public void HandleGroupDeletedEvent(ExSearchResultEntry entry)
{
if (EhfAdminAccountSynchronizer.IsEventForDeletedOrganization(entry, base.DiagSession))
{
throw new InvalidOperationException("Change entry " + entry.DistinguishedName + " is for a deleted organization. The entry should have been ignored from PreDecorate.");
}
EhfAdminSyncChangeBuilder adminBuilderForChange = this.GetAdminBuilderForChange(entry);
base.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "Encountered a DELETE rolegroup event. ObjectGuid: <{0}>; Company: <{1}>", new object[]
{
entry.GetObjectGuid(),
adminBuilderForChange.TenantOU
});
if (adminBuilderForChange != null)
{
adminBuilderForChange.HandleGroupDeletedEvent(entry);
}
if (!EhfWellKnownGroup.IsWellKnownPartnerGroupDN(entry.DistinguishedName))
{
return;
}
Guid externalDirectoryObjectId;
if (EhfCompanyAdmins.TryGetExternalDirectoryObjectId(entry, base.DiagSession, out externalDirectoryObjectId))
{
this.AddGroupToDeleteGroupsBatch(externalDirectoryObjectId);
return;
}
base.DiagSession.LogAndTraceError("Could not find the ExternalDirectoryObjectId for well known partner group {0}", new object[]
{
entry.DistinguishedName
});
}
public string[] GetWlidsOfGroupMembers(int maxAdmins, EdgeSyncDiag diagSession)
{
List <string> list = new List <string>(this.groupMembers.Count);
foreach (MailboxAdminSyncUser mailboxAdminSyncUser in this.groupMembers.Values)
{
if (!string.IsNullOrEmpty(mailboxAdminSyncUser.WindowsLiveId))
{
if (!EhfWellKnownGroup.ValidateWindowsLiveId(mailboxAdminSyncUser))
{
diagSession.LogAndTraceError("WLID <{0}> for user <{1}>:<{2}> is not valid. The admin will be ignored from group <{3}>.", new object[]
{
mailboxAdminSyncUser.WindowsLiveId,
mailboxAdminSyncUser.DistinguishedName,
mailboxAdminSyncUser.UserGuid,
this.wellknownGroupName
});
}
else
{
list.Add(mailboxAdminSyncUser.WindowsLiveId);
}
if (list.Count == maxAdmins)
{
diagSession.LogAndTraceError("The group <{0}> has more than the maximum allowed number ({1}) of members. Only the first <{1}> will be taken.", new object[]
{
this.wellknownGroupName,
maxAdmins
});
break;
}
}
}
return(list.ToArray());
}
private HashSet <Guid> GetNewState(EhfWellKnownGroup wellKnownGroup, HashSet <Guid> existingAdmins, bool updateState)
{
if (wellKnownGroup == null || !updateState)
{
return(null);
}
HashSet <Guid> hashSet = new HashSet <Guid>();
this.AddToAdminSet <MailboxAdminSyncUser>(wellKnownGroup.GroupMembers, hashSet);
this.AddToAdminSet <PartnerGroupAdminSyncUser>(wellKnownGroup.LinkedRoleGroups, hashSet);
this.AddToAdminSet <AdminSyncUser>(wellKnownGroup.SubGroups, hashSet);
if (existingAdmins != null && existingAdmins.Count == hashSet.Count && existingAdmins.IsSubsetOf(hashSet))
{
this.ehfTargetConnection.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Low, "The admin-state for group <{0}> is up to date in PerimeterConfig. No need to overwrite the state.", new object[]
{
wellKnownGroup.WellKnownGroupName
});
return(null);
}
EhfSyncAppConfig ehfSyncAppConfig = this.ehfTargetConnection.Config.EhfSyncAppConfig;
if (hashSet.Count >= ehfSyncAppConfig.EhfAdminSyncMaxTargetAdminStateSize)
{
