public static ActiveDirectorySecurity ReadMailboxSecurityDescriptor(ADUser mailbox, IConfigurationSession adSession, Task.TaskVerboseLoggingDelegate logVerbose, Task.ErrorLoggerDelegate logError)
{
TaskLogger.LogEnter();
RawSecurityDescriptor exchangeSecurityDescriptor = mailbox.ExchangeSecurityDescriptor;
RawSecurityDescriptor rawSecurityDescriptor;
if (mailbox.RecipientType == RecipientType.SystemAttendantMailbox)
{
rawSecurityDescriptor = exchangeSecurityDescriptor;
}
else
{
RawSecurityDescriptor rawSecurityDescriptor2 = adSession.ReadSecurityDescriptor(mailbox.Database);
if (rawSecurityDescriptor2 == null)
{
logError(new TaskInvalidOperationException(Strings.ErrorReadDatabaseSecurityDescriptor(mailbox.Database.ToString())), ExchangeErrorCategory.ServerOperation, null);
return(null);
}
rawSecurityDescriptor = MailboxSecurity.CreateMailboxSecurityDescriptor(SecurityDescriptor.FromRawSecurityDescriptor(rawSecurityDescriptor2), SecurityDescriptor.FromRawSecurityDescriptor(exchangeSecurityDescriptor)).ToRawSecurityDescriptor();
if (rawSecurityDescriptor == null)
{
logError(new TaskInvalidOperationException(Strings.ErrorReadMailboxSecurityDescriptor(mailbox.DistinguishedName)), ExchangeErrorCategory.ServerOperation, mailbox.Identity);
return(null);
}
}
ActiveDirectorySecurity result = SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(rawSecurityDescriptor);
TaskLogger.LogExit();
return(result);
}
public static ActiveDirectorySecurity ReadAdSecurityDescriptor(ADRawEntry entry, IDirectorySession session, Task.TaskErrorLoggingDelegate logError, out RawSecurityDescriptor rawSd)
{
TaskLogger.LogEnter();
rawSd = session.ReadSecurityDescriptor(entry.Id);
if (rawSd == null)
{
if (logError != null)
{
logError(new SecurityDescriptorAccessDeniedException(entry.Id.DistinguishedName), ErrorCategory.ReadError, null);
}
return(null);
}
ActiveDirectorySecurity result = SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(rawSd);
TaskLogger.LogExit();
return(result);
}
public void SetTeamMailboxUserPermissions(IList <ADObjectId> usersToAdd, IList <ADObjectId> usersToRemove, SecurityIdentifier[] additionalSids, bool save = true)
{
ADUser aduser = (ADUser)this.TeamMailbox.DataObject;
RawSecurityDescriptor exchangeSecurityDescriptor = aduser.ExchangeSecurityDescriptor;
ActiveDirectorySecurity activeDirectorySecurity = SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(exchangeSecurityDescriptor);
if (usersToAdd != null)
{
foreach (ADObjectId userId in usersToAdd)
{
SecurityIdentifier userSid = this.GetUserSid(userId);
if (userSid != null)
{
activeDirectorySecurity.AddAccessRule(new ActiveDirectoryAccessRule(userSid, ActiveDirectoryRights.CreateChild, AccessControlType.Allow, Guid.Empty, ActiveDirectorySecurityInheritance.All, Guid.Empty));
}
}
}
if (usersToRemove != null)
{
foreach (ADObjectId userId2 in usersToRemove)
{
SecurityIdentifier userSid2 = this.GetUserSid(userId2);
if (userSid2 != null)
{
activeDirectorySecurity.RemoveAccessRule(new ActiveDirectoryAccessRule(userSid2, ActiveDirectoryRights.CreateChild, AccessControlType.Allow, Guid.Empty, ActiveDirectorySecurityInheritance.All, Guid.Empty));
}
}
}
if (additionalSids != null)
{
foreach (SecurityIdentifier identity in additionalSids)
{
activeDirectorySecurity.AddAccessRule(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.CreateChild, AccessControlType.Allow, Guid.Empty, ActiveDirectorySecurityInheritance.All, Guid.Empty));
}
}
aduser.ExchangeSecurityDescriptor = new RawSecurityDescriptor(activeDirectorySecurity.GetSecurityDescriptorBinaryForm(), 0);
if (save)
{
this.DataSession.Save(aduser);
}
}
private bool ActiveDirectoryMembershipUpdate()
{
ArgumentValidator.ThrowIfNull("groupObject", this.groupObject);
Exception ex = null;
try
{
ActiveDirectorySecurity activeDirectorySecurity = SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(this.groupObject.ExchangeSecurityDescriptor);
