public static NspiPrincipal FromUserSid(SecurityIdentifier sid, string userDomain)
{
NspiPrincipal principal = null;
if (!string.IsNullOrEmpty(userDomain))
{
MiniRecipient miniRecipient = NspiPrincipal.FindMiniRecipientBySid(ADSessionSettings.RootOrgOrSingleTenantFromAcceptedDomainAutoDetect(userDomain), sid);
if (miniRecipient != null)
{
principal = new NspiPrincipal(miniRecipient);
}
}
else if (Configuration.IsDatacenter)
{
ExTraceGlobals.NspiTracer.TraceWarning <SecurityIdentifier>(0L, "We have to do a fan out query for user {0} because of legacy client.", sid);
DirectoryHelper.DoAdCallAndTranslateExceptions(delegate
{
MiniRecipient miniRecipientFromUserId = PartitionDataAggregator.GetMiniRecipientFromUserId(sid);
if (miniRecipientFromUserId != null)
{
principal = new NspiPrincipal(miniRecipientFromUserId);
}
}, "ADAccountPartitionLocator::GetAllAccountPartitionIds");
}
else
{
principal = NspiPrincipal.FromUserSid(ADSessionSettings.FromRootOrgScopeSet(), sid);
}
return(principal ?? new NspiPrincipal(sid));
}
internal static ADRawEntry FindUserEntry(SecurityIdentifier userSid, WindowsIdentity windowsIdentity, SerializedIdentity serializedIdentity, PartitionId partitionId)
{
ADRawEntry result;
using (new MonitoredScope("FindUserEntry", "FindUserEntry", AuthZLogHelper.AuthZPerfMonitors))
{
ADSessionSettings sessionSettings;
if (partitionId != null)
{
sessionSettings = ADSessionSettings.FromAllTenantsPartitionId(partitionId);
}
else
{
sessionSettings = ADSessionSettings.FromRootOrgScopeSet();
}
IRecipientSession tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 817, "FindUserEntry", "f:\\15.00.1497\\sources\\dev\\Configuration\\src\\ObjectModel\\rbac\\ExchangeAuthorizationPlugin.cs");
ADRawEntry adrawEntry = tenantOrRootOrgRecipientSession.FindMiniRecipientBySid <MiniRecipient>(userSid, ExchangeRunspaceConfiguration.userPropertyArray);
if (adrawEntry == null && VariantConfiguration.InvariantNoFlightingSnapshot.CmdletInfra.ServiceAccountForest.Enabled)
{
adrawEntry = PartitionDataAggregator.GetMiniRecipientFromUserId(userSid, ExchangeRunspaceConfiguration.userPropertyArray, ConsistencyMode.IgnoreInvalid);
}
if (adrawEntry == null)
{
ExTraceGlobals.AccessDeniedTracer.TraceWarning <SecurityIdentifier, string>(0L, "EAP.FindUserEntry user {0} could not be found in AD, partitionId: {1}", userSid, (partitionId == null) ? "null" : partitionId.ToString());
adrawEntry = ExchangeRunspaceConfiguration.TryFindComputer(userSid);
}
if (adrawEntry == null && (windowsIdentity != null || serializedIdentity != null))
{
ExTraceGlobals.AccessDeniedTracer.TraceWarning <SecurityIdentifier>(0L, "EAP.FindUserEntry computer {0} could not be found in AD", userSid);
IIdentity identity = (windowsIdentity != null) ? windowsIdentity : serializedIdentity;
ICollection <SecurityIdentifier> groupAccountsSIDs = identity.GetGroupAccountsSIDs();
tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(ConsistencyMode.IgnoreInvalid, ADSessionSettings.FromRootOrgScopeSet(), 850, "FindUserEntry", "f:\\15.00.1497\\sources\\dev\\Configuration\\src\\ObjectModel\\rbac\\ExchangeAuthorizationPlugin.cs");
List <ADObjectId> list = null;
if (ExchangeRunspaceConfiguration.TryFindLinkedRoleGroupsBySidList(tenantOrRootOrgRecipientSession, groupAccountsSIDs, identity.Name, out list))
{
adrawEntry = new ADUser
{
RemotePowerShellEnabled = true
};
}
}
result = adrawEntry;
}
return(result);
}