this.ehfTargetConnection.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Low, "Number of members (<{0}>) of group <{1}> is greater than or equal to the maximum number <{2}> we store in AD. An Empty Guid will be stored in the state indicating that the max limit has reached.", new object[]
{
hashSet.Count,
wellKnownGroup.WellKnownGroupName,
ehfSyncAppConfig.EhfAdminSyncMaxTargetAdminStateSize
});
hashSet.Clear();
hashSet.Add(EhfCompanyAdmins.SyncStateFullGuid);
}
return(hashSet);
}
public void AddGroupMembershipChange(ExSearchResultEntry change)
{
if (this.IsFullTenantAdminSyncRequired())
{
return;
}
if (EhfWellKnownGroup.IsOrganizationManagementGroup(change))
{
this.updateOrgManagementGroup = true;
}
else if (EhfWellKnownGroup.IsViewOnlyOrganizationManagementGroup(change))
{
this.updateViewOnlyOrgManagementGroup = true;
}
else if (EhfWellKnownGroup.IsAdminAgentGroup(change.DistinguishedName))
{
this.updateAdminAgentGroup = true;
}
else if (EhfWellKnownGroup.IsHelpdeskAgentGroup(change.DistinguishedName))
{
this.updateHelpdeskAgentGroup = true;
}
if (this.IsFullTenantAdminSyncRequired())
{
this.ClearCachedChanges();
}
else
{
this.groupChanges.Add(change);
}
this.SetFullTenantAdminSyncIfTooManyCachedChanges();
}
public static bool IsWellKnownPartnerGroupDN(string dn)
{
return(EhfWellKnownGroup.IsAdminAgentGroup(dn) || EhfWellKnownGroup.IsHelpdeskAgentGroup(dn));
}
public void ToString(StringBuilder sb)
{
EhfWellKnownGroup.AddAdminToList <MailboxAdminSyncUser>(this.groupMembers, sb, "Local Admins: ");
EhfWellKnownGroup.AddAdminToList <PartnerGroupAdminSyncUser>(this.linkedRoleGroups, sb, "Partner Admins: ");
}
private bool InvokeSyncGroupUsers(EhfCompanyIdentity companyIdentity, EhfWellKnownGroup partnerGroup, string tenantOU)
{
string syncPartnerAdminGroupOperation = EhfAdminAccountSynchronizer.SyncPartnerAdminGroupOperation;
if (partnerGroup == null)
{
return(true);
}
base.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "Syncing partner admin group {0} for tenant {1}", new object[]
{
partnerGroup.ExternalDirectoryObjectId,
tenantOU
});
string[] members = partnerGroup.GetWlidsOfGroupMembers(2000, base.DiagSession);
Dictionary <string, ErrorInfo> syncGroupUsersResponse = null;
FaultException syncGroupsException = null;
base.InvokeProvisioningService(syncPartnerAdminGroupOperation, delegate
{
syncGroupUsersResponse = this.ProvisioningService.SyncGroupUsers(companyIdentity.EhfCompanyId, partnerGroup.ExternalDirectoryObjectId, members, out syncGroupsException);
}, 1);
if (syncGroupsException != null)
{
FaultException <InvalidGroupFault> faultException = syncGroupsException as FaultException <InvalidGroupFault>;
if (faultException != null)
{
if (faultException.Detail.Code == InvalidGroupCode.GroupDoesNotExist)
{
base.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Low, "SyncGroupUsers returned GroupDoesNotExist fault while trying to sync an empty group <{0}> in company <{1}>.", new object[]
{
partnerGroup.WellKnownGroupName,
tenantOU
});
}
else if (faultException.Detail.Code == InvalidGroupCode.GroupBelongsToDifferentCompany || faultException.Detail.ErrorType == ErrorType.Transient)
{
this.HandleFaultAsTransientFailure <InvalidGroupFault>(companyIdentity, syncPartnerAdminGroupOperation, faultException.Detail.Code.ToString(), faultException, faultException.Detail.Code != InvalidGroupCode.GroupBelongsToDifferentCompany);
}
else
{
