public static void GrantWriteMembershipPermissionToEOA(ADObject obj, ADGroup eoa, IConfigurationSession configurationSession, Task.TaskVerboseLoggingDelegate logWarning) { Guid schemaPropertyGuid = DirectoryCommon.GetSchemaPropertyGuid(configurationSession, "member"); ActiveDirectoryAccessRule activeDirectoryAccessRule = new ActiveDirectoryAccessRule(eoa.Sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid, ActiveDirectorySecurityInheritance.All); DirectoryCommon.SetAces(logWarning, null, obj, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); }
private void GrantWriteMembershipPermission(SecurityIdentifier sid, ADOrganizationalUnit container) { List <ActiveDirectoryAccessRule> list = new List <ActiveDirectoryAccessRule>(); List <ActiveDirectoryAccessRule> list2 = new List <ActiveDirectoryAccessRule>(); Guid schemaPropertyGuid = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "member"); Guid schemaClassGuid = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "group"); list2.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid)); list2.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.CreateChild, AccessControlType.Allow, schemaClassGuid, ActiveDirectorySecurityInheritance.All)); list.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.DeleteChild, AccessControlType.Allow, schemaClassGuid, ActiveDirectorySecurityInheritance.All)); list2.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.Delete, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid)); DirectoryCommon.RemoveAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, null, container, list.ToArray()); DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, container, list2.ToArray()); }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(); List <Server> list = new List <Server>(); List <SecurityIdentifier> list2 = new List <SecurityIdentifier>(); Server server = null; try { server = ((ITopologyConfigurationSession)this.configurationSession).FindLocalServer(); } catch (LocalServerNotFoundException ex) { base.WriteError(new CouldNotFindExchangeServerDirectoryEntryException(ex.Fqdn), ErrorCategory.InvalidData, null); } base.LogReadObject(server); list.Add(server); ADComputer adcomputer = ((ITopologyConfigurationSession)this.domainConfigurationSession).FindLocalComputer(); if (adcomputer == null) { base.WriteError(new CouldNotFindLocalhostDirectoryEntryException(), ErrorCategory.InvalidData, null); } base.LogReadObject(adcomputer); list2.Add(adcomputer.Sid); if (list.Count > 0) { List <ActiveDirectoryAccessRule> list3 = list2.ConvertAll <ActiveDirectoryAccessRule>((SecurityIdentifier machineSid) => new ActiveDirectoryAccessRule(machineSid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); using (IEnumerator <string> enumerator = DirectoryCommon.ServerWriteAttrs.GetEnumerator()) { while (enumerator.MoveNext()) { string attr = enumerator.Current; list3.AddRange(list2.ConvertAll <ActiveDirectoryAccessRule>((SecurityIdentifier machineSid) => new ActiveDirectoryAccessRule(machineSid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, attr), ActiveDirectorySecurityInheritance.None))); } } foreach (Server obj in list) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, obj, list3.ToArray()); } SecurityIdentifier sid = this.exs.Sid; List <ActiveDirectoryAccessRule> list4 = new List <ActiveDirectoryAccessRule>(); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreTransportAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreConstrainedDelegationExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreReadAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreReadWriteAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); foreach (Server obj2 in list) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, obj2, list4.ToArray()); } TaskLogger.LogExit(); } }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(); RoleGroupCollection roleGroupCollection = InitializeExchangeUniversalGroups.RoleGroupsToCreate(); bool flag = false; foreach (RoleGroupDefinition roleGroupDefinition in roleGroupCollection) { roleGroupDefinition.ADGroup = base.ResolveExchangeGroupGuid <ADGroup>(roleGroupDefinition.RoleGroupGuid); if (roleGroupDefinition.ADGroup == null) { flag = true; } } ADGroup adgroup = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.ExSWkGuid); ADGroup adgroup2 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.E3iWkGuid); ADGroup adgroup3 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EtsWkGuid); ADGroup adgroup4 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EwpWkGuid); this.adSplitPermissionMode = false; if (this.ActiveDirectorySplitPermissions != null) { if (this.ActiveDirectorySplitPermissions.Value) { this.adSplitPermissionMode = true; } else { this.adSplitPermissionMode = false; } } else if (adgroup3 == null) { this.adSplitPermissionMode = false; } else if (adgroup4 == null) { this.adSplitPermissionMode = false; } else if (!adgroup4.Members.Contains(adgroup3.Id)) { this.adSplitPermissionMode = true; } else { this.adSplitPermissionMode = false; } ADOrganizationalUnit adorganizationalUnit = this.FindExchangeUSGContainer("Microsoft Exchange Protected Groups", this.domainConfigurationSession, this.rootDomain.Id); if (this.adSplitPermissionMode && adorganizationalUnit == null) { adorganizationalUnit = this.CreateExchangeUSGContainer("Microsoft Exchange Protected