private static void SaveArchiveSecurityDescriptor(ADUser mailbox, IConfigDataProvider writableAdSession, RawSecurityDescriptor rawSd, Task.TaskVerboseLoggingDelegate logVerbose, Task.ErrorLoggerDelegate logError)
{
ADObjectId adobjectId = mailbox.ArchiveDatabase ?? mailbox.Database;
MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(adobjectId), mailbox.ArchiveGuid);
try
{
ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance();
DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(adobjectId.ObjectGuid);
using (MapiMessageStoreSession mapiMessageStoreSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, PermissionTaskHelper.CalcuteSystemAttendantMailboxLegacyDistingushName(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn)))
{
logVerbose(Strings.VerboseSaveStoreMailboxSecurityDescriptor(mailboxId.ToString(), mapiMessageStoreSession.ServerName));
mapiMessageStoreSession.ForceStoreToRefreshMailbox(mailboxId);
}
}
catch (FormatException)
{
logError(new TaskInvalidOperationException(Strings.ErrorInvalidServerLegacyDistinguishName(mailbox.DistinguishedName.ToString())), ExchangeErrorCategory.ServerOperation, null);
}
catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException)
{
logVerbose(Strings.VerboseArchiveNotExistInStore(mailbox.Name));
PermissionTaskHelper.SaveAdSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError);
}
catch (LocalizedException exception)
{
logError(new SetArchivePermissionException(mailbox.Name, exception), ExchangeErrorCategory.ServerOperation, null);
}
}
internal static bool CheckFullAccessPermissions(ADUser executingAdUser, ADUser accessRequestedForADUser, IRecipientSession session)
{
ExTraceGlobals.TaskTracer.TraceDebug <string, string>(0L, "Checking if {0} has full access for mailbox {1}", executingAdUser.Alias, accessRequestedForADUser.Alias);
ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance();
DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(accessRequestedForADUser.Database.ObjectGuid);
RawSecurityDescriptor rawSecurityDescriptor = null;
using (MapiMessageStoreSession mapiMessageStoreSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, Server.GetSystemAttendantLegacyDN(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn)))
{
MailboxId mailboxId = new MailboxId(new DatabaseId(accessRequestedForADUser.Database.ObjectGuid), accessRequestedForADUser.ExchangeGuid);
try
{
rawSecurityDescriptor = mapiMessageStoreSession.GetMailboxSecurityDescriptor(mailboxId);
}
catch (MailboxNotFoundException)
{
ExTraceGlobals.TaskTracer.TraceDebug <MailboxId>(0L, "Could not find mailbox {0} when attempting to read its security descriptor.", mailboxId);
return(false);
}
}
byte[] array = new byte[rawSecurityDescriptor.BinaryLength];
rawSecurityDescriptor.GetBinaryForm(array, 0);
ActiveDirectorySecurity activeDirectorySecurity = new ActiveDirectorySecurity();
activeDirectorySecurity.SetSecurityDescriptorBinaryForm(array);
int num = AuthzAuthorization.CheckGenericPermission(executingAdUser.Sid, rawSecurityDescriptor, AccessMask.CreateChild);
return((num & 1) == 1);
}
public static void SaveMailboxSecurityDescriptor(ADUser mailbox, ActiveDirectorySecurity adSecurity, IConfigDataProvider writableAdSession, ref MapiMessageStoreSession storeSession, Task.TaskVerboseLoggingDelegate logVerbose, Task.ErrorLoggerDelegate logError)
{
if (writableAdSession == null)
{
throw new ArgumentException("writableAdSession");
}
RawSecurityDescriptor rawSd = new RawSecurityDescriptor(adSecurity.GetSecurityDescriptorBinaryForm(), 0);
PermissionTaskHelper.SaveAdSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError);
string text = null;
try
{
ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance();
DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(mailbox.Database.ObjectGuid);
text = serverForDatabase.ServerFqdn;
if (storeSession == null)
{
storeSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, PermissionTaskHelper.CalcuteSystemAttendantMailboxLegacyDistingushName(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn));
}
else
{
storeSession.RedirectServer(serverForDatabase.ServerLegacyDN, Fqdn.Parse(serverForDatabase.ServerFqdn));
}
MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(mailbox.Database), mailbox.ExchangeGuid);
logVerbose(Strings.VerboseSaveStoreMailboxSecurityDescriptor(mailboxId.ToString(), storeSession.ServerName));
storeSession.Administration.PurgeCachedMailboxObject(mailboxId.MailboxGuid);
}
catch (DatabaseNotFoundException)
{
logVerbose(Strings.ErrorMailboxDatabaseNotFound(mailbox.Database.ToString()));
}
catch (MapiExceptionNetworkError)
{
