private void ValidateConvertToRoomList()
{
RecipientTypeDetails recipientTypeDetails = this.DataObject.RecipientTypeDetails;
if (recipientTypeDetails != RecipientTypeDetails.MailUniversalDistributionGroup)
{
base.WriteError(new TaskInvalidOperationException(Strings.ErrorConvertNonUniversalDistributionGroup(this.DataObject.Identity.ToString())), ExchangeErrorCategory.Client, this.DataObject.Identity);
}
foreach (ADObjectId adobjectId in this.DataObject.Members)
{
IRecipientSession session = RecipientTaskHelper.CreatePartitionOrRootOrgScopedGcSession(base.DomainController, adobjectId);
ADRecipient adrecipient = (ADRecipient)base.GetDataObject <ADRecipient>(new RecipientIdParameter(adobjectId), session, null, new LocalizedString?(Strings.ErrorRecipientNotFound(adobjectId.ToString())), new LocalizedString?(Strings.ErrorRecipientNotUnique(adobjectId.ToString())), ExchangeErrorCategory.Client);
if (adrecipient.RecipientTypeDetails != RecipientTypeDetails.RoomMailbox && adrecipient.RecipientTypeDetails != RecipientTypeDetails.RoomList && adrecipient.RecipientDisplayType != RecipientDisplayType.SyncedConferenceRoomMailbox)
{
base.WriteError(new TaskInvalidOperationException(Strings.ErrorConvertGroupContainsNonRoomMailbox(this.DataObject.Identity.ToString(), adrecipient.Identity.ToString())), ExchangeErrorCategory.Client, this.DataObject.Identity);
}
}
}
private bool LegacyDNIsUnique(string legacyDN)
{
QueryFilter filter = new AndFilter(new QueryFilter[]
{
new ComparisonFilter(ComparisonOperator.Equal, ADRecipientSchema.LegacyExchangeDN, legacyDN),
new ComparisonFilter(ComparisonOperator.NotEqual, ADObjectSchema.Id, this.DataObject.Id)
});
IRecipientSession recipientSession = RecipientTaskHelper.CreatePartitionOrRootOrgScopedGcSession(base.DomainController, this.DataObject.Id);
base.WriteVerbose(TaskVerboseStringHelper.GetFindDataObjectsVerboseString(recipientSession, typeof(ADRecipient), filter, null, true));
ADRecipient[] array = null;
try
{
array = recipientSession.Find(null, QueryScope.SubTree, filter, null, 1);
}
finally
{
base.WriteVerbose(TaskVerboseStringHelper.GetSourceVerboseString(recipientSession));
}
return(0 == array.Length);
}
private void CreateArchiveIfNecessary(ADUser user)
{
if (user.ArchiveGuid == Guid.Empty)
{
if (user.DisabledArchiveGuid != Guid.Empty && this.ArchiveGuid == user.DisabledArchiveGuid)
{
this.recoverArchive = MailboxTaskHelper.IsArchiveRecoverable(user, this.ConfigurationSession, RecipientTaskHelper.CreatePartitionOrRootOrgScopedGcSession(base.DomainController, user.Id));
if (this.recoverArchive)
{
user.ArchiveDatabase = user.DisabledArchiveDatabase;
}
}
user.ArchiveGuid = this.ArchiveGuid;
user.ArchiveName = ((this.ArchiveName == null) ? new MultiValuedProperty <string>(Strings.ArchiveNamePrefix + user.DisplayName) : this.ArchiveName);
user.ArchiveQuota = RecipientConstants.ArchiveAddOnQuota;
user.ArchiveWarningQuota = RecipientConstants.ArchiveAddOnWarningQuota;
user.ArchiveStatus |= ArchiveStatusFlags.Active;
user.AllowArchiveAddressSync = true;
MailboxTaskHelper.ApplyDefaultArchivePolicy(user, this.ConfigurationSession);
return;
}
base.WriteError(new RecipientTaskException(Strings.ErrorArchiveAlreadyPresent(this.Identity.ToString())), ErrorCategory.InvalidArgument, null);
}
protected override IConfigurable PrepareDataObject()
{
TaskLogger.LogEnter();
ADGroup group = (ADGroup)base.PrepareDataObject();
this.flagCloseGroupMemberJoinForNoArbitrationMbx = false;
this.flagCloseGroupMemberDepartForNoArbitrationMbx = false;
this.UpdateRecipientDisplayType(group);
ADObjectId adobjectId;
