public void HandleGroupDeletedEvent(ExSearchResultEntry entry) { if (EhfAdminAccountSynchronizer.IsEventForDeletedOrganization(entry, base.DiagSession)) { throw new InvalidOperationException("Change entry " + entry.DistinguishedName + " is for a deleted organization. The entry should have been ignored from PreDecorate."); } EhfAdminSyncChangeBuilder adminBuilderForChange = this.GetAdminBuilderForChange(entry); base.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "Encountered a DELETE rolegroup event. ObjectGuid: <{0}>; Company: <{1}>", new object[] { entry.GetObjectGuid(), adminBuilderForChange.TenantOU }); if (adminBuilderForChange != null) { adminBuilderForChange.HandleGroupDeletedEvent(entry); } if (!EhfWellKnownGroup.IsWellKnownPartnerGroupDN(entry.DistinguishedName)) { return; } Guid externalDirectoryObjectId; if (EhfCompanyAdmins.TryGetExternalDirectoryObjectId(entry, base.DiagSession, out externalDirectoryObjectId)) { this.AddGroupToDeleteGroupsBatch(externalDirectoryObjectId); return; } base.DiagSession.LogAndTraceError("Could not find the ExternalDirectoryObjectId for well known partner group {0}", new object[] { entry.DistinguishedName }); }
public string[] GetWlidsOfGroupMembers(int maxAdmins, EdgeSyncDiag diagSession) { List <string> list = new List <string>(this.groupMembers.Count); foreach (MailboxAdminSyncUser mailboxAdminSyncUser in this.groupMembers.Values) { if (!string.IsNullOrEmpty(mailboxAdminSyncUser.WindowsLiveId)) { if (!EhfWellKnownGroup.ValidateWindowsLiveId(mailboxAdminSyncUser)) { diagSession.LogAndTraceError("WLID <{0}> for user <{1}>:<{2}> is not valid. The admin will be ignored from group <{3}>.", new object[] { mailboxAdminSyncUser.WindowsLiveId, mailboxAdminSyncUser.DistinguishedName, mailboxAdminSyncUser.UserGuid, this.wellknownGroupName }); } else { list.Add(mailboxAdminSyncUser.WindowsLiveId); } if (list.Count == maxAdmins) { diagSession.LogAndTraceError("The group <{0}> has more than the maximum allowed number ({1}) of members. Only the first <{1}> will be taken.", new object[] { this.wellknownGroupName, maxAdmins }); break; } } } return(list.ToArray()); }
private HashSet <Guid> GetNewState(EhfWellKnownGroup wellKnownGroup, HashSet <Guid> existingAdmins, bool updateState) { if (wellKnownGroup == null || !updateState) { return(null); } HashSet <Guid> hashSet = new HashSet <Guid>(); this.AddToAdminSet <MailboxAdminSyncUser>(wellKnownGroup.GroupMembers, hashSet); this.AddToAdminSet <PartnerGroupAdminSyncUser>(wellKnownGroup.LinkedRoleGroups, hashSet); this.AddToAdminSet <AdminSyncUser>(wellKnownGroup.SubGroups, hashSet); if (existingAdmins != null && existingAdmins.Count == hashSet.Count && existingAdmins.IsSubsetOf(hashSet)) { this.ehfTargetConnection.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Low, "The admin-state for group <{0}> is up to date in PerimeterConfig. No need to overwrite the state.", new object[] { wellKnownGroup.WellKnownGroupName }); return(null); } EhfSyncAppConfig ehfSyncAppConfig = this.ehfTargetConnection.Config.EhfSyncAppConfig; if (hashSet.Count >= ehfSyncAppConfig.EhfAdminSyncMaxTargetAdminStateSize) { this.ehfTargetConnection.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Low, "Number of members (<{0}>) of group <{1}> is greater than or equal to the maximum number <{2}> we store in AD. An Empty Guid will be stored in the state indicating that the max limit has reached.", new object[] { hashSet.Count, wellKnownGroup.WellKnownGroupName, ehfSyncAppConfig.EhfAdminSyncMaxTargetAdminStateSize }); hashSet.Clear(); hashSet.Add(EhfCompanyAdmins.SyncStateFullGuid); } return(hashSet); }
