protected override IConfigDataProvider CreateSession()
        {
            OrganizationId organizationId = this.ResolveCurrentOrganization();
            ADUser         tenantArbitrationMailbox;

            try
            {
                tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(organizationId);
            }
            catch (ObjectNotFoundException innerException)
            {
                TaskLogger.Trace("ObjectNotFoundException occurred when getting Exchange principal from the arbitration mailbox.", new object[0]);
                throw new AuditLogSearchArbitrationMailboxNotFoundException(organizationId.ToString(), innerException);
            }
            catch (NonUniqueRecipientException innerException2)
            {
                TaskLogger.Trace("More than one tenant arbitration mailbox found for the current organization.", new object[0]);
                throw new AuditLogSearchNonUniqueArbitrationMailboxFoundException(organizationId.ToString(), innerException2);
            }
            ExchangePrincipal principal       = ExchangePrincipal.FromADUser(ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(organizationId), tenantArbitrationMailbox, RemotingOptions.AllowCrossSite);
            ADSessionSettings sessionSettings = base.CurrentOrganizationId.ToADSessionSettings();

            this.recipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(true, ConsistencyMode.FullyConsistent, sessionSettings, 310, "CreateSession", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\AuditLogSearch\\NewAuditLogSearch.cs");
            return(this.InternalCreateSearchDataProvider(principal, organizationId));
        }
Пример #2
0
 protected override void InternalProcessRecord()
 {
     if (this.DataObject.IsChanged(AdminAuditLogConfigSchema.AdminAuditLogAgeLimit) && !this.Force)
     {
         EnhancedTimeSpan t;
         if (this.DataObject.AdminAuditLogAgeLimit == EnhancedTimeSpan.Zero)
         {
             if (!base.ShouldContinue(Strings.ConfirmationMessageAdminAuditLogAgeLimitZero(base.CurrentOrgContainerId.ToString())))
             {
                 return;
             }
         }
         else if (this.DataObject.TryGetOriginalValue <EnhancedTimeSpan>(AdminAuditLogConfigSchema.AdminAuditLogAgeLimit, out t))
         {
             EnhancedTimeSpan adminAuditLogAgeLimit = this.DataObject.AdminAuditLogAgeLimit;
             if (t > adminAuditLogAgeLimit && !base.ShouldContinue(Strings.ConfirmationMessageAdminAuditLogAgeLimitSmaller(base.CurrentOrgContainerId.ToString(), adminAuditLogAgeLimit.ToString())))
             {
                 return;
             }
         }
     }
     if (this.IsObjectStateChanged())
     {
         this.WriteWarning(Strings.WarningSetAdminAuditLogConfigDelay(SetAdminAuditLogConfig.AuditConfigSettingsDelayTime.TotalMinutes));
     }
     if (AdminAuditLogHelper.ShouldIssueWarning(base.CurrentOrganizationId))
     {
         this.WriteWarning(Strings.WarningSetAdminAuditLogOnPreE15(base.CurrentOrganizationId.ToString()));
     }
     base.InternalProcessRecord();
     ProvisioningLayer.RefreshProvisioningBroker(this);
 }
Пример #3
0
        private AdminAuditLogEvent[] SearchInFFO()
        {
            IConfigurationSession configurationSession = AdminAuditLogHelper.CreateSession(this.searchCriteria.OrganizationId, null);
            QueryFilter           filter = this.GenerateSearchQueryFilterForFFO();