activeDirectorySecurity.RemoveAccessRule(GroupMailboxPermissionHandler.MailboxRightsFullAccessRule);
this.groupObject.ExchangeSecurityDescriptor = SecurityDescriptorConverter.ConvertToRawSecurityDescriptor(activeDirectorySecurity);
}
catch (OverflowException ex2)
{
ex = ex2;
}
catch (COMException ex3)
{
ex = ex3;
}
catch (UnauthorizedAccessException ex4)
{
ex = ex4;
}
catch (TransientException ex5)
{
ex = ex5;
}
catch (DataSourceOperationException ex6)
{
ex = ex6;
}
if (ex != null)
{
GroupMailboxMembershipUpdater.Tracer.TraceError <string>((long)this.GetHashCode(), "ActiveDirectoryMembershipUpdate: Exception {0}", ex.Message);
return(false);
}
GroupMailboxMembershipUpdater.Tracer.TraceDebug <string>((long)this.GetHashCode(), "ActiveDirectoryMembershipUpdate: Updated active directory successfully for the group mailbox {0}", this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString());
this.recipientSession.Save(this.groupObject);
return(true);
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter(new object[]
{
this.DataObject
});
bool flag = false;
if (false == this.Force && this.Arbitration)
{
TIdentity identity = this.Identity;
if (!base.ShouldContinue(Strings.SetArbitrationMailboxConfirmationMessage(identity.ToString())))
{
TaskLogger.LogExit();
return;
}
}
if (false == this.Force && this.originalForwardingAddress == null && this.DataObject.ForwardingAddress != null && this.DataObject.ForwardingSmtpAddress != null)
{
LocalizedString message = (this.originalForwardingSmtpAddress != null) ? Strings.SetMailboxForwardingAddressConfirmationMessage : Strings.SetBothForwardingAddressConfirmationMessage;
if (!base.ShouldContinue(message))
{
TaskLogger.LogExit();
return;
}
}
if (this.DataObject.IsModified(MailboxSchema.ForwardingSmtpAddress) && this.DataObject.ForwardingSmtpAddress != null && this.DataObject.ForwardingAddress != null && !base.Fields.IsModified(MailboxSchema.ForwardingAddress))
{
this.WriteWarning(Strings.ContactAdminForForwardingWarning);
}
if (false == this.Force && this.DataObject.IsModified(ADRecipientSchema.AuditLogAgeLimit))
{
EnhancedTimeSpan t;
if (this.DataObject.MailboxAuditLogAgeLimit == EnhancedTimeSpan.Zero)
{
TIdentity identity2 = this.Identity;
if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitZero(identity2.ToString())))
{
TaskLogger.LogExit();
return;
}
}
else if (this.DataObject.TryGetOriginalValue<EnhancedTimeSpan>(ADRecipientSchema.AuditLogAgeLimit, out t))
{
EnhancedTimeSpan mailboxAuditLogAgeLimit = this.DataObject.MailboxAuditLogAgeLimit;
if (t > mailboxAuditLogAgeLimit)
{
TIdentity identity3 = this.Identity;
if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitSmaller(identity3.ToString(), mailboxAuditLogAgeLimit.ToString())))
{
TaskLogger.LogExit();
return;
}
}
}
}
bool flag2 = false;
bool flag3 = false;
MapiMessageStoreSession mapiMessageStoreSession = null;
try
{
if (this.needChangeMailboxSubtype)
{
if (this.originalRecipientTypeDetails == RecipientTypeDetails.UserMailbox)
{
MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag2 = true;
flag3 = true;
}
else if (this.targetRecipientTypeDetails == RecipientTypeDetails.UserMailbox)
{
MailboxTaskHelper.ClearExternalAssociatedAccountPermission(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag = true;
flag3 = true;
}
}
else if (this.DataObject.IsChanged(ADRecipientSchema.MasterAccountSid))
{
MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag2 = true;
flag3 = true;
}
base.InternalProcessRecord();
if (flag3)
{
PermissionTaskHelper.SaveMailboxSecurityDescriptor(this.DataObject, SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(this.DataObject.ExchangeSecurityDescriptor), (IRecipientSession)base.DataSession, ref mapiMessageStoreSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError));
}
}
finally
{
if (mapiMessageStoreSession != null)
{
mapiMessageStoreSession.Dispose();
}
}
if (flag2)
{
base.WriteVerbose(Strings.VerboseSaveADSecurityDescriptor(this.DataObject.Id.ToString()));