public void AddGroupMembershipChange(ExSearchResultEntry change) { if (this.IsFullTenantAdminSyncRequired()) { return; } if (EhfWellKnownGroup.IsOrganizationManagementGroup(change)) { this.updateOrgManagementGroup = true; } else if (EhfWellKnownGroup.IsViewOnlyOrganizationManagementGroup(change)) { this.updateViewOnlyOrgManagementGroup = true; } else if (EhfWellKnownGroup.IsAdminAgentGroup(change.DistinguishedName)) { this.updateAdminAgentGroup = true; } else if (EhfWellKnownGroup.IsHelpdeskAgentGroup(change.DistinguishedName)) { this.updateHelpdeskAgentGroup = true; } if (this.IsFullTenantAdminSyncRequired()) { this.ClearCachedChanges(); } else { this.groupChanges.Add(change); } this.SetFullTenantAdminSyncIfTooManyCachedChanges(); }
public static bool IsWellKnownPartnerGroupDN(string dn) { return(EhfWellKnownGroup.IsAdminAgentGroup(dn) || EhfWellKnownGroup.IsHelpdeskAgentGroup(dn)); }
public void ToString(StringBuilder sb) { EhfWellKnownGroup.AddAdminToList <MailboxAdminSyncUser>(this.groupMembers, sb, "Local Admins: "); EhfWellKnownGroup.AddAdminToList <PartnerGroupAdminSyncUser>(this.linkedRoleGroups, sb, "Partner Admins: "); }
private bool InvokeSyncGroupUsers(EhfCompanyIdentity companyIdentity, EhfWellKnownGroup partnerGroup, string tenantOU) { string syncPartnerAdminGroupOperation = EhfAdminAccountSynchronizer.SyncPartnerAdminGroupOperation; if (partnerGroup == null) { return(true); } base.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "Syncing partner admin group {0} for tenant {1}", new object[] { partnerGroup.ExternalDirectoryObjectId, tenantOU }); string[] members = partnerGroup.GetWlidsOfGroupMembers(2000, base.DiagSession); Dictionary <string, ErrorInfo> syncGroupUsersResponse = null; FaultException syncGroupsException = null; base.InvokeProvisioningService(syncPartnerAdminGroupOperation, delegate { syncGroupUsersResponse = this.ProvisioningService.SyncGroupUsers(companyIdentity.EhfCompanyId, partnerGroup.ExternalDirectoryObjectId, members, out syncGroupsException); }, 1); if (syncGroupsException != null) { FaultException <InvalidGroupFault> faultException = syncGroupsException as FaultException <InvalidGroupFault>; if (faultException != null) { if (faultException.Detail.Code == InvalidGroupCode.GroupDoesNotExist) { base.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Low, "SyncGroupUsers returned GroupDoesNotExist fault while trying to sync an empty group <{0}> in company <{1}>.", new object[] { partnerGroup.WellKnownGroupName, tenantOU }); } else if (faultException.Detail.Code == InvalidGroupCode.GroupBelongsToDifferentCompany || faultException.Detail.ErrorType == ErrorType.Transient) { this.HandleFaultAsTransientFailure <InvalidGroupFault>(companyIdentity, syncPartnerAdminGroupOperation, faultException.Detail.Code.ToString(), faultException, faultException.Detail.Code != InvalidGroupCode.GroupBelongsToDifferentCompany); } else { this.HandleFaultAsPermanentFailure <InvalidGroupFault>(syncPartnerAdminGroupOperation, faultException.Detail.Code.ToString(), faultException); } } else { this.HandleOperationLevelException(syncGroupsException, syncPartnerAdminGroupOperation, companyIdentity); } return(false); } if (syncGroupUsersResponse == null) { StringBuilder stringBuilder = new StringBuilder(); foreach (string value in members) { if (stringBuilder.Length != 0) { stringBuilder.Append(", "); } stringBuilder.Append(value); } base.