            if (this.searchStatistics != null)
            {
                this.searchStatistics.QueryComplexity = this.searchCriteria.QueryComplexity;
            }
            AdminAuditLogEvent[] array = configurationSession.Find <AdminAuditLogEventFacade>(filter, null, false, null).Cast <AdminAuditLogEventFacade>().Select(delegate(AdminAuditLogEventFacade e)
            {
                AdminAuditLogEvent adminAuditLogEvent = new AdminAuditLogEvent
                {
                    ObjectModified             = e.ObjectModified,
                    ModifiedObjectResolvedName = e.ModifiedObjectResolvedName,
                    CmdletName         = e.CmdletName,
                    CmdletParameters   = e.CmdletParameters,
                    ModifiedProperties = e.ModifiedProperties,
                    Caller             = e.Caller,
                    Succeeded          = e.Succeeded,
                    Error             = e.Error,
                    RunDate           = e.RunDate,
                    OriginatingServer = e.OriginatingServer
                };
                adminAuditLogEvent[SimpleProviderObjectSchema.Identity] = new AdminAuditLogEventId(e.Identity);
                return(adminAuditLogEvent);
            }).ToArray <AdminAuditLogEvent>();
            this.RedactCallerField(array);
            if (array != null && this.searchStatistics != null)
            {
                this.searchStatistics.ResultsReturned += array.LongLength;
                this.searchStatistics.CallResult       = true;
            }
            return(array);
        }
 protected override IConfigurable PrepareDataObject()
 {
     base.PrepareDataObject();
     if (this.Cmdlets != null)
     {
         this.DataObject.Cmdlets = this.Cmdlets;
     }
     if (this.Parameters != null)
     {
         this.DataObject.Parameters = this.Parameters;
     }
     if (this.ObjectIds != null)
     {
         this.DataObject.ObjectIds = this.ObjectIds;
     }
     if (this.UserIds != null)
     {
         this.DataObject.UserIdsUserInput = this.UserIds;
     }
     this.DataObject.Succeeded              = null;
     this.DataObject.StartIndex             = 0;
     this.DataObject.ResultSize             = 50000;
     this.DataObject.RedactDatacenterAdmins = !AdminAuditExternalAccessDeterminer.IsExternalAccess(base.SessionSettings.ExecutingUserIdentityName, base.SessionSettings.ExecutingUserOrganizationId, base.SessionSettings.CurrentOrganizationId);
     AdminAuditLogHelper.SetResolveUsers(this.DataObject, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ADRecipient>), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskWarningLoggingDelegate(this.WriteWarning));
     this.DataObject.Validate(new Task.TaskErrorLoggingDelegate(base.WriteError));
     return(this.DataObject);
 }
Пример #5
0
        public static bool ShouldIssueWarning(OrganizationId organizationId)
        {
            ADUser                   aduser;
            ExchangePrincipal        exchangePrincipal;
            Exception                ex;
            ArbitrationMailboxStatus arbitrationMailboxStatus = AdminAuditLogHelper.CheckArbitrationMailboxStatus(organizationId, out aduser, out exchangePrincipal, out ex);

            return(arbitrationMailboxStatus != ArbitrationMailboxStatus.E15 && arbitrationMailboxStatus != ArbitrationMailboxStatus.FFO);
        }
 protected override void InternalProcessRecord()
 {
     if (AdminAuditLogHelper.ShouldIssueWarning(base.CurrentOrganizationId))
     {
         this.WriteWarning(Strings.WarningNewAdminAuditLogSearchOnPreE15(base.CurrentOrganizationId.ToString()));
         return;
     }
     base.InternalProcessRecord();
 }
Пример #7
0
        public static StoreObjectId GetOrCreateAdminAuditLogsFolderId(ADUser adUser)
        {
            ExchangePrincipal exchangePrincipal = ExchangePrincipal.FromADUser(adUser.OrganizationId.ToADSessionSettings(), adUser, RemotingOptions.AllowCrossSite);
            StoreObjectId     orCreateAdminAuditLogsFolderId;