bool flag = base.TryGetExecutingUserId(out adobjectId);
if (!this.IgnoreNamingPolicy.IsPresent && (base.UserSpecifiedParameters.IsChanged(ADObjectSchema.Name.Name) || base.UserSpecifiedParameters.IsChanged(MailEnabledRecipientSchema.DisplayName.Name)))
{
Organization organization;
if (group.OrganizationId.ConfigurationUnit == null && group.OrganizationId.OrganizationalUnit == null)
{
organization = this.ConfigurationSession.GetOrgContainer();
}
else
{
organization = this.ConfigurationSession.Read <ExchangeConfigurationUnit>(group.OrganizationId.ConfigurationUnit);
}
if (flag)
{
IRecipientSession recipientSession = RecipientTaskHelper.CreatePartitionOrRootOrgScopedGcSession(null, adobjectId);
ADUser user = (ADUser)recipientSession.Read(adobjectId);
if (base.UserSpecifiedParameters.IsChanged(ADObjectSchema.Name.Name))
{
group.Name = DistributionGroupTaskHelper.GetGroupNameWithNamingPolicy(organization, user, group, group.Name, ADObjectSchema.Name, new Task.ErrorLoggerDelegate(base.WriteError));
}
if (base.UserSpecifiedParameters.IsChanged(MailEnabledRecipientSchema.DisplayName.Name))
{
group.DisplayName = DistributionGroupTaskHelper.GetGroupNameWithNamingPolicy(organization, user, group, group.DisplayName, ADRecipientSchema.DisplayName, new Task.ErrorLoggerDelegate(base.WriteError));
}
}
}
bool flag2 = false;
ADScopeException ex = null;
if (flag && adobjectId != null && !((IDirectorySession)base.DataSession).TryVerifyIsWithinScopes(group, true, out ex))
{
group.IsExecutingUserGroupOwner = true;
flag2 = true;
base.WriteVerbose(Strings.VerboseDGOwnershipDeepSearch(adobjectId.ToString(), group.Identity.ToString()));
RecipientTaskHelper.ValidateUserIsGroupManager(adobjectId, group, delegate(LocalizedException exception, ExchangeErrorCategory category, object taget)
{
group.IsExecutingUserGroupOwner = false;
}, true, base.TenantGlobalCatalogSession);
group.propertyBag.ResetChangeTracking(ADGroupSchema.IsExecutingUserGroupOwner);
}
if (group.RecipientDisplayType == RecipientDisplayType.SecurityDistributionGroup && !flag2 && !this.BypassSecurityGroupManagerCheck && (base.Fields.IsChanged(DistributionGroupSchema.ManagedBy) || base.Fields.IsChanged(MailEnabledRecipientSchema.GrantSendOnBehalfTo) || base.Fields.IsChanged(ADObjectSchema.Name) || base.Fields.IsChanged(DistributionGroupSchema.SamAccountName)))
{
if (!flag)
{
base.WriteError(new RecipientTaskException(Strings.ErrorExecutingUserOutOfTargetOrg(base.MyInvocation.MyCommand.Name)), ExchangeErrorCategory.Client, group.Identity.ToString());
}
RecipientTaskHelper.ValidateUserIsGroupManager(adobjectId, group, new Task.ErrorLoggerDelegate(base.WriteError), true, base.TenantGlobalCatalogSession);
group.IsExecutingUserGroupOwner = true;
group.propertyBag.ResetChangeTracking(ADGroupSchema.IsExecutingUserGroupOwner);
}
base.SetMultiReferenceParameter <GeneralRecipientIdParameter>(DistributionGroupSchema.ManagedBy, this.ManagedBy, group, new GetRecipientDelegate <GeneralRecipientIdParameter>(this.GetRecipient));
if (base.Fields.IsModified(ADGroupSchema.MemberJoinRestriction))
{
group.MemberJoinRestriction = this.MemberJoinRestriction;
}
if (base.Fields.IsModified(ADGroupSchema.MemberDepartRestriction))
{
group.MemberDepartRestriction = this.MemberDepartRestriction;
}
if (base.Fields.IsModified(ADRecipientSchema.ArbitrationMailbox))
{
if (base.ArbitrationMailbox == null)
{
base.WriteError(new RecipientTaskException(Strings.ErrorNullParameter(ADRecipientSchema.ArbitrationMailbox.Name)), ExchangeErrorCategory.Client, group.Identity);
}
ADObjectId arbitrationMailbox = group.ArbitrationMailbox;