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Low, "Successfully completed SyncGroupUsers operation for partnerGroup <{0} : {1}>. Details: <{2}>; Members={3}", new object[] { partnerGroup.WellKnownGroupName, tenantOU, partnerGroup, stringBuilder.ToString() }); } else { StringBuilder stringBuilder2 = new StringBuilder(); stringBuilder2.Append("SyncGroupUsers: "); int num = 0; int num2 = 0; bool hasCriticalError = false; EhfAdminAccountSynchronizer.ClassifyFailedResponse <string>(syncGroupUsersResponse, ref num, ref num2, ref hasCriticalError, stringBuilder2); string text = stringBuilder2.ToString(); this.HandleOperationFailureCounts(companyIdentity, syncPartnerAdminGroupOperation, (num > 0) ? 1 : 0, (num2 > 0) ? 1 : 0, text, hasCriticalError); this.LogAdminSyncOperationFailure(syncPartnerAdminGroupOperation, num, num2, text); } return(true); }
private EhfCompanyAdmins(EhfAdminSyncChangeBuilder builder, EhfTargetConnection targetConnection, string orgManagementGroupDN, string viewOnlyOrgManagementGroupDN, EhfADAdapter configADAdapter) { EhfWellKnownGroup ehfWellKnownGroup = null; EhfWellKnownGroup ehfWellKnownGroup2 = null; EhfWellKnownGroup ehfWellKnownGroup3 = null; EhfWellKnownGroup ehfWellKnownGroup4 = null; this.tenantOU = builder.TenantOU; this.ehfTargetConnection = targetConnection; if (builder.DeletedObjects.Count != 0) { this.CacheAdminSyncState(configADAdapter); } bool flag = builder.UpdateOrgManagementGroup || builder.HasDirectChangeForGroup(orgManagementGroupDN) || (this.ehfAdminSyncState != null && this.AdminGroupMemberDeleted(builder, this.ehfAdminSyncState.OrganizationManagmentMembers, orgManagementGroupDN)); bool flag2 = builder.UpdateViewOnlyOrgManagementGroup || builder.HasDirectChangeForGroup(viewOnlyOrgManagementGroupDN) || (this.ehfAdminSyncState != null && this.AdminGroupMemberDeleted(builder, this.ehfAdminSyncState.ViewOnlyOrganizationManagmentMembers, viewOnlyOrgManagementGroupDN)); bool flag3 = builder.UpdateAdminAgentGroup || (this.ehfAdminSyncState != null && this.AdminGroupMemberDeleted(builder, this.ehfAdminSyncState.AdminAgentMembers, EhfCompanyAdmins.AdminAgentGroupNamePrefix)); bool flag4 = builder.UpdateHelpdeskAgentGroup || (this.ehfAdminSyncState != null && this.AdminGroupMemberDeleted(builder, this.ehfAdminSyncState.HelpdeskAgentMembers, EhfCompanyAdmins.HelpdeskAgentGroupNamePrefix)); if ((flag || builder.GroupChanges.Count != 0 || builder.LiveIdChanges.Count != 0) && orgManagementGroupDN != null) { ehfWellKnownGroup = this.GetMembersOfGroupFromDN(orgManagementGroupDN, false, targetConnection.DiagSession); } if ((flag2 || builder.GroupChanges.Count != 0 || builder.LiveIdChanges.Count != 0) && viewOnlyOrgManagementGroupDN != null) { ehfWellKnownGroup2 = this.GetMembersOfGroupFromDN(viewOnlyOrgManagementGroupDN, false, targetConnection.DiagSession); } if (builder.GroupChanges.Count != 0 || builder.LiveIdChanges.Count != 0 || flag3 || flag4) { string text = null; string text2 = null; foreach (ExSearchResultEntry exSearchResultEntry in this.ehfTargetConnection.ADAdapter.PagedScan(this.tenantOU, EhfCompanyAdmins.PartnerAdminGroupFilter, new string[0])) { targetConnection.