public static ActiveDirectorySecurity ReadMailboxSecurityDescriptor(ADUser mailbox, IConfigurationSession adSession, Task.TaskVerboseLoggingDelegate logVerbose, Task.ErrorLoggerDelegate logError) { TaskLogger.LogEnter(); RawSecurityDescriptor exchangeSecurityDescriptor = mailbox.ExchangeSecurityDescriptor; RawSecurityDescriptor rawSecurityDescriptor; if (mailbox.RecipientType == RecipientType.SystemAttendantMailbox) { rawSecurityDescriptor = exchangeSecurityDescriptor; } else { RawSecurityDescriptor rawSecurityDescriptor2 = adSession.ReadSecurityDescriptor(mailbox.Database); if (rawSecurityDescriptor2 == null) { logError(new TaskInvalidOperationException(Strings.ErrorReadDatabaseSecurityDescriptor(mailbox.Database.ToString())), ExchangeErrorCategory.ServerOperation, null); return(null); } rawSecurityDescriptor = MailboxSecurity.CreateMailboxSecurityDescriptor(SecurityDescriptor.FromRawSecurityDescriptor(rawSecurityDescriptor2), SecurityDescriptor.FromRawSecurityDescriptor(exchangeSecurityDescriptor)).ToRawSecurityDescriptor(); if (rawSecurityDescriptor == null) { logError(new TaskInvalidOperationException(Strings.ErrorReadMailboxSecurityDescriptor(mailbox.DistinguishedName)), ExchangeErrorCategory.ServerOperation, mailbox.Identity); return(null); } } ActiveDirectorySecurity result = SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(rawSecurityDescriptor); TaskLogger.LogExit(); return(result); }
public static ActiveDirectorySecurity ReadAdSecurityDescriptor(ADRawEntry entry, IDirectorySession session, Task.TaskErrorLoggingDelegate logError, out RawSecurityDescriptor rawSd) { TaskLogger.LogEnter(); rawSd = session.ReadSecurityDescriptor(entry.Id); if (rawSd == null) { if (logError != null) { logError(new SecurityDescriptorAccessDeniedException(entry.Id.DistinguishedName), ErrorCategory.ReadError, null); } return(null); } ActiveDirectorySecurity result = SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(rawSd); TaskLogger.LogExit(); return(result); }
public void SetTeamMailboxUserPermissions(IList <ADObjectId> usersToAdd, IList <ADObjectId> usersToRemove, SecurityIdentifier[] additionalSids, bool save = true) { ADUser aduser = (ADUser)this.TeamMailbox.DataObject; RawSecurityDescriptor exchangeSecurityDescriptor = aduser.ExchangeSecurityDescriptor; ActiveDirectorySecurity activeDirectorySecurity = SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(exchangeSecurityDescriptor); if (usersToAdd != null) { foreach (ADObjectId userId in usersToAdd) { SecurityIdentifier userSid = this.GetUserSid(userId); if (userSid != null) { activeDirectorySecurity.AddAccessRule(new ActiveDirectoryAccessRule(userSid, ActiveDirectoryRights.CreateChild, AccessControlType.Allow, Guid.Empty, ActiveDirectorySecurityInheritance.All, Guid.Empty)); } } } if (usersToRemove != null) { foreach (ADObjectId userId2 in usersToRemove) { SecurityIdentifier userSid2 = this.GetUserSid(userId2); if (userSid2 != null) { activeDirectorySecurity.RemoveAccessRule(new ActiveDirectoryAccessRule(userSid2, ActiveDirectoryRights.CreateChild, AccessControlType.Allow, Guid.Empty, ActiveDirectorySecurityInheritance.All, Guid.Empty)); } } } if (additionalSids != null) { foreach (SecurityIdentifier identity in additionalSids) { activeDirectorySecurity.AddAccessRule(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.CreateChild, AccessControlType.Allow, Guid.Empty, ActiveDirectorySecurityInheritance.All, Guid.Empty)); } } aduser.ExchangeSecurityDescriptor = new RawSecurityDescriptor(activeDirectorySecurity.GetSecurityDescriptorBinaryForm(), 0); if (save) { this.DataSession.Save(aduser); } }