Groups", this.domainConfigurationSession, this.rootDomain.Id); if (adorganizationalUnit == null) { base.WriteError(new USGContainerNotFoundException("Microsoft Exchange Protected Groups", this.rootDomain.DistinguishedName), ErrorCategory.ObjectNotFound, null); } } ADOrganizationalUnit adorganizationalUnit2 = null; if (flag || adgroup == null || adgroup2 == null || adgroup3 == null || (!this.adSplitPermissionMode && adgroup4 == null)) { adorganizationalUnit2 = this.CreateExchangeUSGContainer("Microsoft Exchange Security Groups", this.domainConfigurationSession, this.rootDomain.Id); if (adorganizationalUnit2 == null) { base.WriteError(new USGContainerNotFoundException("Microsoft Exchange Security Groups", this.rootDomain.DistinguishedName), ErrorCategory.ObjectNotFound, null); } } else { adorganizationalUnit2 = this.FindExchangeUSGContainer("Microsoft Exchange Security Groups", this.domainConfigurationSession, this.rootDomain.Id); } this.CreateAndValidateRoleGroups(adorganizationalUnit2, roleGroupCollection); this.CreateGroup(adorganizationalUnit2, "Exchange Servers", 0, WellKnownGuid.ExSWkGuid, Strings.ExchangeServersUSGDescription); this.CreateGroup(adorganizationalUnit2, "Exchange Trusted Subsystem", 0, WellKnownGuid.EtsWkGuid, Strings.ExchangeTrustedSubsystemDescription); this.CreateGroup(adorganizationalUnit2, "Managed Availability Servers", 0, WellKnownGuid.MaSWkGuid, Strings.ManagedAvailabilityServersUSGDescription); if (this.adSplitPermissionMode) { this.CreateOrMoveEWPGroup(adgroup4, adorganizationalUnit); } else { this.CreateOrMoveEWPGroup(adgroup4, adorganizationalUnit2); if (adorganizationalUnit != null) { this.domainConfigurationSession.Delete(adorganizationalUnit); base.LogWriteObject(adorganizationalUnit); } } this.CreateGroup(adorganizationalUnit2, "ExchangeLegacyInterop", 0, WellKnownGuid.E3iWkGuid, Strings.ExchangeInteropUSGDescription); if (adgroup == null) { adgroup = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.ExSWkGuid); if (adgroup == null) { base.WriteError(new ExSGroupNotFoundException(WellKnownGuid.ExSWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup); ADGroup adgroup5 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.MaSWkGuid); if (adgroup5 == null) { base.WriteError(new MaSGroupNotFoundException(WellKnownGuid.MaSWkGuid), ErrorCategory.InvalidData, null); } base.LogReadObject(adgroup5); InitializeExchangeUniversalGroups.AddMember(adgroup, this.rootDomainRecipientSession, adgroup5, new WriteVerboseDelegate(base.WriteVerbose)); if (adgroup2 == null) { adgroup2 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.E3iWkGuid); if (adgroup2 == null) { base.WriteError(new E2k3InteropGroupNotFoundException(WellKnownGuid.E3iWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup2); bool etsExisted = adgroup3 != null; if (adgroup3 == null) { adgroup3 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EtsWkGuid); if (adgroup3 == null) { base.WriteError(new ExTrustedSubsystemGroupNotFoundException(WellKnownGuid.EtsWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup3); bool ewpExisted = adgroup4 != null; if (adgroup4 == null) { adgroup4 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EwpWkGuid); if (adgroup4 == null) { base.WriteError(new ExWindowsPermissionsGroupNotFoundException(WellKnownGuid.EwpWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup4); this.GrantWriteMembershipPermission(adgroup3.Sid, adorganizationalUnit2); this.FixExchangeTrustedSubsystemGroupMembership(adgroup3, adgroup4, adgroup, roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EmaWkGuid), etsExisted, ewpExisted); WindowsPrincipal windowsPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent()); string name = windowsPrincipal.Identity.Name; string[] array = name.Split(new char[] { '\\' }, 2); ADCrossRef[] domainPartitions = ADForest.GetLocalForest(base.DomainController).GetDomainPartitions(); if (domainPartitions == null || domainPartitions.Length == 0) { base.WriteError(new DomainsNotFoundException(), ErrorCategory.InvalidData, null); } List <SecurityIdentifier> list = new List <SecurityIdentifier>(); foreach (ADCrossRef adcrossRef in domainPartitions) { Exception ex = null; try { this.domainConfigurationSession.DomainController = null; ADDomain addomain = this.domainConfigurationSession.Read <ADDomain>(adcrossRef.NCName); base.LogReadObject(addomain); SecurityIdentifier item = new SecurityIdentifier(WellKnownSidType.AccountDomainAdminsSid, addomain.Sid); list.Add(item); } catch (ADExternalException ex2) { ex = ex2; } catch (ADTransientException ex3) { ex = ex3; } if (ex != null) { this.WriteWarning(Strings.DomainNotReachableWarning(adcrossRef.DnsRoot[0])); } } this.domainConfigurationSession.DomainController = null; ADGroup adgroupByGuid = roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EoaWkGuid); ADGroup adgroupByGuid2 = roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EpaWkGuid); ActiveDirectoryAccessRule activeDirectoryAccessRule = new ActiveDirectoryAccessRule(adgroupByGuid.Sid, ActiveDirectoryRights.GenericAll, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All); List <ActiveDirectoryAccessRule> list2 = new List <ActiveDirectoryAccessRule>(); list2.Add(activeDirectoryAccessRule); Guid schemaPropertyGuid = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "member"); foreach (SecurityIdentifier identity in list) { list2.