this.HandleFaultAsPermanentFailure <InvalidGroupFault>(syncPartnerAdminGroupOperation, faultException.Detail.Code.ToString(), faultException);
}
}
else
{
this.HandleOperationLevelException(syncGroupsException, syncPartnerAdminGroupOperation, companyIdentity);
}
return(false);
}
if (syncGroupUsersResponse == null)
{
StringBuilder stringBuilder = new StringBuilder();
foreach (string value in members)
{
if (stringBuilder.Length != 0)
{
stringBuilder.Append(", ");
}
stringBuilder.Append(value);
}
base.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Low, "Successfully completed SyncGroupUsers operation for partnerGroup <{0} : {1}>. Details: <{2}>; Members={3}", new object[]
{
partnerGroup.WellKnownGroupName,
tenantOU,
partnerGroup,
stringBuilder.ToString()
});
}
else
{
StringBuilder stringBuilder2 = new StringBuilder();
stringBuilder2.Append("SyncGroupUsers: ");
int num = 0;
int num2 = 0;
bool hasCriticalError = false;
EhfAdminAccountSynchronizer.ClassifyFailedResponse <string>(syncGroupUsersResponse, ref num, ref num2, ref hasCriticalError, stringBuilder2);
string text = stringBuilder2.ToString();
this.HandleOperationFailureCounts(companyIdentity, syncPartnerAdminGroupOperation, (num > 0) ? 1 : 0, (num2 > 0) ? 1 : 0, text, hasCriticalError);
this.LogAdminSyncOperationFailure(syncPartnerAdminGroupOperation, num, num2, text);
}
return(true);
}
private EhfCompanyAdmins(EhfAdminSyncChangeBuilder builder, EhfTargetConnection targetConnection, string orgManagementGroupDN, string viewOnlyOrgManagementGroupDN, EhfADAdapter configADAdapter)
{
EhfWellKnownGroup ehfWellKnownGroup = null;
EhfWellKnownGroup ehfWellKnownGroup2 = null;
EhfWellKnownGroup ehfWellKnownGroup3 = null;
EhfWellKnownGroup ehfWellKnownGroup4 = null;
this.tenantOU = builder.TenantOU;
this.ehfTargetConnection = targetConnection;
if (builder.DeletedObjects.Count != 0)
{
this.CacheAdminSyncState(configADAdapter);
}
bool flag = builder.UpdateOrgManagementGroup || builder.HasDirectChangeForGroup(orgManagementGroupDN) || (this.ehfAdminSyncState != null && this.AdminGroupMemberDeleted(builder, this.ehfAdminSyncState.OrganizationManagmentMembers, orgManagementGroupDN));
bool flag2 = builder.UpdateViewOnlyOrgManagementGroup || builder.HasDirectChangeForGroup(viewOnlyOrgManagementGroupDN) || (this.ehfAdminSyncState != null && this.AdminGroupMemberDeleted(builder, this.ehfAdminSyncState.ViewOnlyOrganizationManagmentMembers, viewOnlyOrgManagementGroupDN));
bool flag3 = builder.UpdateAdminAgentGroup || (this.ehfAdminSyncState != null && this.AdminGroupMemberDeleted(builder, this.ehfAdminSyncState.AdminAgentMembers, EhfCompanyAdmins.AdminAgentGroupNamePrefix));
bool flag4 = builder.UpdateHelpdeskAgentGroup || (this.ehfAdminSyncState != null && this.AdminGroupMemberDeleted(builder, this.ehfAdminSyncState.HelpdeskAgentMembers, EhfCompanyAdmins.HelpdeskAgentGroupNamePrefix));
if ((flag || builder.GroupChanges.Count != 0 || builder.LiveIdChanges.Count != 0) && orgManagementGroupDN != null)
{
ehfWellKnownGroup = this.GetMembersOfGroupFromDN(orgManagementGroupDN, false, targetConnection.DiagSession);
}
if ((flag2 || builder.GroupChanges.Count != 0 || builder.LiveIdChanges.Count != 0) && viewOnlyOrgManagementGroupDN != null)
{
ehfWellKnownGroup2 = this.GetMembersOfGroupFromDN(viewOnlyOrgManagementGroupDN, false, targetConnection.DiagSession);