private bool ActiveDirectoryMembershipUpdate() { ArgumentValidator.ThrowIfNull("groupObject", this.groupObject); Exception ex = null; try { ActiveDirectorySecurity activeDirectorySecurity = SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(this.groupObject.ExchangeSecurityDescriptor); activeDirectorySecurity.RemoveAccessRule(GroupMailboxPermissionHandler.MailboxRightsFullAccessRule); this.groupObject.ExchangeSecurityDescriptor = SecurityDescriptorConverter.ConvertToRawSecurityDescriptor(activeDirectorySecurity); } catch (OverflowException ex2) { ex = ex2; } catch (COMException ex3) { ex = ex3; } catch (UnauthorizedAccessException ex4) { ex = ex4; } catch (TransientException ex5) { ex = ex5; } catch (DataSourceOperationException ex6) { ex = ex6; } if (ex != null) { GroupMailboxMembershipUpdater.Tracer.TraceError <string>((long)this.GetHashCode(), "ActiveDirectoryMembershipUpdate: Exception {0}", ex.Message); return(false); } GroupMailboxMembershipUpdater.Tracer.TraceDebug <string>((long)this.GetHashCode(), "ActiveDirectoryMembershipUpdate: Updated active directory successfully for the group mailbox {0}", this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()); this.recipientSession.Save(this.groupObject); return(true); }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(new object[] { this.DataObject }); bool flag = false; if (false == this.Force && this.Arbitration) { TIdentity identity = this.Identity; if (!base.ShouldContinue(Strings.SetArbitrationMailboxConfirmationMessage(identity.ToString()))) { TaskLogger.LogExit(); return; } } if (false == this.Force && this.originalForwardingAddress == null && this.DataObject.ForwardingAddress != null && this.DataObject.ForwardingSmtpAddress != null) { LocalizedString message = (this.originalForwardingSmtpAddress != null) ? Strings.SetMailboxForwardingAddressConfirmationMessage : Strings.SetBothForwardingAddressConfirmationMessage; if (!base.ShouldContinue(message)) { TaskLogger.LogExit(); return; } } if (this.DataObject.IsModified(MailboxSchema.ForwardingSmtpAddress) && this.DataObject.ForwardingSmtpAddress != null && this.DataObject.ForwardingAddress != null && !base.Fields.IsModified(MailboxSchema.ForwardingAddress)) { this.WriteWarning(Strings.ContactAdminForForwardingWarning); } if (false == this.Force && this.DataObject.IsModified(ADRecipientSchema.AuditLogAgeLimit)) { EnhancedTimeSpan t; if (this.DataObject.MailboxAuditLogAgeLimit == EnhancedTimeSpan.Zero) { TIdentity identity2 = this.Identity; if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitZero(identity2.ToString()))) { TaskLogger.LogExit(); return; } } else if (this.DataObject.TryGetOriginalValue<EnhancedTimeSpan>(ADRecipientSchema.AuditLogAgeLimit, out t)) { EnhancedTimeSpan mailboxAuditLogAgeLimit = this.DataObject.MailboxAuditLogAgeLimit; if (t > mailboxAuditLogAgeLimit) { TIdentity identity3 = this.Identity; if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitSmaller(identity3.ToString(), mailboxAuditLogAgeLimit.ToString()))) { TaskLogger.LogExit(); return; } } } } bool flag2 = false; bool flag3 = false; MapiMessageStoreSession mapiMessageStoreSession = null; try { if (this.needChangeMailboxSubtype) { if (this.originalRecipientTypeDetails == RecipientTypeDetails.UserMailbox) { MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose)); flag2 = true; flag3 = true; } else if (this.targetRecipientTypeDetails == RecipientTypeDetails.UserMailbox) { MailboxTaskHelper.ClearExternalAssociatedAccountPermission(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose)); flag = true; flag3 = true; } } else if (this.DataObject.IsChanged(ADRecipientSchema.MasterAccountSid)) { MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose)); flag2 = true; flag3 = true; } base.InternalProcessRecord(); if (flag3) { PermissionTaskHelper.SaveMailboxSecurityDescriptor(this.DataObject, SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(this.DataObject.ExchangeSecurityDescriptor), (IRecipientSession)base.DataSession, ref mapiMessageStoreSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError)); } } finally { if (mapiMessageStoreSession != null) { mapiMessageStoreSession.Dispose(); } } if (flag2) { base.WriteVerbose(Strings.VerboseSaveADSecurityDescriptor(this.DataObject.Id.ToString())); this.DataObject.SaveSecurityDescriptor(((SecurityDescriptor)this.DataObject[ADObjectSchema.NTSecurityDescriptor]).ToRawSecurityDescriptor()); } bool