private void GrantPermissionToLinkedUser(ADUser user)
{
if (this.IsAccountDisabled(user))
{
return;
}
user.UserAccountControl = (UserAccountControlFlags.AccountDisabled | UserAccountControlFlags.NormalAccount);
MailboxTaskHelper.GrantPermissionToLinkedUserAccount(user, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
if (base.IsVerboseOn)
{
base.WriteVerbose(Strings.VerboseSaveADSecurityDescriptor(user.Id.ToString()));
}
user.SaveSecurityDescriptor(((SecurityDescriptor)user[ADObjectSchema.NTSecurityDescriptor]).ToRawSecurityDescriptor());
}
private static RawSecurityDescriptor UpdateMailboxSecurityDescriptor(SecurityIdentifier userSid, ADUser userToConnect, MapiAdministrationSession mapiAdministrationSession, MailboxDatabase database, Guid deletedMailboxGuid, string parameterSetName, Task.TaskVerboseLoggingDelegate verboseLogger)
{
RawSecurityDescriptor rawSecurityDescriptor = null;
try
{
rawSecurityDescriptor = mapiAdministrationSession.GetMailboxSecurityDescriptor(new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectToDatabaseId(database), deletedMailboxGuid));
}
catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException)
{
rawSecurityDescriptor = new RawSecurityDescriptor(ControlFlags.DiscretionaryAclDefaulted | ControlFlags.SystemAclDefaulted | ControlFlags.SelfRelative, WindowsIdentity.GetCurrent().User, WindowsIdentity.GetCurrent().User, null, null);
DiscretionaryAcl discretionaryAcl = new DiscretionaryAcl(true, true, 0);
byte[] binaryForm = new byte[discretionaryAcl.BinaryLength];
discretionaryAcl.GetBinaryForm(binaryForm, 0);
rawSecurityDescriptor.DiscretionaryAcl = new RawAcl(binaryForm, 0);
}
bool flag = false;
foreach (GenericAce genericAce in rawSecurityDescriptor.DiscretionaryAcl)
{
KnownAce knownAce = (KnownAce)genericAce;
if (knownAce.SecurityIdentifier.IsWellKnown(WellKnownSidType.SelfSid))
{
flag = true;
break;
}
}
if (!flag)
{
CommonAce ace = new CommonAce(AceFlags.ContainerInherit, AceQualifier.AccessAllowed, 131073, new SecurityIdentifier(WellKnownSidType.SelfSid, null), false, null);
rawSecurityDescriptor.DiscretionaryAcl.InsertAce(0, ace);
}
rawSecurityDescriptor.SetFlags(rawSecurityDescriptor.ControlFlags | ControlFlags.SelfRelative);
if ("Linked" == parameterSetName || "Shared" == parameterSetName || "Room" == parameterSetName || "Equipment" == parameterSetName)
{
RawSecurityDescriptor sd = userToConnect.ReadSecurityDescriptor();
MailboxTaskHelper.GrantPermissionToLinkedUserAccount(userToConnect.MasterAccountSid, ref rawSecurityDescriptor, ref sd);
verboseLogger(Strings.VerboseSaveADSecurityDescriptor(userToConnect.Id.ToString()));
userToConnect.SaveSecurityDescriptor(sd);
}
mapiAdministrationSession.Administration.PurgeCachedMailboxObject(deletedMailboxGuid);
return(rawSecurityDescriptor);
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter(new object[]
{
this.DataObject
});
bool flag = false;
if (false == this.Force && this.Arbitration)
{
TIdentity identity = this.Identity;
if (!base.ShouldContinue(Strings.SetArbitrationMailboxConfirmationMessage(identity.ToString())))
{
TaskLogger.LogExit();
return;
}
}
if (false == this.Force && this.originalForwardingAddress == null && this.DataObject.ForwardingAddress != null && this.DataObject.ForwardingSmtpAddress != null)
{
LocalizedString message = (this.originalForwardingSmtpAddress != null) ? Strings.SetMailboxForwardingAddressConfirmationMessage : Strings.SetBothForwardingAddressConfirmationMessage;
if (!base.ShouldContinue(message))
{
TaskLogger.LogExit();
return;
}
}
if (this.DataObject.IsModified(MailboxSchema.ForwardingSmtpAddress) && this.DataObject.ForwardingSmtpAddress != null && this.DataObject.ForwardingAddress != null && !base.Fields.IsModified(MailboxSchema.ForwardingAddress))
{
this.WriteWarning(Strings.ContactAdminForForwardingWarning);
}
if (false == this.Force && this.DataObject.IsModified(ADRecipientSchema.AuditLogAgeLimit))
{
EnhancedTimeSpan t;
if (this.DataObject.MailboxAuditLogAgeLimit == EnhancedTimeSpan.Zero)
{
TIdentity identity2 = this.Identity;
if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitZero(identity2.ToString())))
{
TaskLogger.LogExit();
return;
}
}