logVerbose(Strings.ErrorFailedToConnectToStore((text != null) ? text : string.Empty));
}
catch (FormatException)
{
logVerbose(Strings.ErrorInvalidServerLegacyDistinguishName(mailbox.DistinguishedName.ToString()));
}
catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException)
{
logVerbose(Strings.VerboseMailboxNotExistInStore(mailbox.DistinguishedName));
}
if (mailbox.HasLocalArchive)
{
PermissionTaskHelper.SaveArchiveSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError);
}
}
public void Refresh(ADUser mailbox, IRecipientSession writableAdSession)
{
if (mailbox == null)
{
throw new ArgumentNullException("mailbox");
}
if (writableAdSession == null)
{
throw new ArgumentNullException("writableAdSession");
}
MapiMessageStoreSession mapiMessageStoreSession = null;
try
{
ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance();
DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(mailbox.Database.ObjectGuid);
mapiMessageStoreSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, TeamMailboxSecurityRefresher.CalculateSystemAttendantMailboxLegacyDistingushName(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn));
MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(mailbox.Database), mailbox.ExchangeGuid);
try
{
mapiMessageStoreSession.Administration.PurgeCachedMailboxObject(mailboxId.MailboxGuid);
}
catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException ex)
{
throw new ObjectNotFoundException(new LocalizedString(ex.ToString()));
}
catch (DatabaseUnavailableException ex2)
{
throw new ObjectNotFoundException(new LocalizedString(ex2.ToString()));
}
}
finally
{
if (mapiMessageStoreSession != null)
{
mapiMessageStoreSession.Dispose();
}
}
}
internal void RefreshStoreCache()
{
this.AddVerboseLog("Start: RefreshStoreCache");
bool flag = this.groupMailbox.WhenMailboxCreated == null || this.groupMailbox.WhenMailboxCreated.Value.AddMinutes(15.0).ToUniversalTime() > DateTime.UtcNow;
if (flag)
{
return;
}
string text = null;
try
{
ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance();
DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(this.groupMailbox.Database.ObjectGuid);
text = serverForDatabase.ServerFqdn;
using (MapiMessageStoreSession mapiMessageStoreSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, serverForDatabase.ServerLegacyDN + "/cn=Microsoft System Attendant", Fqdn.Parse(serverForDatabase.ServerFqdn)))
{
MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(this.groupMailbox.Database), this.groupMailbox.ExchangeGuid);
this.AddVerboseLog(Strings.VerboseSaveStoreMailboxSecurityDescriptor(mailboxId.ToString(), mapiMessageStoreSession.ServerName));
mapiMessageStoreSession.Administration.PurgeCachedMailboxObject(mailboxId.MailboxGuid);
}
}
catch (DatabaseNotFoundException)
{
this.AddVerboseLog(Strings.ErrorMailboxDatabaseNotFound(this.groupMailbox.Database.ToString()));
}
catch (MapiExceptionNetworkError)
{
this.AddVerboseLog(Strings.ErrorFailedToConnectToStore((text != null) ? text : string.Empty));
}
catch (MailboxNotFoundException)
{
this.AddVerboseLog(Strings.VerboseMailboxNotExistInStore(this.groupMailbox.DistinguishedName));
}
this.AddVerboseLog("End: RefreshStoreCache");
}
public static void SetMailboxAces(ADUser mailbox, IConfigDataProvider writableAdSession, Task.TaskVerboseLoggingDelegate logVerbose, Task.TaskWarningLoggingDelegate logWarning, Task.ErrorLoggerDelegate logError, IConfigurationSession adSession, ref MapiMessageStoreSession storeSession, bool remove, params ActiveDirectoryAccessRule[] aces)
{
ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadMailboxSecurityDescriptor(mailbox, adSession, logVerbose, logError);
if (activeDirectorySecurity != null)
{
DirectoryCommon.ApplyAcesOnAcl(logVerbose, logWarning, null, mailbox.DistinguishedName, activeDirectorySecurity, remove, aces);
PermissionTaskHelper.SaveMailboxSecurityDescriptor(mailbox, activeDirectorySecurity, writableAdSession, ref storeSession, logVerbose, logError);
}
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter(new object[]
{
this.DataObject
});
bool flag = false;
if (false == this.Force && this.Arbitration)
{
TIdentity identity = this.Identity;
if (!base.ShouldContinue(Strings.SetArbitrationMailboxConfirmationMessage(identity.ToString())))
{
TaskLogger.LogExit();
return;
}
}
if (false == this.Force && this.originalForwardingAddress == null && this.DataObject.ForwardingAddress != null && this.DataObject.ForwardingSmtpAddress != null)
{
LocalizedString message = (this.originalForwardingSmtpAddress != null) ? Strings.SetMailboxForwardingAddressConfirmationMessage : Strings.SetBothForwardingAddressConfirmationMessage;