this.DataObject.SaveSecurityDescriptor(((SecurityDescriptor)this.DataObject[ADObjectSchema.NTSecurityDescriptor]).ToRawSecurityDescriptor());
}
bool flag4 = base.Fields.IsModified(ADUserSchema.SharingPolicy);
if (this.RemoveManagedFolderAndPolicy || flag || flag4)
{
ADSessionSettings sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopes(base.RootOrgContainerId, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, false);
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(base.DomainController, true, ConsistencyMode.IgnoreInvalid, sessionSettings, 4021, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs");
if (!tenantOrRootOrgRecipientSession.IsReadConnectionAvailable())
{
tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 4030, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs");
}
MailboxSession mailboxSession = this.OpenMailboxSession(tenantOrRootOrgRecipientSession, this.DataObject);
if (mailboxSession == null)
{
base.WriteError(new RecipientTaskException(Strings.LogonFailure), ExchangeErrorCategory.ServerOperation, null);
return;
}
using (mailboxSession)
{
if (this.RemoveManagedFolderAndPolicy && !ElcMailboxHelper.RemoveElcInMailbox(mailboxSession))
{
this.WriteWarning(Strings.WarningNonemptyManagedFolderNotDeleted);
}
if (flag)
{
using (CalendarConfigurationDataProvider calendarConfigurationDataProvider = new CalendarConfigurationDataProvider(mailboxSession))
{
CalendarConfiguration calendarConfiguration = (CalendarConfiguration)calendarConfigurationDataProvider.Read<CalendarConfiguration>(null);
calendarConfiguration.AutomateProcessing = CalendarProcessingFlags.None;
try
{
calendarConfigurationDataProvider.Save(calendarConfiguration);
}
catch (LocalizedException exception)
{
base.WriteError(exception, ExchangeErrorCategory.ServerOperation, null);
}
}
}
if (flag4)
{
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedId);
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedHash);
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedTime);
mailboxSession.Mailbox.Save();
}
}
}
if (base.IsSetRandomPassword)
{
MailboxTaskHelper.SetMailboxPassword((IRecipientSession)base.DataSession, this.DataObject, null, new Task.ErrorLoggerDelegate(base.WriteError));
}
TaskLogger.LogExit();
}
private void ApplyPermissionToOwners(List <ADUser> ownersToAdd, List <ADUser> ownersToRemove)
{
this.AddVerboseLog("Start: ApplyPermissionToOwners");
Exception ex = null;
try
{
ADUser aduser = this.groupMailbox;
RawSecurityDescriptor exchangeSecurityDescriptor = aduser.ExchangeSecurityDescriptor;
ActiveDirectorySecurity activeDirectorySecurity = SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(exchangeSecurityDescriptor);
bool flag = false;
if (ownersToAdd != null)
{
foreach (ADUser aduser2 in ownersToAdd)
{
SecurityIdentifier userSid = this.GetUserSid(aduser2);
if (userSid != null)
{
this.AddOwnerPermission(aduser2.PrimarySmtpAddress.ToString(), activeDirectorySecurity, userSid);
flag = true;
}
else
{
this.ReportResolveUserSidError(aduser2);
}
}
}
if (ownersToRemove != null)
{
foreach (ADUser aduser3 in ownersToRemove)
{
SecurityIdentifier userSid2 = this.GetUserSid(aduser3);
if (userSid2 != null)
{
this.RemoveOwnerPermission(aduser3.PrimarySmtpAddress.ToString(), activeDirectorySecurity, userSid2);
flag = true;
}
else
{
this.ReportResolveUserSidError(aduser3);
}
}
}
if (flag)
{
aduser.ExchangeSecurityDescriptor = new RawSecurityDescriptor(activeDirectorySecurity.GetSecurityDescriptorBinaryForm(), 0);
}
}
catch (OverflowException ex2)
{
ex = ex2;
}
catch (COMException ex3)
{
ex = ex3;
}
catch (UnauthorizedAccessException ex4)
{
ex = ex4;
}
catch (TransientException ex5)
{
ex = ex5;
}
catch (DataSourceOperationException ex6)
{
ex = ex6;
}
if (ex != null)
{
this.errorHandler(new GroupMailboxFailedToSetPermissionException(Strings.ErrorSetGroupMailboxUserPermissions(this.groupMailbox.ExchangeGuid, ex.Message)), ExchangeErrorCategory.ServerTransient, null);
}
this.AddVerboseLog("End: ApplyPermissionToOwners");
}
