private void FillTaskPopulatedFields(ADOrganizationConfig organization) { RbacContainer rbacContainer = null; if (OrganizationId.ForestWideOrgId.Equals(organization.OrganizationId)) { rbacContainer = this.ConfigurationSession.GetRbacContainer(); } else { ExchangeConfigurationUnit exchangeConfigurationUnit = this.ConfigurationSession.GetOrgContainer() as ExchangeConfigurationUnit; if (exchangeConfigurationUnit != null) { organization.ServicePlan = exchangeConfigurationUnit.ServicePlan; organization.TargetServicePlan = exchangeConfigurationUnit.TargetServicePlan; if (exchangeConfigurationUnit.IsStaticConfigurationShared) { SharedConfiguration sharedConfiguration = SharedConfiguration.GetSharedConfiguration(organization.OrganizationId); rbacContainer = sharedConfiguration.GetRbacContainer(); } else { rbacContainer = this.ConfigurationSession.GetRbacContainer(); } } } if (rbacContainer != null) { organization.RBACConfigurationVersion = rbacContainer.ExchangeVersion; } }
private void StampCurrentVersionOnRBACContainer(RbacContainer rbacContainer) { rbacContainer.StampExchangeObjectVersion(OrganizationTaskHelper.ManagementDllVersion); this.configurationSession.Save(rbacContainer); base.LogWriteObject(rbacContainer); }
protected override void InternalProcessRecord() { this.configurationSession.SessionSettings.IsSharedConfigChecked = true; base.InternalProcessRecord(); List <string> enabledFeatures = (base.ServicePlanSettings == null) ? null : base.ServicePlanSettings.GetAggregatedMailboxPlanRoleAssignmentFeatures(); List <string> enabledFeatures2 = (this.PreviousServicePlanSettings == null) ? null : this.PreviousServicePlanSettings.GetAggregatedMailboxPlanRoleAssignmentFeatures(); RbacContainer rbacContainer = this.configurationSession.GetRbacContainer(); ExchangeBuild currentRBACConfigVersion = base.GetCurrentRBACConfigVersion(rbacContainer); List <RoleToRAPAssignmentDefinition> list = new List <RoleToRAPAssignmentDefinition>(); foreach (RoleToRAPAssignmentDefinition roleToRAPAssignmentDefinition in this.GetRoleAssignmentDefinitions().Assignments) { if (roleToRAPAssignmentDefinition.SatisfyCondition(enabledFeatures)) { switch (base.InvocationMode) { case InvocationMode.Install: list.Add(roleToRAPAssignmentDefinition); break; case InvocationMode.BuildToBuildUpgrade: if (roleToRAPAssignmentDefinition.IntroducedInBuild > currentRBACConfigVersion) { list.Add(roleToRAPAssignmentDefinition); } break; case InvocationMode.ServicePlanUpdate: if (!roleToRAPAssignmentDefinition.SatisfyCondition(enabledFeatures2) || roleToRAPAssignmentDefinition.IntroducedInBuild > currentRBACConfigVersion) { list.Add(roleToRAPAssignmentDefinition); } break; } } } List <ExchangeRole> list2 = new List <ExchangeRole>(); List <ExchangeRole> list3 = new List <ExchangeRole>(); List <ExchangeRole> list4 = new List <ExchangeRole>(); foreach (ExchangeRole exchangeRole in this.configurationSession.FindPaged <ExchangeRole>(this.rolesContainerId, QueryScope.OneLevel, new ComparisonFilter(ComparisonOperator.Equal, ExchangeRoleSchema.IsEndUserRole, true), null, 0)) { if (exchangeRole.IsEndUserRole) { if (this.IsRoleInFilteredList(exchangeRole, list)) { if (this.IsAutoGroupRelatedRole(exchangeRole)) { list3.Add(exchangeRole); } else { list2.Add(exchangeRole); } } if (this.IsAutoGroupRelatedRole(exchangeRole)) { list4.Add(exchangeRole); } } } if (this.Organization == null) { using (IEnumerator <RoleAssignmentPolicy> enumerator2 = this.FindAllRoleAssignmentPolicies().GetEnumerator()) { while (enumerator2.MoveNext()) { RoleAssignmentPolicy policy = enumerator2.Current; this.CreateRAPRoleAssignments(policy, list2); } goto IL_455; } } if (!base.ServicePlanSettings.Organization.PerMBXPlanRoleAssignmentPolicyEnabled) { foreach (RoleAssignmentPolicy policy2 in this.FindAllRoleAssignmentPolicies()) { this.CreateRAPRoleAssignments(policy2, list2); } RoleAssignmentPolicy policy3 = this.FindDefaultRoleAssignmentPolicy(); bool currentPlanAutoGroupEnabled = false; base.ServicePlanSettings.MailboxPlans.ForEach(delegate(ServicePlan.MailboxPlan x) { currentPlanAutoGroupEnabled |= x.AutoGroupPermissions; }); bool previousPlanAutoGroupEnabled = false; bool flag = false; bool flag2 = false; if (this.PreviousServicePlanSettings != null) { this.PreviousServicePlanSettings.MailboxPlans.ForEach(delegate(ServicePlan.MailboxPlan x) { previousPlanAutoGroupEnabled |= x.AutoGroupPermissions; }); if (previousPlanAutoGroupEnabled && !this.PreviousServicePlanSettings.Organization.ShareableConfigurationEnabled) { flag = true; } else { flag2 = true; } } else { flag2 = true; } if (currentPlanAutoGroupEnabled && !flag) { this.CreateRAPRoleAssignments(policy3, list3); } else if (!currentPlanAutoGroupEnabled && !flag2) { this.RemoveRAPRoleAssignmentsIfNeeded(policy3, list4, null); } } else { foreach (ServicePlan.MailboxPlan mailboxPlan in base.ServicePlanSettings.MailboxPlans) { ADUser aduser = this.FindMailboxPlanByName(mailboxPlan.Name); if (aduser.RoleAssignmentPolicy == null) { base.WriteError(new InvalidOperationException(Strings.ErrorRBACPolicyLinkNotFound(aduser.Name)), ErrorCategory.InvalidArgument, null); } RoleAssignmentPolicy roleAssignmentPolicy = this.configurationSession.Read <RoleAssignmentPolicy>(aduser.RoleAssignmentPolicy); if (roleAssignmentPolicy == null) { base.WriteError(new InvalidOperationException(Strings.ErrorRBACPolicyNotFound(aduser.RoleAssignmentPolicy.ToString())), ErrorCategory.InvalidArgument, null); } ServicePlan.MailboxPlan mailboxPlan2 = null; if (this.PreviousServicePlanSettings != null) { mailboxPlan2 = this.PreviousServicePlanSettings.GetMailboxPlanByName(mailboxPlan.Name); } if (this.PreviousServicePlanSettings == null || mailboxPlan2 == null) { this.CreateRAPRoleAssignments(roleAssignmentPolicy, list2, aduser.MailboxPlanIndex); } bool flag3 = false; bool flag4 = false; if (mailboxPlan2 != null) { if (mailboxPlan2.AutoGroupPermissions) { flag3 = true; } else { flag4 = true; } } else { flag4 = true; } if (mailboxPlan.AutoGroupPermissions && !flag3) { this.CreateRAPRoleAssignments(roleAssignmentPolicy, list3, aduser.MailboxPlanIndex); } else if (!mailboxPlan.AutoGroupPermissions && !flag4) { this.RemoveRAPRoleAssignmentsIfNeeded(roleAssignmentPolicy, list4, aduser.MailboxPlanIndex); } } } IL_455: this.StampCurrentVersionOnRBACContainer(rbacContainer); }
protected override void InternalProcessRecord() { InstallCannedRbacRoleAssignments.isFfoEnvironment = (base.Fields.Contains("IsFfo") && this.IsFfo); this.configurationSession.SessionSettings.IsSharedConfigChecked = true; base.InternalProcessRecord(); this.RemoveInvalidRoleAssignments(); this.UpdateRoleAssignments(); List <string> enabledFeatures = (base.ServicePlanSettings == null) ? null : base.ServicePlanSettings.Organization.GetEnabledRoleGroupRoleAssignmentFeatures(); List <string> enabledFeatures2 = (this.PreviousServicePlanSettings == null) ? null : this.PreviousServicePlanSettings.Organization.GetEnabledRoleGroupRoleAssignmentFeatures(); RoleGroupRoleMapping[] roleGroupAssignmentsDefinition = this.GetRoleGroupAssignmentsDefinition(); List <string> cannedRoleNames = this.GetCannedRoleNames(); List <ExchangeRole> list = new List <ExchangeRole>(); foreach (ExchangeRole exchangeRole in this.configurationSession.FindPaged <ExchangeRole>(this.rolesContainerId, QueryScope.OneLevel, null, null, 0)) { if (cannedRoleNames.Contains(exchangeRole.Name)) { list.Add(exchangeRole); } } RbacContainer rbacContainer = this.configurationSession.GetRbacContainer(); ExchangeBuild currentRBACConfigVersion = base.GetCurrentRBACConfigVersion(rbacContainer); foreach (RoleGroupRoleMapping roleGroupRoleMapping in roleGroupAssignmentsDefinition) { ADGroup adgroup = null; foreach (RoleAssignmentDefinition roleAssignmentDefinition in roleGroupRoleMapping.Assignments) { bool flag = false; if (roleAssignmentDefinition.SatisfyCondition(enabledFeatures)) { switch (base.InvocationMode) { case InvocationMode.Install: flag = true; break; case InvocationMode.BuildToBuildUpgrade: flag = (roleAssignmentDefinition.IntroducedInBuild > currentRBACConfigVersion); break; case InvocationMode.ServicePlanUpdate: flag = (!roleAssignmentDefinition.SatisfyCondition(enabledFeatures2) || roleAssignmentDefinition.IntroducedInBuild > currentRBACConfigVersion); break; } } if (InstallCannedRbacRoleAssignments.MonitoredDCOnlyRoleGroups.Contains(roleGroupRoleMapping.RoleGroup)) { flag = true; } if (flag) { if (adgroup == null) { adgroup = this.FindCannedRoleGroupByName(roleGroupRoleMapping.RoleGroup); } this.CreateRoleAssignmentDefinition(roleAssignmentDefinition, adgroup, list); } else if (!roleAssignmentDefinition.SatisfyCondition(enabledFeatures, roleGroupAssignmentsDefinition)) { if (this.Organization == null) { throw new InvalidOperationException(roleGroupRoleMapping.RoleGroup.ToString()); } this.RemoveRoleAssignmentDefinition(roleAssignmentDefinition, list); } } if (InstallCannedRbacRoleAssignments.MonitoredDCOnlyRoleGroups.Contains(roleGroupRoleMapping.RoleGroup)) { if (adgroup == null) { adgroup = this.FindCannedRoleGroupByName(roleGroupRoleMapping.RoleGroup); } this.PurgeInvalidAssignmentsFromRoleGroup(roleGroupRoleMapping, adgroup, list); } } ADGroup adgroup2 = this.ResolveWellKnownGuid(RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid); if (adgroup2 == null) { base.WriteError(new ExRbacRoleGroupNotFoundException(RoleGroup.OrganizationManagement_InitInfo.WellKnownGuid, "Organization Management"), ErrorCategory.InvalidData, null); } base.LogReadObject(adgroup2); if ((base.ServicePlanSettings != null && base.ServicePlanSettings.Organization.PermissionManagementEnabled) || this.Organization == null) { using (List <ExchangeRole> .Enumerator enumerator2 = list.GetEnumerator()) { while (enumerator2.MoveNext()) { ExchangeRole exchangeRole2 = enumerator2.Current; if (exchangeRole2.IsEndUserRole && !exchangeRole2.IsDeprecated && !this.FindRoleAssignment(exchangeRole2, adgroup2, RoleAssignmentDelegationType.DelegatingOrgWide)) { this.CreateRoleAssignment(exchangeRole2, adgroup2, RoleAssignmentDelegationType.DelegatingOrgWide); } } return; } } foreach (ExchangeRole exchangeRole3 in list) { if (exchangeRole3.IsEndUserRole && !exchangeRole3.IsDeprecated) { this.RemoveRoleAssignmentsFromGroup(exchangeRole3, adgroup2, RoleAssignmentDelegationType.DelegatingOrgWide); } } }