if (!base.ShouldContinue(message))
{
TaskLogger.LogExit();
return;
}
}
if (this.DataObject.IsModified(MailboxSchema.ForwardingSmtpAddress) && this.DataObject.ForwardingSmtpAddress != null && this.DataObject.ForwardingAddress != null && !base.Fields.IsModified(MailboxSchema.ForwardingAddress))
{
this.WriteWarning(Strings.ContactAdminForForwardingWarning);
}
if (false == this.Force && this.DataObject.IsModified(ADRecipientSchema.AuditLogAgeLimit))
{
EnhancedTimeSpan t;
if (this.DataObject.MailboxAuditLogAgeLimit == EnhancedTimeSpan.Zero)
{
TIdentity identity2 = this.Identity;
if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitZero(identity2.ToString())))
{
TaskLogger.LogExit();
return;
}
}
else if (this.DataObject.TryGetOriginalValue<EnhancedTimeSpan>(ADRecipientSchema.AuditLogAgeLimit, out t))
{
EnhancedTimeSpan mailboxAuditLogAgeLimit = this.DataObject.MailboxAuditLogAgeLimit;
if (t > mailboxAuditLogAgeLimit)
{
TIdentity identity3 = this.Identity;
if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitSmaller(identity3.ToString(), mailboxAuditLogAgeLimit.ToString())))
{
TaskLogger.LogExit();
return;
}
}
}
}
bool flag2 = false;
bool flag3 = false;
MapiMessageStoreSession mapiMessageStoreSession = null;
try
{
if (this.needChangeMailboxSubtype)
{
if (this.originalRecipientTypeDetails == RecipientTypeDetails.UserMailbox)
{
MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag2 = true;
flag3 = true;
}
else if (this.targetRecipientTypeDetails == RecipientTypeDetails.UserMailbox)
{
MailboxTaskHelper.ClearExternalAssociatedAccountPermission(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag = true;
flag3 = true;
}
}
else if (this.DataObject.IsChanged(ADRecipientSchema.MasterAccountSid))
{
MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag2 = true;
flag3 = true;
}
base.InternalProcessRecord();
if (flag3)
{
PermissionTaskHelper.SaveMailboxSecurityDescriptor(this.DataObject, SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(this.DataObject.ExchangeSecurityDescriptor), (IRecipientSession)base.DataSession, ref mapiMessageStoreSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError));
}
}
finally
{
if (mapiMessageStoreSession != null)
{
mapiMessageStoreSession.Dispose();
}
}
if (flag2)
{
base.WriteVerbose(Strings.VerboseSaveADSecurityDescriptor(this.DataObject.Id.ToString()));
this.DataObject.SaveSecurityDescriptor(((SecurityDescriptor)this.DataObject[ADObjectSchema.NTSecurityDescriptor]).ToRawSecurityDescriptor());
}
bool flag4 = base.Fields.IsModified(ADUserSchema.SharingPolicy);
if (this.RemoveManagedFolderAndPolicy || flag || flag4)
{
ADSessionSettings sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopes(base.RootOrgContainerId, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, false);
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(base.DomainController, true, ConsistencyMode.IgnoreInvalid, sessionSettings, 4021, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs");
if (!tenantOrRootOrgRecipientSession.IsReadConnectionAvailable())
{
tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 4030, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs");
}
MailboxSession mailboxSession = this.OpenMailboxSession(tenantOrRootOrgRecipientSession, this.DataObject);
if (mailboxSession == null)
{
base.WriteError(new RecipientTaskException(Strings.LogonFailure), ExchangeErrorCategory.ServerOperation, null);
return;
}
using (mailboxSession)
{
if (this.RemoveManagedFolderAndPolicy && !ElcMailboxHelper.RemoveElcInMailbox(mailboxSession))
{
this.WriteWarning(Strings.WarningNonemptyManagedFolderNotDeleted);
}
if (flag)
{
using (CalendarConfigurationDataProvider calendarConfigurationDataProvider = new CalendarConfigurationDataProvider(mailboxSession))
{
CalendarConfiguration calendarConfiguration = (CalendarConfiguration)calendarConfigurationDataProvider.Read<CalendarConfiguration>(null);
calendarConfiguration.AutomateProcessing = CalendarProcessingFlags.None;
try
{
calendarConfigurationDataProvider.Save(calendarConfiguration);
}
catch (LocalizedException exception)
{
base.WriteError(exception, ExchangeErrorCategory.ServerOperation, null);
}
}
}
if (flag4)
{
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedId);
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedHash);
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedTime);
mailboxSession.Mailbox.Save();
}
}
}
if (base.IsSetRandomPassword)
{
MailboxTaskHelper.SetMailboxPassword((IRecipientSession)base.DataSession, this.DataObject, null, new Task.ErrorLoggerDelegate(base.WriteError));
}
TaskLogger.LogExit();
}