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid, ActiveDirectorySecurityInheritance.All)); } DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroup, list2.ToArray()); try { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroupByGuid, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); } catch (ADOperationException ex4) { this.WriteWarning(Strings.UnableToGrantFullControlOnEOA(adgroupByGuid.Id.ToString(), adgroupByGuid.Id.ToString(), ex4.Message)); } if (adgroupByGuid2 != null) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroupByGuid2, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); } if (adorganizationalUnit2 != null) { base.WriteVerbose(Strings.InfoSetAces(adorganizationalUnit2.Id.DistinguishedName)); DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adorganizationalUnit2, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); } DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroup2, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); bool useGlobalCatalog = this.recipientSession.UseGlobalCatalog; this.recipientSession.UseGlobalCatalog = true; try { ADRecipient adrecipient = (ADRecipient)this.recipientSession.FindByAccountName <ADRecipient>(array[0], array[1]); if (adrecipient != null) { TaskLogger.Trace("Adding user {0} ({1}), to group {2}.", new object[] { name, adrecipient.DistinguishedName, adgroupByGuid.DistinguishedName }); InitializeExchangeUniversalGroups.AddMember(adrecipient, this.rootDomainRecipientSession, adgroupByGuid, new WriteVerboseDelegate(base.WriteVerbose)); } else { TaskLogger.Trace("Didn't find user {0})", new object[] { name }); } } catch (ADOperationException ex5) { base.WriteVerbose(new LocalizedString(ex5.Message)); } this.recipientSession.UseGlobalCatalog = useGlobalCatalog; TaskLogger.LogExit(); }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(); IConfigurationSession session = (IConfigurationSession)ADSession.RescopeSessionToTenantSubTree(this.configurationSession); int count = DirectoryCommon.MailboxWriteAttrs.Count; SecurityIdentifier sid = this.exs.Sid; SecurityIdentifier sid2 = this.ets.Sid; this.configurationSession.GetOrgContainer(); SecurityIdentifier[] array = new SecurityIdentifier[] { this.eoa.Sid, this.ets.Sid }; SecurityIdentifier identity = new SecurityIdentifier("WD"); SecurityIdentifier identity2 = new SecurityIdentifier("AN"); SecurityIdentifier securityIdentifier = new SecurityIdentifier("AU"); SecurityIdentifier securityIdentifier2 = new SecurityIdentifier("NS"); SecurityIdentifier identity3 = new SecurityIdentifier("SY"); SecurityIdentifier identity4 = new SecurityIdentifier(WellKnownSidType.AccountEnterpriseAdminsSid, this.rootDomain.Sid); SecurityIdentifier identity5 = new SecurityIdentifier(WellKnownSidType.AccountDomainAdminsSid, this.rootDomain.Sid); SecurityIdentifier identity6 = new SecurityIdentifier(WellKnownSidType.AccountSchemaAdminsSid, this.rootDomain.Sid); List <ActiveDirectoryAccessRule> list = new List <ActiveDirectoryAccessRule>(2); list.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.DsReplicationSynchronize, ActiveDirectorySecurityInheritance.None)); string distinguishedName = this.configurationSession.ConfigurationNamingContext.DistinguishedName; if (base.ShouldProcess(distinguishedName, Strings.InfoProcessAction(distinguishedName), null)) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, session, this.configurationSession.ConfigurationNamingContext, list.ToArray()); } Guid schemaClassGuid = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchSmtpReceiveConnector"); ADObjectId deletedObjectsContainer = this.configurationSession.DeletedObjectsContainer; base.WriteVerbose(Strings.InfoTakeOwnership(deletedObjectsContainer.DistinguishedName)); DirectoryCommon.TakeOwnership(deletedObjectsContainer, null, session); List <ActiveDirectoryAccessRule> list2 = new List <ActiveDirectoryAccessRule>(100); list2.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); list2.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.None)); list2.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.GenericAll, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); list2.Add(new ActiveDirectoryAccessRule(sid2, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.DeleteTree | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); list2.Add(new ActiveDirectoryAccessRule(this.ets.Sid, ActiveDirectoryRights.WriteDacl, AccessControlType.Allow, schemaClassGuid, ActiveDirectorySecurityInheritance.All)); list2.Add(new ActiveDirectoryAccessRule(this.ets.Sid, ActiveDirectoryRights.GenericAll, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); if (this.epa != null) { list2.Add(new ActiveDirectoryAccessRule(this.epa.Sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); } if (this.delegatedSetupRG != null) { list2.Add(new ActiveDirectoryAccessRule(this.delegatedSetupRG.Sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); } if (base.ShouldProcess(this.meServicesContainer.DistinguishedName, Strings.InfoProcessAction(this.meServicesContainer.DistinguishedName), null)) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, session, this.meServicesContainer.Id, list2.ToArray()); if (this.confUnitsContainer != null && !this.confUnitsContainer.Id.IsDescendantOf(this.configurationSession.ConfigurationNamingContext)) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.confUnitsContainer, list2.ToArray()); } } Guid schemaClassGuid2 