}
if (!group.ExchangeVersion.IsOlderThan(ADRecipientSchema.ArbitrationMailbox.VersionAdded) && (group.ArbitrationMailbox == null || group.ArbitrationMailbox.IsDescendantOf(ADSession.GetDeletedObjectsContainer(group.ArbitrationMailbox.DomainId))))
{
group.ArbitrationMailbox = MailboxTaskHelper.GetArbitrationMailbox(base.TenantGlobalCatalogSession, group.ConfigurationUnit ?? base.RootOrgContainerId);
if (group.ArbitrationMailbox == null)
{
if (group.MemberJoinRestriction == MemberUpdateType.ApprovalRequired)
{
if (base.Fields.IsModified(ADGroupSchema.MemberJoinRestriction))
{
base.WriteError(new RecipientTaskException(Strings.ErrorArbitrationMbxNotSetForApproval(this.Identity.ToString())), ExchangeErrorCategory.Client, group.Identity);
}
else
{
group.MemberJoinRestriction = MemberUpdateType.Closed;
this.flagCloseGroupMemberJoinForNoArbitrationMbx = true;
}
}
if (group.MemberDepartRestriction == MemberUpdateType.ApprovalRequired)
{
if (base.Fields.IsModified(ADGroupSchema.MemberDepartRestriction))
{
base.WriteError(new RecipientTaskException(Strings.ErrorArbitrationMbxNotSetForApproval(this.Identity.ToString())), ExchangeErrorCategory.Client, group.Identity);
}
else
{
group.MemberDepartRestriction = MemberUpdateType.Closed;
this.flagCloseGroupMemberDepartForNoArbitrationMbx = true;
}
}
}
}
TaskLogger.LogExit();
return(group);
}
protected override void PrepareRecipientObject(ADGroup group)
{
TaskLogger.LogEnter();
base.PrepareRecipientObject(group);
Organization organization;
if (base.Organization == null)
{
organization = this.ConfigurationSession.GetOrgContainer();
}
else
{
organization = this.ConfigurationSession.Read <ExchangeConfigurationUnit>(base.CurrentOrgContainerId);
}
ADObjectId adobjectId = null;
base.TryGetExecutingUserId(out adobjectId);
if (!this.IgnoreNamingPolicy.IsPresent && adobjectId != null)
{
ADUser user = (ADUser)RecipientTaskHelper.CreatePartitionOrRootOrgScopedGcSession(null, adobjectId).Read(adobjectId);
string groupNameWithNamingPolicy = DistributionGroupTaskHelper.GetGroupNameWithNamingPolicy(organization, user, group, base.Name, ADObjectSchema.Name, new Task.ErrorLoggerDelegate(base.WriteError));
if (groupNameWithNamingPolicy.Length > 64)
{
base.WriteError(new RecipientTaskException(Strings.ErrorDistributionGroupNameTooLong), ExchangeErrorCategory.Client, null);
}
base.Name = groupNameWithNamingPolicy;
if (!string.IsNullOrEmpty(base.DisplayName))
{
base.DisplayName = DistributionGroupTaskHelper.GetGroupNameWithNamingPolicy(organization, user, group, base.DisplayName, ADRecipientSchema.DisplayName, new Task.ErrorLoggerDelegate(base.WriteError));
}
}
if (base.OrganizationalUnit == null && !ADObjectId.IsNullOrEmpty(organization.DistributionGroupDefaultOU))
{
group.SetId(organization.DistributionGroupDefaultOU.GetChildId(base.Name));
}
if (base.OrganizationalUnit == null && group[ADRecipientSchema.DefaultDistributionListOU] != null)
{
ADObjectId adobjectId2 = (ADObjectId)group[ADRecipientSchema.DefaultDistributionListOU];
RecipientTaskHelper.ResolveOrganizationalUnitInOrganization(new OrganizationalUnitIdParameter(adobjectId2), this.ConfigurationSession, base.CurrentOrganizationId, new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), ExchangeErrorCategory.Client, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError));
group.SetId(adobjectId2.GetChildId(base.Name));
}
if (this.Type != GroupType.Distribution && this.Type != GroupType.Security)
{
base.WriteError(new RecipientTaskException(Strings.ErrorGroupTypeInvalid), ExchangeErrorCategory.Client, null);
}