}
if (builder.GroupChanges.Count != 0 || builder.LiveIdChanges.Count != 0 || flag3 || flag4)
{
string text = null;
string text2 = null;
foreach (ExSearchResultEntry exSearchResultEntry in this.ehfTargetConnection.ADAdapter.PagedScan(this.tenantOU, EhfCompanyAdmins.PartnerAdminGroupFilter, new string[0]))
{
targetConnection.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "Found a Partner Admin group {0}", new object[]
{
exSearchResultEntry.DistinguishedName
});
if (exSearchResultEntry.DistinguishedName.StartsWith(EhfWellKnownGroup.AdminAgentGroupDnPrefix))
{
text = exSearchResultEntry.DistinguishedName;
}
else if (exSearchResultEntry.DistinguishedName.StartsWith(EhfWellKnownGroup.HelpdeskAgentGroupDnPrefix))
{
text2 = exSearchResultEntry.DistinguishedName;
}
}
targetConnection.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "AdminAgentPartnerGroup={0}; HelpDeskAgentPartnerGroup = {1}", new object[]
{
text ?? "<null>",
text2 ?? "<null>"
});
if (flag3 && text != null)
{
ehfWellKnownGroup3 = this.GetMembersOfGroupFromDN(text, true, targetConnection.DiagSession);
}
if (flag4 && text2 != null)
{
ehfWellKnownGroup4 = this.GetMembersOfGroupFromDN(text2, true, targetConnection.DiagSession);
}
}
EdgeSyncDiag diagSession = builder.EhfTargetConnection.DiagSession;
if (!flag && ehfWellKnownGroup != null && (EhfCompanyAdmins.RelevantChangePresent <AdminSyncUser>(builder.GroupChanges, ehfWellKnownGroup.SubGroups, diagSession) || EhfCompanyAdmins.RelevantChangePresent <MailboxAdminSyncUser>(builder.LiveIdChanges, ehfWellKnownGroup.GroupMembers, diagSession)))
{
flag = true;
}
if (!flag2 && ehfWellKnownGroup2 != null && (EhfCompanyAdmins.RelevantChangePresent <AdminSyncUser>(builder.GroupChanges, ehfWellKnownGroup2.SubGroups, diagSession) || EhfCompanyAdmins.RelevantChangePresent <MailboxAdminSyncUser>(builder.LiveIdChanges, ehfWellKnownGroup2.GroupMembers, diagSession)))
{
flag2 = true;
}
if (!flag3 && ehfWellKnownGroup3 != null && (EhfCompanyAdmins.RelevantChangePresent <AdminSyncUser>(builder.GroupChanges, ehfWellKnownGroup3.SubGroups, diagSession) || EhfCompanyAdmins.RelevantChangePresent <MailboxAdminSyncUser>(builder.LiveIdChanges, ehfWellKnownGroup3.GroupMembers, diagSession)))
{
flag3 = true;
}
if (!flag4 && ehfWellKnownGroup4 != null && (EhfCompanyAdmins.RelevantChangePresent <AdminSyncUser>(builder.GroupChanges, ehfWellKnownGroup4.SubGroups, diagSession) || EhfCompanyAdmins.RelevantChangePresent <MailboxAdminSyncUser>(builder.LiveIdChanges, ehfWellKnownGroup4.GroupMembers, diagSession)))
{
flag4 = true;
}
if (flag)
{
this.organizationManagement = ehfWellKnownGroup;
}
if (flag2)
{
this.viewOnlyOrganizationManagement = ehfWellKnownGroup2;
}
if (flag3)
{
this.adminAgent = ehfWellKnownGroup3;
}
if (flag4)
{
this.helpdeskAgent = ehfWellKnownGroup4;
}
if (this.IsSyncRequired)
{
this.CacheAdminSyncState(configADAdapter);
}
}
private EhfWellKnownGroup GetMembersOfGroupFromDN(string groupDistinguishedName, bool isPartnerAdminGroup, EdgeSyncDiag diagSession)
{
EhfWellKnownGroup ehfWellKnownGroup;
if (isPartnerAdminGroup)
{
ExSearchResultEntry exSearchResultEntry = this.ehfTargetConnection.ADAdapter.ReadObjectEntry(groupDistinguishedName, false, EhfCompanyAdmins.AttributesToFetchFromMembers);