            using (MailboxSession mailboxSession = AdminAuditLogHelper.GetMailboxSession(exchangePrincipal, "Client=Management;Action=GetOrCreateAdminAuditLogsFolderId"))
            {
                orCreateAdminAuditLogsFolderId = AdminAuditLogHelper.GetOrCreateAdminAuditLogsFolderId(mailboxSession);
            }
            return(orCreateAdminAuditLogsFolderId);
        }
Пример #8
0
 public static ArbitrationMailboxStatus CheckArbitrationMailboxStatus(OrganizationId organizationId, out ADUser user, out ExchangePrincipal principal, out Exception exception)
 {
     user      = null;
     principal = null;
     exception = null;
     try
     {
         if (DatacenterRegistry.IsForefrontForOffice())
         {
             return(ArbitrationMailboxStatus.FFO);
         }
         user      = AdminAuditLogHelper.GetTenantArbitrationMailbox(organizationId);
         principal = ExchangePrincipal.FromADUser(ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(organizationId), user, RemotingOptions.AllowCrossSite);
         AdminAuditLogHelper.Tracer.TraceDebug <int>(0L, "AdminAuditLogHelper: Tenant arbitration mailbox server version is {0}", principal.MailboxInfo.Location.ServerVersion);
         if (principal.MailboxInfo.Location.ServerVersion < Server.E14SP1MinVersion)
         {
             return(ArbitrationMailboxStatus.R4);
         }
         if (principal.MailboxInfo.Location.ServerVersion < Server.E15MinVersion)
         {
             return(ArbitrationMailboxStatus.R5);
         }
         return(ArbitrationMailboxStatus.E15);
     }
     catch (ObjectNotFoundException ex)
     {
         exception = ex;
         AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, ObjectNotFoundException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex);
     }
     catch (MailboxInfoStaleException ex2)
     {
         exception = ex2;
         AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, MailboxInfoStaleException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex2);
     }
     catch (SuitabilityDirectoryException ex3)
     {
         exception = ex3;
         AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, SuitabilityDirectoryException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex3);
     }
     catch (DatabaseLocationUnavailableException ex4)
     {
         exception = ex4;
         AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, DatabaseLocationUnavailableException>(0L, "AdminAuditLogHelper: unable to determine the arbitration mailbox version for org {0}, exception {1}", organizationId, ex4);
     }
     return(ArbitrationMailboxStatus.UnableToKnow);
 }
Пример #9
0
        public static AdminAuditLogConfig GetAdminAuditLogConfig(IConfigurationSession configSession)
        {
            OrganizationId currentOrganizationId = configSession.SessionSettings.CurrentOrganizationId;

            AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId>(0L, "AdminAuditLogHelper: Will retrieve config objects from AD for OrganizationId: {0}", currentOrganizationId);
            SharedConfiguration   sharedConfiguration  = SharedConfiguration.GetSharedConfiguration(currentOrganizationId);
            IConfigurationSession configurationSession = configSession;

            if (sharedConfiguration != null)
            {
                configurationSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(configSession.ConsistencyMode, sharedConfiguration.GetSharedConfigurationSessionSettings(), 160, "GetAdminAuditLogConfig", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\AdminAuditLog\\AdminAuditLogHelper.cs");
            }
            configurationSession.SessionSettings.IsSharedConfigChecked = true;
            bool includeCNFObject = configurationSession.SessionSettings.IncludeCNFObject;

            AdminAuditLogConfig[] array;
            try
            {
                configurationSession.SessionSettings.IncludeCNFObject = false;
                array = configurationSession.Find <AdminAuditLogConfig>(null, QueryScope.SubTree, null, null, 2);
            }
            finally
            {
                configurationSession.SessionSettings.IncludeCNFObject = includeCNFObject;
            }
            if (array.Length == 0)
            {
                AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId>(0L, "AdminAuditLogHelper: No AdminAuditLogConfig was found in org {0}.", currentOrganizationId);
                AdminAuditLogHelper.WriteNoAdminAuditLogWarningAsNeed(configSession);
                return(null);
            }
            if (array.Length > 1)
            {
                AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId>(0L, "AdminAuditLogHelper: More than one AdminAuditLogConfig was found in org {0}.", currentOrganizationId);
                ExManagementApplicationLogger.LogEvent(currentOrganizationId, ManagementEventLogConstants.Tuple_MultipleAdminAuditLogConfig, new string[]
                {
                    currentOrganizationId.ToString()
                });
                throw new MultipleAdminAuditLogConfigException(currentOrganizationId.ToString());
            }
            AdminAuditLogHelper.Tracer.TraceDebug <OrganizationId, bool>(0L, "AdminAuditLogHelper: One AdminAuditLogConfig was found in org {0}. Logging enabled is {1}.", currentOrganizationId, array[0].AdminAuditLogEnabled);
            return(array[0]);
        }
Пример #10
0
        protected override IConfigDataProvider CreateSession()
        {
            OrganizationId organizationId = this.ResolveOrganizationId();
            ADUser         tenantArbitrationMailbox;

            try
            {
                tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(organizationId);
            }
            catch (ObjectNotFoundException innerException)
            {
                TaskLogger.Trace("ObjectNotFoundException occurred when getting Exchange principal from the discovery mailbox user.", new object[0]);
                throw new AdminAuditLogSearchException(Strings.AuditLogSearchArbitrationMailboxNotFound(organizationId.ToString()), innerException);
            }
            catch (NonUniqueRecipientException innerException2)
            {
                TaskLogger.Trace("More than one tenant arbitration mailbox found for the current organization.", new object[0]);
                throw new AdminAuditLogSearchException(Strings.AuditLogSearchNonUniqueArbitrationMailbox(organizationId.ToString()), innerException2);
            }
            ExchangePrincipal primaryMailbox = ExchangePrincipal.FromADUser(ADSessionSettings.FromOrganizationIdWithoutRbacScopesServiceOnly(organizationId), tenantArbitrationMailbox, RemotingOptions.AllowCrossSite);