if (base.Fields.IsModified(DistributionGroupSchema.ManagedBy))
{
MailboxTaskHelper.StampOnManagedBy(this.DataObject, this.managedByRecipients, new Task.ErrorLoggerDelegate(base.WriteError));
}
if (this.RoomList.IsPresent)
{
if (this.Type != GroupType.Distribution)
{
base.WriteError(new RecipientTaskException(Strings.ErrorCreateRoomListSecurityGroup(base.Name)), ExchangeErrorCategory.Client, base.Name);
}
group.RecipientTypeDetails = RecipientTypeDetails.RoomList;
if (group.ManagedBy != null)
{
group.AcceptMessagesOnlyFromSendersOrMembers = new MultiValuedProperty <ADObjectId>(group.ManagedBy);
}
}
MailboxTaskHelper.ValidateGroupManagedBy(base.TenantGlobalCatalogSession, group, this.managedByRecipients, new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>), new Task.ErrorLoggerDelegate(base.WriteError));
MailboxTaskHelper.ValidateGroupManagedByRecipientRestriction(base.TenantGlobalCatalogSession, group, this.managedByRecipients, new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskWarningLoggingDelegate(this.WriteWarning));
group.GroupType = (GroupTypeFlags)((GroupType)8 | this.Type);
if (!group.IsChanged(ADRecipientSchema.RecipientDisplayType))
{
if ((group.GroupType & GroupTypeFlags.SecurityEnabled) == GroupTypeFlags.SecurityEnabled)
{
group.RecipientDisplayType = new RecipientDisplayType?(RecipientDisplayType.SecurityDistributionGroup);
}
else
{
group.RecipientDisplayType = new RecipientDisplayType?(RecipientDisplayType.DistributionGroup);
}
}
if (string.IsNullOrEmpty(group.SamAccountName))
{
IRecipientSession[] recipientSessions = new IRecipientSession[]
{
base.RootOrgGlobalCatalogSession
};
if (VariantConfiguration.InvariantNoFlightingSnapshot.CmdletInfra.ServiceAccountForest.Enabled && base.CurrentOrganizationId != OrganizationId.ForestWideOrgId)
{
recipientSessions = new IRecipientSession[]
{
base.RootOrgGlobalCatalogSession,
base.PartitionOrRootOrgGlobalCatalogSession
};
}
group.SamAccountName = RecipientTaskHelper.GenerateUniqueSamAccountName(recipientSessions, group.Id.DomainId, group.Name, true, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), false);
}
else
{
RecipientTaskHelper.IsSamAccountNameUnique(group, group.SamAccountName, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError), ExchangeErrorCategory.Client);
}
if (string.IsNullOrEmpty(group.Alias))
{
group.Alias = RecipientTaskHelper.GenerateUniqueAlias(base.TenantGlobalCatalogSession, base.CurrentOrganizationId, group.SamAccountName, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
}
if (base.Fields.IsChanged(ADGroupSchema.Members) && this.Members != null)
{
foreach (RecipientIdParameter member in this.Members)
{
MailboxTaskHelper.ValidateAndAddMember(base.TenantGlobalCatalogSession, group, member, false, new Task.ErrorLoggerDelegate(base.WriteError), new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>));
}
}
if (this.CopyOwnerToMember.IsPresent && this.managedByRecipients != null)
{
foreach (ADRecipient adrecipient in this.managedByRecipients)
{
if (!group.Members.Contains(adrecipient.Id))
{
MailboxTaskHelper.ValidateMemberInGroup(adrecipient, group, new Task.ErrorLoggerDelegate(base.WriteError));
group.Members.Add(adrecipient.Id);
}
}
}
if ((group.GroupType & GroupTypeFlags.Universal) == GroupTypeFlags.Universal)
{
MailboxTaskHelper.ValidateAddedMembers(base.TenantGlobalCatalogSession, group, new Task.ErrorLoggerDelegate(base.WriteError), new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>));
}
if (!this.DataObject.IsModified(ADGroupSchema.MemberDepartRestriction))
{