else if (this.DataObject.TryGetOriginalValue<EnhancedTimeSpan>(ADRecipientSchema.AuditLogAgeLimit, out t))
{
EnhancedTimeSpan mailboxAuditLogAgeLimit = this.DataObject.MailboxAuditLogAgeLimit;
if (t > mailboxAuditLogAgeLimit)
{
TIdentity identity3 = this.Identity;
if (!base.ShouldContinue(Strings.ConfirmationMessageSetMailboxAuditLogAgeLimitSmaller(identity3.ToString(), mailboxAuditLogAgeLimit.ToString())))
{
TaskLogger.LogExit();
return;
}
}
}
}
bool flag2 = false;
bool flag3 = false;
MapiMessageStoreSession mapiMessageStoreSession = null;
try
{
if (this.needChangeMailboxSubtype)
{
if (this.originalRecipientTypeDetails == RecipientTypeDetails.UserMailbox)
{
MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag2 = true;
flag3 = true;
}
else if (this.targetRecipientTypeDetails == RecipientTypeDetails.UserMailbox)
{
MailboxTaskHelper.ClearExternalAssociatedAccountPermission(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag = true;
flag3 = true;
}
}
else if (this.DataObject.IsChanged(ADRecipientSchema.MasterAccountSid))
{
MailboxTaskHelper.GrantPermissionToLinkedUserAccount(this.DataObject, PermissionTaskHelper.GetReadOnlySession(null), new Task.ErrorLoggerDelegate(base.WriteError), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose));
flag2 = true;
flag3 = true;
}
base.InternalProcessRecord();
if (flag3)
{
PermissionTaskHelper.SaveMailboxSecurityDescriptor(this.DataObject, SecurityDescriptorConverter.ConvertToActiveDirectorySecurity(this.DataObject.ExchangeSecurityDescriptor), (IRecipientSession)base.DataSession, ref mapiMessageStoreSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.ErrorLoggerDelegate(base.WriteError));
}
}
finally
{
if (mapiMessageStoreSession != null)
{
mapiMessageStoreSession.Dispose();
}
}
if (flag2)
{
base.WriteVerbose(Strings.VerboseSaveADSecurityDescriptor(this.DataObject.Id.ToString()));
this.DataObject.SaveSecurityDescriptor(((SecurityDescriptor)this.DataObject[ADObjectSchema.NTSecurityDescriptor]).ToRawSecurityDescriptor());
}
bool flag4 = base.Fields.IsModified(ADUserSchema.SharingPolicy);
if (this.RemoveManagedFolderAndPolicy || flag || flag4)
{
ADSessionSettings sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopes(base.RootOrgContainerId, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, false);
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(base.DomainController, true, ConsistencyMode.IgnoreInvalid, sessionSettings, 4021, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs");
if (!tenantOrRootOrgRecipientSession.IsReadConnectionAvailable())
{
tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 4030, "InternalProcessRecord", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\RecipientTasks\\mailbox\\SetMailbox.cs");
}
MailboxSession mailboxSession = this.OpenMailboxSession(tenantOrRootOrgRecipientSession, this.DataObject);
if (mailboxSession == null)
{
base.WriteError(new RecipientTaskException(Strings.LogonFailure), ExchangeErrorCategory.ServerOperation, null);
return;
}
using (mailboxSession)
{
if (this.RemoveManagedFolderAndPolicy && !ElcMailboxHelper.RemoveElcInMailbox(mailboxSession))
{
this.WriteWarning(Strings.WarningNonemptyManagedFolderNotDeleted);
}
if (flag)
{
using (CalendarConfigurationDataProvider calendarConfigurationDataProvider = new CalendarConfigurationDataProvider(mailboxSession))
{
CalendarConfiguration calendarConfiguration = (CalendarConfiguration)calendarConfigurationDataProvider.Read<CalendarConfiguration>(null);
calendarConfiguration.AutomateProcessing = CalendarProcessingFlags.None;
try
{
calendarConfigurationDataProvider.Save(calendarConfiguration);
}
catch (LocalizedException exception)
{
base.WriteError(exception, ExchangeErrorCategory.ServerOperation, null);
}
}
}
if (flag4)
{
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedId);
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedHash);
mailboxSession.Mailbox.Delete(MailboxSchema.LastSharingPolicyAppliedTime);
mailboxSession.Mailbox.Save();
}
}
}
if (base.IsSetRandomPassword)
{
MailboxTaskHelper.SetMailboxPassword((IRecipientSession)base.DataSession, this.DataObject, null, new Task.ErrorLoggerDelegate(base.WriteError));
}
TaskLogger.LogExit();
}