flag4 = base.Fields.IsModified(ADUserSchema.SharingPolicy); if (this.RemoveManagedFolderAndPolicy || flag || flag4) { ADSessionSettings sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopes(base.RootOrgContainerId, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, false); IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(base.DomainController, true, ConsistencyMode.IgnoreInvalid, sessionSettings, 4021, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs"); if (!tenantOrRootOrgRecipientSession.IsReadConnectionAvailable()) { tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 4030, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs"); } MailboxSession mailboxSession = this.OpenMailboxSession(tenantOrRootOrgRecipientSession, this.DataObject); if (mailboxSession == null) { base.WriteError(new RecipientTaskException(Strings.LogonFailure), ExchangeErrorCategory.ServerOperation, null); return; } using (mailboxSession) { if (this.RemoveManagedFolderAndPolicy && !ElcMailboxHelper.RemoveElcInMailbox(mailboxSession)) { this.WriteWarning(Strings.WarningNonemptyManagedFolderNotDeleted); } if (flag) { using (CalendarConfigurationDataProvider calendarConfigurationDataProvider = new CalendarConfigurationDataProvider(mailboxSession)) { CalendarConfiguration calendarConfiguration = (CalendarConfiguration)calendarConfigurationDataProvider.Read<CalendarConfiguration>(null); calendarConfiguration.AutomateProcessing = CalendarProcessingFlags.None; try { calendarConfigurationDataProvider.Save(calendarConfiguration); } catch (LocalizedException exception) { base.WriteError(exception, ExchangeErrorCategory.ServerOperation, null); } } } if (flag4) { mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedId); mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedHash); mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedTime); mailboxSession.Mailbox.Save(); } } } if (base.IsSetRandomPassword) { MailboxTaskHelper.SetMailboxPassword((IRecipientSession)base.DataSession, this.DataObject, null, new Task.ErrorLoggerDelegate(base.WriteError)); } TaskLogger.LogExit(); }
private void ApplyPermissionToOwners(List <ADUser> ownersToAdd, List <ADUser> ownersToRemove) { this.AddVerboseLog("Start: ApplyPermissionToOwners"); Exception ex = null; try { ADUser aduser = this.groupMailbox; RawSecurityDescriptor exchangeSecurityDescriptor = aduser.ExchangeSecurityDescriptor; ActiveDirectorySecurity activeDirectorySecurity = SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(exchangeSecurityDescriptor); bool flag = false; if (ownersToAdd != null) { foreach (ADUser aduser2 in ownersToAdd) { SecurityIdentifier userSid = this.GetUserSid(aduser2); if (userSid != null) { this.AddOwnerPermission(aduser2.PrimarySmtpAddress.ToString(), activeDirectorySecurity, userSid); flag = true; } else { this.ReportResolveUserSidError(aduser2); } } } if (ownersToRemove != null) { foreach (ADUser aduser3 in ownersToRemove) { SecurityIdentifier userSid2 = this.GetUserSid(aduser3); if (userSid2 != null) { this.RemoveOwnerPermission(aduser3.PrimarySmtpAddress.ToString(), activeDirectorySecurity, userSid2); flag = true; } else { this.ReportResolveUserSidError(aduser3); } } } if (flag) { aduser.ExchangeSecurityDescriptor = new RawSecurityDescriptor(activeDirectorySecurity.GetSecurityDescriptorBinaryForm(), 0); } } catch (OverflowException ex2) { ex = ex2; } catch (COMException ex3) { ex = ex3; } catch (UnauthorizedAccessException ex4) { ex = ex4; } catch (TransientException ex5) { ex = ex5; } catch (DataSourceOperationException ex6) { ex = ex6; } if (ex != null) { this.errorHandler(new GroupMailboxFailedToSetPermissionException(Strings.ErrorSetGroupMailboxUserPermissions(this.groupMailbox.ExchangeGuid, ex.Message)), ExchangeErrorCategory.ServerTransient, null); } this.AddVerboseLog("End: ApplyPermissionToOwners"); }