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "Found a Partner Admin group {0}", new object[] { exSearchResultEntry.DistinguishedName }); if (exSearchResultEntry.DistinguishedName.StartsWith(EhfWellKnownGroup.AdminAgentGroupDnPrefix)) { text = exSearchResultEntry.DistinguishedName; } else if (exSearchResultEntry.DistinguishedName.StartsWith(EhfWellKnownGroup.HelpdeskAgentGroupDnPrefix)) { text2 = exSearchResultEntry.DistinguishedName; } } targetConnection.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "AdminAgentPartnerGroup={0}; HelpDeskAgentPartnerGroup = {1}", new object[] { text ?? "<null>", text2 ?? "<null>" }); if (flag3 && text != null) { ehfWellKnownGroup3 = this.GetMembersOfGroupFromDN(text, true, targetConnection.DiagSession); } if (flag4 && text2 != null) { ehfWellKnownGroup4 = this.GetMembersOfGroupFromDN(text2, true, targetConnection.DiagSession); } } EdgeSyncDiag diagSession = builder.EhfTargetConnection.DiagSession; if (!flag && ehfWellKnownGroup != null && (EhfCompanyAdmins.RelevantChangePresent <AdminSyncUser>(builder.GroupChanges, ehfWellKnownGroup.SubGroups, diagSession) || EhfCompanyAdmins.RelevantChangePresent <MailboxAdminSyncUser>(builder.LiveIdChanges, ehfWellKnownGroup.GroupMembers, diagSession))) { flag = true; } if (!flag2 && ehfWellKnownGroup2 != null && (EhfCompanyAdmins.RelevantChangePresent <AdminSyncUser>(builder.GroupChanges, ehfWellKnownGroup2.SubGroups, diagSession) || EhfCompanyAdmins.RelevantChangePresent <MailboxAdminSyncUser>(builder.LiveIdChanges, ehfWellKnownGroup2.GroupMembers, diagSession))) { flag2 = true; } if (!flag3 && ehfWellKnownGroup3 != null && (EhfCompanyAdmins.RelevantChangePresent <AdminSyncUser>(builder.GroupChanges, ehfWellKnownGroup3.SubGroups, diagSession) || EhfCompanyAdmins.RelevantChangePresent <MailboxAdminSyncUser>(builder.LiveIdChanges, ehfWellKnownGroup3.GroupMembers, diagSession))) { flag3 = true; } if (!flag4 && ehfWellKnownGroup4 != null && (EhfCompanyAdmins.RelevantChangePresent <AdminSyncUser>(builder.GroupChanges, ehfWellKnownGroup4.SubGroups, diagSession) || EhfCompanyAdmins.RelevantChangePresent <MailboxAdminSyncUser>(builder.LiveIdChanges, ehfWellKnownGroup4.GroupMembers, diagSession))) { flag4 = true; } if (flag) { this.organizationManagement = ehfWellKnownGroup; } if (flag2) { this.viewOnlyOrganizationManagement = ehfWellKnownGroup2; } if (flag3) { this.adminAgent = ehfWellKnownGroup3; } if (flag4) { this.helpdeskAgent = ehfWellKnownGroup4; } if (this.IsSyncRequired) { this.CacheAdminSyncState(configADAdapter); } }
