuditLogSearch2.EndDateUtc = new DateTime?(mailboxAuditLogSearch.EndDateUtc.Value); mailboxAuditLogSearch2.StatusMailRecipients = NewAuditLogSearchBase <MailboxAuditLogSearch> .GetMultiValuedStringsAsSmptAddresses(mailboxAuditLogSearch.StatusMailRecipients); mailboxAuditLogSearch2.CreatedBy = mailboxAuditLogSearch.CreatedBy; mailboxAuditLogSearch2.CreatedByEx = mailboxAuditLogSearch.CreatedByEx; mailboxAuditLogSearch2.Mailboxes = mailboxAuditLogSearch.Mailboxes; mailboxAuditLogSearch2.LogonTypes = mailboxAuditLogSearch.LogonTypes; mailboxAuditLogSearch2.Operations = mailboxAuditLogSearch.Operations; mailboxAuditLogSearch2.ShowDetails = (mailboxAuditLogSearch.ShowDetails != null && mailboxAuditLogSearch.ShowDetails.Value); bool value; if (!string.IsNullOrEmpty(mailboxAuditLogSearch.ExternalAccess) && bool.TryParse(mailboxAuditLogSearch.ExternalAccess, out value)) { mailboxAuditLogSearch2.ExternalAccess = new bool?(value); } return(mailboxAuditLogSearch2); } } } return(null); }
public AdminAuditLogEvent[] Search() { TaskLogger.LogEnter(); TaskLogger.Trace("Search criteria:\\r\\n{0}", new object[] { this.searchCriteria.ToString() }); if (DatacenterRegistry.IsForefrontForOffice()) { return(this.SearchInFFO()); } ADUser tenantArbitrationMailbox; try { tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(this.searchCriteria.OrganizationId); } catch (ObjectNotFoundException innerException) { TaskLogger.Trace("ObjectNotFoundException occurred when getting Exchange principal from the discovery mailbox user.", new object[0]); throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException); } catch (NonUniqueRecipientException innerException2) { TaskLogger.Trace("More than one tenant arbitration mailbox found for the current organization.", new object[0]); throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException2); } Exception ex = null; ExchangePrincipal principal = ExchangePrincipal.FromADUser(this.searchCriteria.OrganizationId.ToADSessionSettings(), tenantArbitrationMailbox, RemotingOptions.AllowCrossSite); AdminAuditLogEvent[] result; try { TaskLogger.Trace("Opening EWS connection for the tenant arbitration mailbox", new object[0]); EwsAuditClient ewsAuditClient = new EwsAuditClient(new EwsConnectionManager(principal, OpenAsAdminOrSystemServiceBudgetTypeType.Default, AdminAuditLogSearchWorker.Tracer), TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), AdminAuditLogSearchWorker.Tracer); FolderIdType folderIdType = null; ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.root, DistinguishedFolderIdNameType.recoverableitemsroot, out folderIdType); ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.recoverableitemsroot, DistinguishedFolderIdNameType.adminauditlogs, out folderIdType); if (folderIdType == null) { result = Array <AdminAuditLogEvent> .Empty; } else { EwsAuditLogCollection logCollection = new EwsAuditLogCollection(ewsAuditClient, folderIdType); AuditLogSearchId auditLogSearchId = this.searchCriteria.Identity as AuditLogSearchId; IEnumerable <AdminAuditLogEvent> source; if (this.UseFASTQuery()) { QueryStringType queryFilter = this.GenerateFASTSearchQueryString(); source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, QueryStringType>(logCollection, queryFilter, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer); } else { RestrictionType queryFilter2 = this.GenerateSearchQueryFilterForEWS(); source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, RestrictionType>(logCollection, queryFilter2, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer); } if (this.searchStatistics != null) { this.searchStatistics.QueryComplexity = this.searchCriteria.QueryComplexity; this.searchStatistics.CorrelationID = ((auditLogSearchId != null) ? auditLogSearchId.Guid.ToString() : string.Empty); } AdminAuditLogEvent[] array = source.Take(this.searchCriteria.ResultSize).ToArray <AdminAuditLogEvent>(); this.RedactCallerField(array); if (this.searchStatistics != null) { this.searchStatistics.ResultsReturned += array.LongLength; this.searchStatistics.CallResult = true; } result = array; } } catch (StorageTransientException ex2) { ex = ex2; TaskLogger.Trace("Search admin audit log failed with transient storage exception. {0}", new object[] { ex2 }); throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex2, this.searchCriteria); } catch (StoragePermanentException ex3) { ex = ex3; TaskLogger.Trace("Search admin audit log failed with permanent storage exception. {0}", new object[] { ex3 }); throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex3, this.searchCriteria); } catch (AuditLogException ex4) { ex = ex4; TaskLogger.Trace("Search admin audit log failed with storage exception. {0}", new object[] { ex4 }); throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex4, this.searchCriteria); } finally { if (this.searchStatistics != null && ex != null) { this.searchStatistics.ErrorType = ex; this.searchStatistics.ErrorCount++; } TaskLogger.LogExit(); } return(result); }
internal void SetId(AuditLogSearchId id) { this[AuditLogSearchBaseSchema.Identity] = id; }