public static void SetOUAclPermissions(OrganizationProvider orgProvider, string organizationId, string rootDomain, string rootDomainPath)
{
string OUPath = orgProvider.GetOrganizationPath(organizationId);
string dSHeuristicsOU = orgProvider.GetdSHeuristicsOU(rootDomain);
Log.WriteInfo("dSHeuristicsOU: {0}", dSHeuristicsOU);
DirectoryEntry GetdSHeuristicspath = new DirectoryEntry(dSHeuristicsOU);
object DSObject = ActiveDirectoryUtils.GetADObjectProperty(GetdSHeuristicspath, "dSHeuristics") ?? "notset";
string dSHeuristics = DSObject.ToString();
Log.WriteInfo("dSHeuristics is : {0}", dSHeuristics);
if (dSHeuristics is "001")
{
ActiveDirectoryUtils.DisableInheritance(OUPath);
Log.WriteInfo("Removing PreWindows2000Identity from OU");
ActiveDirectoryUtils.RemoveIdentityAllows(OUPath, PreWindows2000Identity);
Log.WriteInfo("RemoveIdentityAllows for Everyone\n SID: {0}", EveryoneIdentity.ToString());
ActiveDirectoryUtils.RemoveIdentityAllows(OUPath, EveryoneIdentity);
Log.WriteInfo("RemoveIdentityAllows for AuthenticatedUsers\n SID: {0}", AuthenticatedUsersIdentity.ToString());
ActiveDirectoryUtils.RemoveIdentityAllows(OUPath, AuthenticatedUsersIdentity);
Log.WriteInfo("Changes for Exchange Servers: Recipient Management");
var exchServers = ActiveDirectoryUtils.GetObjectTargetAccountName("Recipient Management", rootDomain);
Log.WriteInfo("Recipient Management Exchange Servers: {0} ", exchServers);
if (ActiveDirectoryUtils.AccountExists(exchServers))
{
ActiveDirectoryUtils.AddPermission(OUPath, new NTAccount(exchServers), ActiveDirectoryRights.GenericAll);
}
Log.WriteInfo("Changes for Exchange Servers: Public Folder Management");
exchServers = ActiveDirectoryUtils.GetObjectTargetAccountName("Public Folder Management", rootDomain);
Log.WriteInfo("Public Folder Management Exchange Servers: {0} ", exchServers);
if (ActiveDirectoryUtils.AccountExists(exchServers))
{
ActiveDirectoryUtils.AddPermission(OUPath, new NTAccount(exchServers), ActiveDirectoryRights.GenericAll);
}
Log.WriteInfo("Completed Changes for Exchange Servers");
var groupAccount = ActiveDirectoryUtils.GetObjectTargetAccountName(organizationId, orgProvider.RootDomain);
Log.WriteInfo("Changes for GroupAccount: {0}", groupAccount.ToString());
for (int i = 0; i <= 25; i++)
{
if (ActiveDirectoryUtils.AccountExists(groupAccount))
{
ActiveDirectoryUtils.AddOrgPermisionsToIdentity(OUPath, new NTAccount(groupAccount));
break;
}
if (i == 25)
{
throw new Exception($"Can not find {groupAccount} group to set ACL permissions after {i * 2} seconds. Set Acl permissions manually");
}
Thread.Sleep(2000);
}
var privilegedGroup = ActiveDirectoryUtils.GetObjectTargetAccountName("Privileged Services", rootDomain);
if (!ActiveDirectoryUtils.AccountExists(privilegedGroup))
{
ActiveDirectoryUtils.CreateGroup(rootDomainPath, "Privileged Services");
}
ActiveDirectoryUtils.AddPermission(OUPath, new NTAccount(privilegedGroup), ActiveDirectoryRights.GenericRead);
}
}