private void CreateRoleAssignment(ExchangeRole role, ADRecipient recipient, RoleAssignmentDelegationType delegationType)
{
if (this.adSplitPermissionMode && delegationType == RoleAssignmentDelegationType.Regular && InstallCannedRbacRoleAssignments.invalidRoleTypesInADSplitPermissionMode.Contains(role.RoleType))
{
base.WriteVerbose(Strings.VerboseSkipCreatingRoleAssignment(recipient.Id.ToString(), role.Id.ToString(), delegationType.ToString()));
return;
}
RoleAssigneeType roleAssigneeType = ExchangeRoleAssignment.RoleAssigneeTypeFromADRecipient(recipient);
RoleHelper.CreateRoleAssignment(role, recipient.Id, recipient.OrganizationId, roleAssigneeType, recipient.OriginatingServer, delegationType, base.CurrentOrganizationId, base.ExecutingUserOrganizationId, this.configurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
private void PrepareRolesAndRoleAssignments()
{
RoleAssigneeType assigneeType = RoleAssigneeType.RoleAssignmentPolicy;
if (base.Fields.IsChanged("Roles") && this.Roles != null)
{
this.roles = new MultiValuedProperty <ExchangeRole>();
this.roleAssignments = new List <ExchangeRoleAssignment>();
this.PrepareRoles();
this.PrepareRoleAssignments(assigneeType);
}
}
private void PrepareRoleAssignments(RoleAssigneeType assigneeType)
{
foreach (ExchangeRole role in this.roles)
{
bool flag = false;
ExchangeRoleAssignment exchangeRoleAssignment = new ExchangeRoleAssignment();
RoleHelper.PrepareNewRoleAssignmentWithUniqueNameAndDefaultScopes(null, exchangeRoleAssignment, role, this.DataObject.Id, this.DataObject.OrganizationId, assigneeType, RoleAssignmentDelegationType.Regular, this.ConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
RoleHelper.AnalyzeAndStampCustomizedWriteScopes(this, exchangeRoleAssignment, role, this.ConfigurationSession, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ManagementScope>), ref flag, ref this.ou, ref this.customRecipientScope, ref this.customConfigScope);
if (!flag && base.ExchangeRunspaceConfig != null)
{
RoleHelper.HierarchicalCheckForRoleAssignmentCreation(this, exchangeRoleAssignment, this.customRecipientScope, this.customConfigScope, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
this.roleAssignments.Add(exchangeRoleAssignment);
}
}
protected override IConfigurable PrepareDataObject()
{
TaskLogger.LogEnter();
ADGroup result = (ADGroup)base.PrepareDataObject();
if (!this.PartnerManaged.IsPresent)
{
SharedConfigurationTaskHelper.VerifyIsNotTinyTenant(base.CurrentOrgState, new Task.ErrorLoggerDelegate(base.WriteError));
}
RoleAssigneeType roleAssigneeType = RoleAssigneeType.RoleGroup;
if ("crossforest" == base.ParameterSetName)
{
roleAssigneeType = RoleAssigneeType.LinkedRoleGroup;
}
if (base.Fields.IsChanged("Roles") && this.Roles != null)
{
this.roles = new MultiValuedProperty <ExchangeRole>();
this.roleAssignments = new List <ExchangeRoleAssignment>();
foreach (RoleIdParameter roleIdParameter in this.Roles)
{
ExchangeRole item = (ExchangeRole)base.GetDataObject <ExchangeRole>(roleIdParameter, this.ConfigurationSession, null, new LocalizedString?(Strings.ErrorRoleNotFound(roleIdParameter.ToString())), new LocalizedString?(Strings.ErrorRoleNotUnique(roleIdParameter.ToString())));
this.roles.Add(item);
}
this.ConfigurationSession.SessionSettings.IsSharedConfigChecked = true;
foreach (ExchangeRole role in this.roles)
{
bool flag = false;
ExchangeRoleAssignment exchangeRoleAssignment = new ExchangeRoleAssignment();
RoleHelper.PrepareNewRoleAssignmentWithUniqueNameAndDefaultScopes(null, exchangeRoleAssignment, role, this.DataObject.Id, this.DataObject.OrganizationId, roleAssigneeType, RoleAssignmentDelegationType.Regular, this.ConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
RoleHelper.AnalyzeAndStampCustomizedWriteScopes(this, exchangeRoleAssignment, role, this.ConfigurationSession, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ManagementScope>), ref flag, ref this.ou, ref this.customRecipientScope, ref this.customConfigScope);
if (!flag && base.ExchangeRunspaceConfig != null)
{
RoleHelper.HierarchicalCheckForRoleAssignmentCreation(this, exchangeRoleAssignment, this.customRecipientScope, this.customConfigScope, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
this.roleAssignments.Add(exchangeRoleAssignment);
}
}
TaskLogger.LogExit();
return(result);
}
private bool TryUpdateRoleAssigneeTypeAndScope(ExchangeRoleAssignment assignment)
{
RoleAssigneeType roleAssigneeType = RoleAssigneeType.User;
ADRawEntry adrawEntry = this.recipientSession.ReadADRawEntry(assignment.User, InstallCannedRbacRoleAssignments.principalProperties);
if (adrawEntry == null)
{
adrawEntry = this.configurationSession.ReadADRawEntry(assignment.User, InstallCannedRbacRoleAssignments.principalProperties);
if (adrawEntry == null)
{
return(false);
}
}
MultiValuedProperty <string> multiValuedProperty = (MultiValuedProperty <string>)adrawEntry[ADObjectSchema.ObjectClass];
foreach (string value in multiValuedProperty)
{
if ("group".Equals(value, StringComparison.OrdinalIgnoreCase))
{
roleAssigneeType = RoleAssigneeType.SecurityGroup;
break;
}
if ("msExchRBACPolicy".Equals(value, StringComparison.OrdinalIgnoreCase))
{
roleAssigneeType = RoleAssigneeType.RoleAssignmentPolicy;
break;
}
if ("user".Equals(value, StringComparison.OrdinalIgnoreCase))
{
if (RecipientTypeDetails.MailboxPlan == (RecipientTypeDetails)adrawEntry[ADRecipientSchema.RecipientTypeDetails])
{
roleAssigneeType = RoleAssigneeType.MailboxPlan;
break;
}
roleAssigneeType = RoleAssigneeType.User;
break;
}
}
ConfigWriteScopeType configWriteScopeType = assignment.ConfigWriteScope;
ScopeType scopeType = assignment.ConfigReadScope;
if (configWriteScopeType == ConfigWriteScopeType.None)
{
ExchangeRole exchangeRole = this.configurationSession.Read <ExchangeRole>(assignment.Role);
if (exchangeRole != null)
{
base.LogReadObject(exchangeRole);
ValidationError[] array = exchangeRole.Validate();
if (array.Length > 0)
{
this.WriteWarning(Strings.WarningCannotUpgradeRole(exchangeRole.Identity.ToString(), array[0].Description));
return(false);
}
scopeType = exchangeRole.ImplicitConfigReadScope;
configWriteScopeType = (ConfigWriteScopeType)exchangeRole.ImplicitConfigWriteScope;
}
}
if (assignment.RoleAssigneeType != roleAssigneeType || assignment.ConfigWriteScope != configWriteScopeType || assignment.ConfigReadScope != scopeType)
{
assignment.RoleAssigneeType = roleAssigneeType;
assignment.ConfigReadScope = scopeType;
assignment.ConfigWriteScope = configWriteScopeType;
}
return(true);
}