            return(new AuditLogSearchEwsDataProvider(primaryMailbox));
        }
Пример #11
0
 public static MailboxSession GetMailboxSession(ExchangePrincipal exchangePrincipal, string clientInfo)
 {
     return(AdminAuditLogHelper.RetryOnStorageTransientException <MailboxSession>(() => MailboxSession.OpenAsSystemService(exchangePrincipal, CultureInfo.InvariantCulture, clientInfo)));
 }
Пример #12
0
        public static StoreObjectId GetOrCreateAdminAuditLogsFolderId(OrganizationId orgId)
        {
            ADUser tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(orgId);

            return(AdminAuditLogHelper.GetOrCreateAdminAuditLogsFolderId(tenantArbitrationMailbox));
        }
Пример #13
0
        public AdminAuditLogEvent[] Search()
        {
            TaskLogger.LogEnter();
            TaskLogger.Trace("Search criteria:\\r\\n{0}", new object[]
            {
                this.searchCriteria.ToString()
            });
            if (DatacenterRegistry.IsForefrontForOffice())
            {
                return(this.SearchInFFO());
            }
            ADUser tenantArbitrationMailbox;

            try
            {
                tenantArbitrationMailbox = AdminAuditLogHelper.GetTenantArbitrationMailbox(this.searchCriteria.OrganizationId);
            }
            catch (ObjectNotFoundException innerException)
            {
                TaskLogger.Trace("ObjectNotFoundException occurred when getting Exchange principal from the discovery mailbox user.", new object[0]);
                throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException);
            }
            catch (NonUniqueRecipientException innerException2)
            {
                TaskLogger.Trace("More than one tenant arbitration mailbox found for the current organization.", new object[0]);
                throw new AdminAuditLogSearchException(Strings.AdminAuditLogsLocationNotFound(this.searchCriteria.OrganizationId.ToString()), innerException2);
            }
            Exception         ex        = null;
            ExchangePrincipal principal = ExchangePrincipal.FromADUser(this.searchCriteria.OrganizationId.ToADSessionSettings(), tenantArbitrationMailbox, RemotingOptions.AllowCrossSite);