this.DataObject.MemberDepartRestriction = ((this.Type == GroupType.Security) ? MemberUpdateType.Closed : MemberUpdateType.Open);
}
if (group.ArbitrationMailbox == null)
{
group.ArbitrationMailbox = MailboxTaskHelper.GetArbitrationMailbox(base.TenantGlobalCatalogSession, base.CurrentOrgContainerId);
if (group.ArbitrationMailbox == null)
{
if (group.MemberJoinRestriction == MemberUpdateType.ApprovalRequired || group.MemberDepartRestriction == MemberUpdateType.ApprovalRequired)
{
base.WriteError(new RecipientTaskException(Strings.ErrorArbitrationMbxNotSetForApproval(base.Name)), ExchangeErrorCategory.Client, group.Identity);
}
if (group.ModerationEnabled)
{
base.WriteError(new RecipientTaskException(Strings.ErrorArbitrationMbxNotSetForModeration(base.Name)), ExchangeErrorCategory.Client, group.Identity);
}
}
}
DistributionGroupTaskHelper.CheckMembershipRestriction(group, new Task.ErrorLoggerDelegate(base.WriteError));
TaskLogger.LogExit();
}
protected override void InternalValidate()
{
TaskLogger.LogEnter();
base.InternalValidate();
SetADUserBase <TIdentity, TPublicObject> .ValidateUserParameters(this.DataObject, this.ConfigurationSession, RecipientTaskHelper.CreatePartitionOrRootOrgScopedGcSession(base.DomainController, this.DataObject.Id), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError), ExchangeErrorCategory.Client, this.ShouldCheckAcceptedDomains(), base.ProvisioningCache);
if (this.DataObject.IsChanged(UserSchema.WindowsLiveID) && this.DataObject.WindowsLiveID != SmtpAddress.Empty)
{
if (this.ShouldCheckAcceptedDomains())
{
RecipientTaskHelper.ValidateInAcceptedDomain(this.ConfigurationSession, this.DataObject.OrganizationId, this.DataObject.WindowsLiveID.Domain, new Task.ErrorLoggerDelegate(base.WriteError), base.ProvisioningCache);
MailboxTaskHelper.IsLiveIdExists((IRecipientSession)base.DataSession, this.DataObject.WindowsLiveID, this.DataObject.NetID, new Task.ErrorLoggerDelegate(base.WriteError));
}
this.DataObject.UserPrincipalName = this.DataObject.WindowsLiveID.ToString();
}
if (this.DataObject.IsModified(UserSchema.CertificateSubject))
{
NewLinkedUser.ValidateCertificateSubject(this.DataObject.CertificateSubject, OrganizationId.ForestWideOrgId.Equals(this.DataObject.OrganizationId) ? null : this.DataObject.OrganizationId.PartitionId, this.DataObject.Id, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
if (this.IsDisablingRemotePowerShell() && this.orgAdminHelper.ShouldPreventLastAdminRemoval(this, this.DataObject.OrganizationId) && this.orgAdminHelper.IsLastAdmin(this.DataObject))
{
TIdentity identity = this.Identity;
base.WriteError(new RecipientTaskException(Strings.ErrorCannotDisableRemotePowershelForLastDelegatingOrgAdmin(identity.ToString())), ErrorCategory.InvalidOperation, this.Identity);
}
TaskLogger.LogExit();
}
protected override void InternalValidate()
{
TaskLogger.LogEnter();
base.InternalValidate();
SetADUserBase <UserIdParameter, User> .ValidateUserParameters(this.DataObject, this.ConfigurationSession, RecipientTaskHelper.CreatePartitionOrRootOrgScopedGcSession(base.DomainController, this.DataObject.Id), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError), ExchangeErrorCategory.Client, this.ShouldCheckAcceptedDomains(), base.ProvisioningCache);
if (this.DataObject.IsModified(UserSchema.CertificateSubject))
{
NewLinkedUser.ValidateCertificateSubject(this.DataObject.CertificateSubject, OrganizationId.ForestWideOrgId.Equals(this.DataObject.OrganizationId) ? null : this.DataObject.OrganizationId.PartitionId, this.DataObject.Id, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
TaskLogger.LogExit();
}