if (exSearchResultEntry == null)
{
diagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Low, "Could not find wellknown partner admin group {0}", new object[]
{
groupDistinguishedName
});
return(null);
}
if (!EhfCompanyAdmins.IsPartnerManagedGroup(exSearchResultEntry, diagSession))
{
diagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "Found the partner group {0}, but it is no partner Managed", new object[]
{
groupDistinguishedName
});
return(null);
}
Guid externalDirectoryObjectId;
if (!EhfCompanyAdmins.TryGetExternalDirectoryObjectId(exSearchResultEntry, diagSession, out externalDirectoryObjectId))
{
return(null);
}
ehfWellKnownGroup = new EhfWellKnownGroup(groupDistinguishedName, externalDirectoryObjectId);
}
else
{
ehfWellKnownGroup = new EhfWellKnownGroup(groupDistinguishedName);
}
Stack <string> stack = new Stack <string>();
stack.Push(groupDistinguishedName);
while (stack.Count != 0)
{
string text = stack.Pop();
string query = string.Format("(memberOf={0})", text);
diagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.High, "Expanding group {0}", new object[]
{
text
});
IEnumerable <ExSearchResultEntry> enumerable = this.ehfTargetConnection.ADAdapter.PagedScan(this.tenantOU, query, EhfCompanyAdmins.AttributesToFetchFromMembers);
int num = 0;
foreach (ExSearchResultEntry exSearchResultEntry2 in enumerable)
{
num++;
if (!exSearchResultEntry2.IsDeleted)
{
Guid objectGuid = exSearchResultEntry2.GetObjectGuid();
if (EhfCompanyAdmins.IsGroup(exSearchResultEntry2))
{
Guid partnerGroupGuid;
if (ehfWellKnownGroup.SubGroups.ContainsKey(objectGuid) || ehfWellKnownGroup.LinkedRoleGroups.ContainsKey(objectGuid))
{
this.ehfTargetConnection.DiagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "Group {0} is already processed. Ignoring it.", new object[]
{
exSearchResultEntry2.DistinguishedName
});
}
else if (EhfCompanyAdmins.IsPartnerManagedLinkedRoleGroup(exSearchResultEntry2, diagSession, out partnerGroupGuid))
{
ehfWellKnownGroup.LinkedRoleGroups.Add(objectGuid, new PartnerGroupAdminSyncUser(exSearchResultEntry2.DistinguishedName, objectGuid, partnerGroupGuid));
}
else
{
ehfWellKnownGroup.SubGroups.Add(objectGuid, new AdminSyncUser(exSearchResultEntry2.DistinguishedName, objectGuid));
stack.Push(exSearchResultEntry2.DistinguishedName);
}
}
else
{
string text2 = string.Empty;
if (exSearchResultEntry2.Attributes.ContainsKey("msExchWindowsLiveID") && exSearchResultEntry2.Attributes["msExchWindowsLiveID"].Count != 0)
{
text2 = (string)exSearchResultEntry2.Attributes["msExchWindowsLiveID"][0];
if (text2 != null)
{
text2 = text2.Trim();
}
}
else
{
diagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "WindowsLiveID is not set for {0}", new object[]
{
exSearchResultEntry2.DistinguishedName
});
}
if (!ehfWellKnownGroup.GroupMembers.ContainsKey(objectGuid))
{
ehfWellKnownGroup.GroupMembers.Add(objectGuid, new MailboxAdminSyncUser(text2, objectGuid, exSearchResultEntry2.DistinguishedName));
}
}
}
else
{
diagSession.LogAndTraceInfo(EdgeSyncLoggingLevel.Medium, "{0} is deleted, ignoring...", new object[]
{
exSearchResultEntry2.DistinguishedName
});
}
}
diagSession.Tracer.TraceDebug <string, int>((long)this.GetHashCode(), "Expanded group {0}. Found {1} children", text, num);
}
return(ehfWellKnownGroup);
}