private EhfWellKnownGroup GetMembersOfGroupFromDN(string groupDistinguishedName, bool isPartnerAdminGroup, EdgeSyncDiag diagSession) { EhfWellKnownGroup ehfWellKnownGroup; if (isPartnerAdminGroup) { ExSearchResultEntry exSearchResultEntry = this.ehfTargetConnection.ADAdapter.ReadObjectEntry(groupDistinguishedName, false, EhfCompanyAdmins.AttributesToFetchFromMembers); if (exSearchResultEntry == null) { diagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Low, "Could not find wellknown partner admin group {0}", new object[] { groupDistinguishedName }); return(null); } if (!EhfCompanyAdmins.IsPartnerManagedGroup(exSearchResultEntry, diagSession)) { diagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "Found the partner group {0}, but it is no partner Managed", new object[] { groupDistinguishedName }); return(null); } Guid externalDirectoryObjectId; if (!EhfCompanyAdmins.TryGetExternalDirectoryObjectId(exSearchResultEntry, diagSession, out externalDirectoryObjectId)) { return(null); } ehfWellKnownGroup = new EhfWellKnownGroup(groupDistinguishedName, externalDirectoryObjectId); } else { ehfWellKnownGroup = new EhfWellKnownGroup(groupDistinguishedName); } Stack <string> stack = new Stack <string>(); stack.Push(groupDistinguishedName); while (stack.Count != 0) { string text = stack.Pop(); string query = string.Format("(memberOf={0})", text); diagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.High, "Expanding group {0}", new object[] { text }); IEnumerable <ExSearchResultEntry> enumerable = this.ehfTargetConnection.ADAdapter.PagedScan(this.tenantOU, query, EhfCompanyAdmins.AttributesToFetchFromMembers); int num = 0; foreach (ExSearchResultEntry exSearchResultEntry2 in enumerable) { num++; if (!exSearchResultEntry2.IsDeleted) { Guid objectGuid = exSearchResultEntry2.GetObjectGuid(); if (EhfCompanyAdmins.IsGroup(exSearchResultEntry2)) { Guid partnerGroupGuid; if (ehfWellKnownGroup.SubGroups.ContainsKey(objectGuid) || ehfWellKnownGroup.LinkedRoleGroups.ContainsKey(objectGuid)) { this.ehfTargetConnection.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "Group {0} is already processed. Ignoring it.", new object[] { exSearchResultEntry2.DistinguishedName }); } else if (EhfCompanyAdmins.IsPartnerManagedLinkedRoleGroup(exSearchResultEntry2, diagSession, out partnerGroupGuid)) { ehfWellKnownGroup.LinkedRoleGroups.Add(objectGuid, new PartnerGroupAdminSyncUser(exSearchResultEntry2.DistinguishedName, objectGuid, partnerGroupGuid)); } else { ehfWellKnownGroup.SubGroups.Add(objectGuid, new AdminSyncUser(exSearchResultEntry2.DistinguishedName, objectGuid)); stack.Push(exSearchResultEntry2.DistinguishedName); } } else { string text2 = string.Empty; if (exSearchResultEntry2.Attributes.ContainsKey("msExchWindowsLiveID") && exSearchResultEntry2.Attributes["msExchWindowsLiveID"].Count != 0) { text2 = (string)exSearchResultEntry2.Attributes["msExchWindowsLiveID"][0]; if (text2 != null) { text2 = text2.Trim(); } } else { diagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "WindowsLiveID is not set for {0}", new object[] { exSearchResultEntry2.DistinguishedName }); } if (!ehfWellKnownGroup.GroupMembers.ContainsKey(objectGuid)) { ehfWellKnownGroup.GroupMembers.Add(objectGuid, new MailboxAdminSyncUser(text2, objectGuid, exSearchResultEntry2.DistinguishedName)); } } } else { diagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "{0} is deleted, ignoring...", new object[] { exSearchResultEntry2.DistinguishedName }); } } diagSession.Tracer.TraceDebug <string, int>((long)this.GetHashCode(), "Expanded group {0}. Found {1} children", text, num); } return(ehfWellKnownGroup); }