            AdminAuditLogEvent[] result;
            try
            {
                TaskLogger.Trace("Opening EWS connection for the tenant arbitration mailbox", new object[0]);
                EwsAuditClient ewsAuditClient = new EwsAuditClient(new EwsConnectionManager(principal, OpenAsAdminOrSystemServiceBudgetTypeType.Default, AdminAuditLogSearchWorker.Tracer), TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), AdminAuditLogSearchWorker.Tracer);
                FolderIdType   folderIdType   = null;
                ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.root, DistinguishedFolderIdNameType.recoverableitemsroot, out folderIdType);
                ewsAuditClient.CheckAndCreateWellKnownFolder(DistinguishedFolderIdNameType.recoverableitemsroot, DistinguishedFolderIdNameType.adminauditlogs, out folderIdType);
                if (folderIdType == null)
                {
                    result = Array <AdminAuditLogEvent> .Empty;
                }
                else
                {
                    EwsAuditLogCollection            logCollection    = new EwsAuditLogCollection(ewsAuditClient, folderIdType);
                    AuditLogSearchId                 auditLogSearchId = this.searchCriteria.Identity as AuditLogSearchId;
                    IEnumerable <AdminAuditLogEvent> source;
                    if (this.UseFASTQuery())
                    {
                        QueryStringType queryFilter = this.GenerateFASTSearchQueryString();
                        source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, QueryStringType>(logCollection, queryFilter, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer);
                    }
                    else
                    {
                        RestrictionType queryFilter2 = this.GenerateSearchQueryFilterForEWS();
                        source = AuditLogSearchQuery.SearchAuditLogs <AdminAuditLogEvent, RestrictionType>(logCollection, queryFilter2, this.searchCriteria.ResultSize + this.searchCriteria.StartIndex, TimeSpan.FromSeconds((double)this.searchTimeoutSeconds), new AdminAuditLogSearchWorker.QueryStrategy(this.searchCriteria), AdminAuditLogSearchWorker.Tracer);
                    }
                    if (this.searchStatistics != null)
                    {
                        this.searchStatistics.QueryComplexity = this.searchCriteria.QueryComplexity;
                        this.searchStatistics.CorrelationID   = ((auditLogSearchId != null) ? auditLogSearchId.Guid.ToString() : string.Empty);
                    }
                    AdminAuditLogEvent[] array = source.Take(this.searchCriteria.ResultSize).ToArray <AdminAuditLogEvent>();
                    this.RedactCallerField(array);
                    if (this.searchStatistics != null)
                    {
                        this.searchStatistics.ResultsReturned += array.LongLength;
                        this.searchStatistics.CallResult       = true;
                    }
                    result = array;
                }
            }
            catch (StorageTransientException ex2)
            {
                ex = ex2;
                TaskLogger.Trace("Search admin audit log failed with transient storage exception. {0}", new object[]
                {
                    ex2
                });
                throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex2, this.searchCriteria);
            }
            catch (StoragePermanentException ex3)
            {
                ex = ex3;
                TaskLogger.Trace("Search admin audit log failed with permanent storage exception. {0}", new object[]
                {
                    ex3
                });
                throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex3, this.searchCriteria);
            }
            catch (AuditLogException ex4)
            {
                ex = ex4;
                TaskLogger.Trace("Search admin audit log failed with storage exception. {0}", new object[]
                {
                    ex4
                });
                throw new AdminAuditLogSearchException(Strings.AdminAuditLogSearchFailed, ex4, this.searchCriteria);
            }
            finally
            {
                if (this.searchStatistics != null && ex != null)
                {
                    this.searchStatistics.ErrorType = ex;
                    this.searchStatistics.ErrorCount++;
                }
                TaskLogger.LogExit();
            }
            return(result);
        }
Пример #14
0
 protected override void WriteResult <T>(IEnumerable <T> dataObjects)
 {
     try
     {
         TaskLogger.LogEnter(new object[]
         {
             dataObjects
         });
         DiagnosticContext.Reset();
         using (AuditLogOpticsLogData auditLogOpticsLogData = new AuditLogOpticsLogData())
         {
             auditLogOpticsLogData.IsAsynchronous      = false;
             auditLogOpticsLogData.CallResult          = false;
             auditLogOpticsLogData.SearchStartDateTime = this.searchObject.StartDateUtc;
             auditLogOpticsLogData.SearchEndDateTime   = this.searchObject.EndDateUtc;
             try
             {
                 if (AdminAuditLogHelper.ShouldIssueWarning(base.CurrentOrganizationId))
                 {
                     DiagnosticContext.TraceLocation((LID)42684U);
                     this.WriteWarning(Strings.WarningSearchAdminAuditLogOnPreE15(base.CurrentOrganizationId.ToString()));
                 }
                 else
                 {
                     if (dataObjects != null)
                     {
                         using (IEnumerator <AdminAuditLogConfig> enumerator = (IEnumerator <AdminAuditLogConfig>)dataObjects.GetEnumerator())
                         {
                             this.GetAuditConfigObject(enumerator);
                             auditLogOpticsLogData.SearchType     = "Admin";
                             auditLogOpticsLogData.OrganizationId = this.searchObject.OrganizationId;
                             auditLogOpticsLogData.ShowDetails    = true;
                             auditLogOpticsLogData.MailboxCount   = 1;
                             AdminAuditLogSearchWorker adminAuditLogSearchWorker = new AdminAuditLogSearchWorker(600, this.searchObject, auditLogOpticsLogData);
                             base.WriteVerbose(Strings.VerboseStartAuditLogSearch);
                             AdminAuditLogEvent[] array = adminAuditLogSearchWorker.Search();
                             base.WriteVerbose(Strings.VerboseSearchCompleted((array != null) ? array.Length : 0));
                             foreach (AdminAuditLogEvent dataObject in array)
                             {
                                 this.WriteResult(dataObject);
                             }
                             auditLogOpticsLogData.CallResult = true;
                             goto IL_181;
                         }
                     }
                     DiagnosticContext.TraceLocation((LID)59068U);
                     Exception ex = new AdminAuditLogSearchException(Strings.ErrorAdminAuditLogConfig(base.CurrentOrganizationId.ToString()));
                     auditLogOpticsLogData.ErrorType = ex;
                     auditLogOpticsLogData.ErrorCount++;
                     base.WriteError(ex, ErrorCategory.ObjectNotFound, null);
                     IL_181 :;
                 }
             }
             catch (ArgumentException ex2)
             {
                 DiagnosticContext.TraceLocation((LID)34492U);
                 auditLogOpticsLogData.ErrorType = ex2;
                 auditLogOpticsLogData.ErrorCount++;
                 base.WriteError(ex2, ErrorCategory.InvalidArgument, null);
             }
             catch (AdminAuditLogSearchException ex3)
             {
                 DiagnosticContext.TraceLocation((LID)50876U);
                 auditLogOpticsLogData.ErrorType = ex3;
                 auditLogOpticsLogData.ErrorCount++;
                 base.WriteError(ex3, ErrorCategory.NotSpecified, null);
             }
         }
     }
     finally
     {
         TaskLogger.LogExit();
     }
 }
Пример #15
0
        protected override void InternalValidate()
        {
            if (this.StartDate == null && this.EndDate == null)
            {
                this.EndDate   = new ExDateTime?(ExDateTime.Now);
                this.StartDate = new ExDateTime?(this.EndDate.Value.AddDays(-15.0));
            }
            if (this.StartDate != null && this.EndDate == null)
            {
                this.EndDate = new ExDateTime?(this.StartDate.Value.AddDays(15.0));
            }
            if (this.StartDate == null && this.EndDate != null)
            {
                this.StartDate = new ExDateTime?(this.EndDate.Value.AddDays(-15.0));
            }
            if (this.StartDate.Value > this.EndDate.Value)
            {
                base.WriteError(new ArgumentException(Strings.AdminAuditLogSearchStartDateIsLaterThanEndDate(this.StartDate.Value.ToString(), this.EndDate.Value.ToString())), ErrorCategory.InvalidArgument, null);
            }
            if (base.Fields["ResultSize"] == null)
            {
                this.ResultSize = 1000;
            }
            int num = 250000;

