private static void SaveArchiveSecurityDescriptor(ADUser mailbox, IConfigDataProvider writableAdSession, RawSecurityDescriptor rawSd, Task.TaskVerboseLoggingDelegate logVerbose, Task.ErrorLoggerDelegate logError) { ADObjectId adobjectId = mailbox.ArchiveDatabase ?? mailbox.Database; MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(adobjectId), mailbox.ArchiveGuid); try { ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance(); DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(adobjectId.ObjectGuid); using (MapiMessageStoreSession mapiMessageStoreSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, PermissionTaskHelper.CalcuteSystemAttendantMailboxLegacyDistingushName(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn))) { logVerbose(Strings.VerboseSaveStoreMailboxSecurityDescriptor(mailboxId.ToString(), mapiMessageStoreSession.ServerName)); mapiMessageStoreSession.ForceStoreToRefreshMailbox(mailboxId); } } catch (FormatException) { logError(new TaskInvalidOperationException(Strings.ErrorInvalidServerLegacyDistinguishName(mailbox.DistinguishedName.ToString())), ExchangeErrorCategory.ServerOperation, null); } catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException) { logVerbose(Strings.VerboseArchiveNotExistInStore(mailbox.Name)); PermissionTaskHelper.SaveAdSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError); } catch (LocalizedException exception) { logError(new SetArchivePermissionException(mailbox.Name, exception), ExchangeErrorCategory.ServerOperation, null); } }
public static void SetMailboxAces(ADUser mailbox, IConfigDataProvider writableAdSession, Task.TaskVerboseLoggingDelegate logVerbose, Task.TaskWarningLoggingDelegate logWarning, Task.ErrorLoggerDelegate logError, IConfigurationSession adSession, ref MapiMessageStoreSession storeSession, bool remove, params ActiveDirectoryAccessRule[] aces) { ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadMailboxSecurityDescriptor(mailbox, adSession, logVerbose, logError); if (activeDirectorySecurity != null) { DirectoryCommon.ApplyAcesOnAcl(logVerbose, logWarning, null, mailbox.DistinguishedName, activeDirectorySecurity, remove, aces); PermissionTaskHelper.SaveMailboxSecurityDescriptor(mailbox, activeDirectorySecurity, writableAdSession, ref storeSession, logVerbose, logError); } }
public static void SaveMailboxSecurityDescriptor(ADUser mailbox, ActiveDirectorySecurity adSecurity, IConfigDataProvider writableAdSession, ref MapiMessageStoreSession storeSession, Task.TaskVerboseLoggingDelegate logVerbose, Task.ErrorLoggerDelegate logError) { if (writableAdSession == null) { throw new ArgumentException("writableAdSession"); } RawSecurityDescriptor rawSd = new RawSecurityDescriptor(adSecurity.GetSecurityDescriptorBinaryForm(), 0); PermissionTaskHelper.SaveAdSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError); string text = null; try { ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance(); DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(mailbox.Database.ObjectGuid); text = serverForDatabase.ServerFqdn; if (storeSession == null) { storeSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, PermissionTaskHelper.CalcuteSystemAttendantMailboxLegacyDistingushName(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn)); } else { storeSession.RedirectServer(serverForDatabase.ServerLegacyDN, Fqdn.Parse(serverForDatabase.ServerFqdn)); } MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(mailbox.Database), mailbox.ExchangeGuid); logVerbose(Strings.VerboseSaveStoreMailboxSecurityDescriptor(mailboxId.ToString(), storeSession.ServerName)); storeSession.Administration.PurgeCachedMailboxObject(mailboxId.MailboxGuid); } catch (DatabaseNotFoundException) { logVerbose(Strings.ErrorMailboxDatabaseNotFound(mailbox.Database.ToString())); } catch (MapiExceptionNetworkError) { logVerbose(Strings.ErrorFailedToConnectToStore((text != null) ? text : string.Empty)); } catch (FormatException) { logVerbose(Strings.ErrorInvalidServerLegacyDistinguishName(mailbox.DistinguishedName.ToString())); } catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException) { logVerbose(Strings.VerboseMailboxNotExistInStore(mailbox.DistinguishedName)); } if (mailbox.HasLocalArchive) { PermissionTaskHelper.SaveArchiveSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError); } }
internal static SecurityIdentifier[] GetServerAdmins(Server server, IDirectorySession session, Task.TaskErrorLoggingDelegate logError) { List <SecurityIdentifier> list = new List <SecurityIdentifier>(); ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadAdSecurityDescriptor(server, session, logError); AuthorizationRuleCollection accessRules = activeDirectorySecurity.GetAccessRules(true, false, typeof(SecurityIdentifier)); foreach (object obj in accessRules) { ActiveDirectoryAccessRule activeDirectoryAccessRule = (ActiveDirectoryAccessRule)obj; if (activeDirectoryAccessRule.ActiveDirectoryRights == ActiveDirectoryRights.GenericAll) { SecurityIdentifier item = (SecurityIdentifier)activeDirectoryAccessRule.IdentityReference; list.Add(item); } } return(list.ToArray()); }
public static ActiveDirectorySecurity ReadAdSecurityDescriptor(ADRawEntry entry, IDirectorySession session, Task.TaskErrorLoggingDelegate logError) { RawSecurityDescriptor rawSecurityDescriptor = null; return(PermissionTaskHelper.ReadAdSecurityDescriptor(entry, session, logError, out rawSecurityDescriptor)); }