private static void SaveArchiveSecurityDescriptor(ADUser mailbox, IConfigDataProvider writableAdSession, RawSecurityDescriptor rawSd, Task.TaskVerboseLoggingDelegate logVerbose, Task.ErrorLoggerDelegate logError)
{
ADObjectId adobjectId = mailbox.ArchiveDatabase ?? mailbox.Database;
MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(adobjectId), mailbox.ArchiveGuid);
try
{
ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance();
DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(adobjectId.ObjectGuid);
using (MapiMessageStoreSession mapiMessageStoreSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, PermissionTaskHelper.CalcuteSystemAttendantMailboxLegacyDistingushName(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn)))
{
logVerbose(Strings.VerboseSaveStoreMailboxSecurityDescriptor(mailboxId.ToString(), mapiMessageStoreSession.ServerName));
mapiMessageStoreSession.ForceStoreToRefreshMailbox(mailboxId);
}
}
catch (FormatException)
{
logError(new TaskInvalidOperationException(Strings.ErrorInvalidServerLegacyDistinguishName(mailbox.DistinguishedName.ToString())), ExchangeErrorCategory.ServerOperation, null);
}
catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException)
{
logVerbose(Strings.VerboseArchiveNotExistInStore(mailbox.Name));
PermissionTaskHelper.SaveAdSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError);
}
catch (LocalizedException exception)
{
logError(new SetArchivePermissionException(mailbox.Name, exception), ExchangeErrorCategory.ServerOperation, null);
}
}
public static void SetMailboxAces(ADUser mailbox, IConfigDataProvider writableAdSession, Task.TaskVerboseLoggingDelegate logVerbose, Task.TaskWarningLoggingDelegate logWarning, Task.ErrorLoggerDelegate logError, IConfigurationSession adSession, ref MapiMessageStoreSession storeSession, bool remove, params ActiveDirectoryAccessRule[] aces)
{
ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadMailboxSecurityDescriptor(mailbox, adSession, logVerbose, logError);
if (activeDirectorySecurity != null)
{
DirectoryCommon.ApplyAcesOnAcl(logVerbose, logWarning, null, mailbox.DistinguishedName, activeDirectorySecurity, remove, aces);
PermissionTaskHelper.SaveMailboxSecurityDescriptor(mailbox, activeDirectorySecurity, writableAdSession, ref storeSession, logVerbose, logError);
}
}
public static void SaveMailboxSecurityDescriptor(ADUser mailbox, ActiveDirectorySecurity adSecurity, IConfigDataProvider writableAdSession, ref MapiMessageStoreSession storeSession, Task.TaskVerboseLoggingDelegate logVerbose, Task.ErrorLoggerDelegate logError)
{
if (writableAdSession == null)
{
throw new ArgumentException("writableAdSession");
}
RawSecurityDescriptor rawSd = new RawSecurityDescriptor(adSecurity.GetSecurityDescriptorBinaryForm(), 0);
PermissionTaskHelper.SaveAdSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError);
string text = null;
try
{
ActiveManager activeManagerInstance = ActiveManager.GetActiveManagerInstance();
DatabaseLocationInfo serverForDatabase = activeManagerInstance.GetServerForDatabase(mailbox.Database.ObjectGuid);
text = serverForDatabase.ServerFqdn;
if (storeSession == null)
{
storeSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, PermissionTaskHelper.CalcuteSystemAttendantMailboxLegacyDistingushName(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn));
}
else
{
storeSession.RedirectServer(serverForDatabase.ServerLegacyDN, Fqdn.Parse(serverForDatabase.ServerFqdn));
}
MailboxId mailboxId = new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectIdToDatabaseId(mailbox.Database), mailbox.ExchangeGuid);
logVerbose(Strings.VerboseSaveStoreMailboxSecurityDescriptor(mailboxId.ToString(), storeSession.ServerName));
storeSession.Administration.PurgeCachedMailboxObject(mailboxId.MailboxGuid);
}
catch (DatabaseNotFoundException)
{
logVerbose(Strings.ErrorMailboxDatabaseNotFound(mailbox.Database.ToString()));
}
catch (MapiExceptionNetworkError)
{
logVerbose(Strings.ErrorFailedToConnectToStore((text != null) ? text : string.Empty));
}
catch (FormatException)
{
logVerbose(Strings.ErrorInvalidServerLegacyDistinguishName(mailbox.DistinguishedName.ToString()));
}
catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException)
{
logVerbose(Strings.VerboseMailboxNotExistInStore(mailbox.DistinguishedName));
}
if (mailbox.HasLocalArchive)
{
PermissionTaskHelper.SaveArchiveSecurityDescriptor(mailbox, writableAdSession, rawSd, logVerbose, logError);
}
}
internal static SecurityIdentifier[] GetServerAdmins(Server server, IDirectorySession session, Task.TaskErrorLoggingDelegate logError)
{
List <SecurityIdentifier> list = new List <SecurityIdentifier>();
ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadAdSecurityDescriptor(server, session, logError);
AuthorizationRuleCollection accessRules = activeDirectorySecurity.GetAccessRules(true, false, typeof(SecurityIdentifier));
foreach (object obj in accessRules)
{
ActiveDirectoryAccessRule activeDirectoryAccessRule = (ActiveDirectoryAccessRule)obj;
if (activeDirectoryAccessRule.ActiveDirectoryRights == ActiveDirectoryRights.GenericAll)
{
SecurityIdentifier item = (SecurityIdentifier)activeDirectoryAccessRule.IdentityReference;
list.Add(item);
}
}
return(list.ToArray());
}
public static ActiveDirectorySecurity ReadAdSecurityDescriptor(ADRawEntry entry, IDirectorySession session, Task.TaskErrorLoggingDelegate logError)
{
RawSecurityDescriptor rawSecurityDescriptor = null;
return(PermissionTaskHelper.ReadAdSecurityDescriptor(entry, session, logError, out rawSecurityDescriptor));
}