            if (base.Fields["StartIndex"] == null)
            {
                this.StartIndex = 0;
            }
            if (this.StartIndex < 0 || this.StartIndex > num)
            {
                base.WriteError(new ArgumentOutOfRangeException("StartIndex", this.StartIndex, Strings.AdminAuditLogSearchOutOfRangeStartIndex(num)), ErrorCategory.InvalidArgument, null);
            }
            this.searchObject = new AdminAuditLogSearch
            {
                OrganizationId         = base.CurrentOrganizationId,
                Cmdlets                = this.Cmdlets,
                Parameters             = this.Parameters,
                ObjectIds              = this.ObjectIds,
                UserIdsUserInput       = this.UserIds,
                Succeeded              = this.IsSuccess,
                StartIndex             = this.StartIndex,
                ExternalAccess         = this.ExternalAccess,
                ResultSize             = this.ResultSize,
                RedactDatacenterAdmins = !AdminAuditExternalAccessDeterminer.IsExternalAccess(base.SessionSettings.ExecutingUserIdentityName, base.SessionSettings.ExecutingUserOrganizationId, base.SessionSettings.CurrentOrganizationId)
            };
            if (!this.StartDate.Value.HasTimeZone)
            {
                ExDateTime exDateTime = ExDateTime.Create(ExTimeZone.CurrentTimeZone, this.StartDate.Value.UniversalTime)[0];
                this.searchObject.StartDateUtc = new DateTime?(exDateTime.UniversalTime);
            }
            else
            {
                this.searchObject.StartDateUtc = new DateTime?(this.StartDate.Value.UniversalTime);
            }
            if (!this.EndDate.Value.HasTimeZone)
            {
                ExDateTime exDateTime2 = ExDateTime.Create(ExTimeZone.CurrentTimeZone, this.EndDate.Value.UniversalTime)[0];
                this.searchObject.EndDateUtc = new DateTime?(exDateTime2.UniversalTime);
            }
            else
            {
                this.searchObject.EndDateUtc = new DateTime?(this.EndDate.Value.UniversalTime);
            }
            AdminAuditLogHelper.SetResolveUsers(this.searchObject, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ADRecipient>), new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskWarningLoggingDelegate(this.WriteWarning));
            this.searchObject.Validate(new Task.TaskErrorLoggingDelegate(base.WriteError));
            base.InternalValidate();
        }