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchPrivateMDB"); Guid schemaClassGuid3 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchPublicMDB"); DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchAvailabilityConfig"); Guid schemaClassGuid4 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchAvailabilityAddressSpace"); Guid schemaPropertyGuid = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchAvailabilityUserPassword"); Guid schemaClassGuid5 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "siteAddressing"); Guid schemaClassGuid6 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "site"); Guid schemaClassGuid7 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "siteLink"); Guid schemaClassGuid8 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchEdgeSyncServiceConfig"); Guid schemaClassGuid9 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchEdgeSyncMservConnector"); Guid schemaClassGuid10 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchEdgeSyncEhfConnector"); Guid schemaPropertyGuid2 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "siteFolderServer"); Guid schemaPropertyGuid3 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "siteFolderGUID"); Guid schemaPropertyGuid4 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchDatabaseCreated"); Guid schemaPropertyGuid5 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchPatchMDB"); Guid schemaPropertyGuid6 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchEDBOffline"); Guid schemaPropertyGuid7 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchTransportSiteFlags"); Guid schemaPropertyGuid8 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchPartnerId"); Guid schemaPropertyGuid9 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchCost"); Guid schemaPropertyGuid10 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchVersion"); Guid schemaPropertyGuid11 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchLastAppliedRecipientFilter"); Guid schemaPropertyGuid12 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchRecipientFilterFlags"); Guid schemaPropertyGuid13 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "legacyExchangeDN"); Guid schemaPropertyGuid14 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchOwningServer"); Guid schemaPropertyGuid15 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchMinorPartnerId"); Guid schemaPropertyGuid16 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "msExchResponsibleForSites"); List <ActiveDirectoryAccessRule> list3 = new List <ActiveDirectoryAccessRule>(); list3.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); List <ActiveDirectoryAccessRule> list4 = new List <ActiveDirectoryAccessRule>(); List <ActiveDirectoryAccessRule> list5 = new List <ActiveDirectoryAccessRule>(); list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.SendAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreTransportAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreConstrainedDelegationExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadWriteAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.SendAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity4, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreTransportAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreConstrainedDelegationExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadWriteAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreTransportAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity5, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All)); list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreConstrainedDelegationExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list5.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.StoreReadWriteAccessExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ReadProperty, AccessControlType.Deny, schemaPropertyGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid4)); list4.Add(new ActiveDirectoryAccessRule(securityIdentifier2, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.None)); list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreatePublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreCreateNamedPropertiesExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid2)); list4.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid3)); list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreatePublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreCreateNamedPropertiesExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid2)); list4.Add(new ActiveDirectoryAccessRule(identity2, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid3)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, WellKnownGuid.PublicInfoPropSetGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, WellKnownGuid.PersonalInfoPropSetGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, WellKnownGuid.ExchangeInfoPropSetGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid5)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid3, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid2, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity6, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity6, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.SendAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.TokenSerializationRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.EpiImpersonationRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreVisibleExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); if (this.epa != null) { list4.Add(new ActiveDirectoryAccessRule(this.epa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreVisibleExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); } list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid4, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid6, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid5, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid13, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid14, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(this.mas.Sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); List <SecurityIdentifier> list6 = new List <SecurityIdentifier>(); list6.Add(this.eoa.Sid); if (this.epa != null) { list6.Add(this.epa.Sid); } foreach (SecurityIdentifier identity7 in list6) { list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.GenericRead, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.MailEnablePublicFolderGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreatePublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.CreateTopLevelPublicFolderExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderACLExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderAdminACLExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderDeletedItemRetentionExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderExpiryExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderQuotasExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.ModifyPublicFolderReplicaListExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreAdminExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreCreateNamedPropertiesExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); list4.Add(new ActiveDirectoryAccessRule(identity7, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.StoreVisibleExtendedRightGuid, ActiveDirectorySecurityInheritance.All)); } for (int i = 0; i < count; i++) { Guid schemaPropertyGuid17 = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, DirectoryCommon.MailboxWriteAttrs[i]); list4.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid17, ActiveDirectorySecurityInheritance.All)); } if (base.ShouldProcess(this.autodiscoverContainer.DistinguishedName, Strings.InfoProcessAction(this.autodiscoverContainer.DistinguishedName), null)) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.autodiscoverContainer, list3.ToArray()); } if (base.ShouldProcess(this.orgContainer.DistinguishedName, Strings.InfoProcessAction(this.orgContainer.DistinguishedName), null)) { DirectoryCommon.RemoveAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, null, this.orgContainer, list5.ToArray()); DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.orgContainer, list4.ToArray()); } if (this.confUnitsContainer != null && base.ShouldProcess(this.confUnitsContainer.DistinguishedName, Strings.InfoProcessAction(this.confUnitsContainer.DistinguishedName), null)) { DirectoryCommon.RemoveAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, null, this.confUnitsContainer, list5.ToArray()); DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.confUnitsContainer, list4.ToArray()); } ActiveDirectoryAccessRule[] aces = new ActiveDirectoryAccessRule[] { new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All) }; if (base.ShouldProcess(this.addressingContainer.DistinguishedName, Strings.InfoProcessAction(this.addressingContainer.DistinguishedName), null)) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.addressingContainer, aces); } List <ActiveDirectoryAccessRule> list7 = new List <ActiveDirectoryAccessRule>(); if (this.isMultiTenancy) { list7.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ListChildren, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); list7.Add(new ActiveDirectoryAccessRule(this.era.Sid, ActiveDirectoryRights.ListChildren, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); } else { list7.Add(new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ListChildren, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); } foreach (SecurityIdentifier identity8 in list6) { list7.Add(new ActiveDirectoryAccessRule(identity8, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid11, ActiveDirectorySecurityInheritance.All)); list7.Add(new ActiveDirectoryAccessRule(identity8, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid12, ActiveDirectorySecurityInheritance.All)); } if (base.ShouldProcess(this.addressListsContainer.DistinguishedName, Strings.InfoProcessAction(this.addressListsContainer.DistinguishedName), null)) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.addressListsContainer, list7.ToArray()); } if (this.isMultiTenancy) { base.ReplaceAddressListACEs(this.addressListsContainer.Id, securityIdentifier, new SecurityIdentifier[] { this.eoa.Sid, this.era.Sid }); } if (base.ShouldProcess(this.offlineAddressListsContainer.DistinguishedName, Strings.InfoProcessAction(this.offlineAddressListsContainer.DistinguishedName), null)) { ActiveDirectoryAccessRule[] aces2 = new ActiveDirectoryAccessRule[] { new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.DownloadOABExtendedRightGuid, ActiveDirectorySecurityInheritance.All) }; DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.offlineAddressListsContainer, aces2); } List <ActiveDirectoryAccessRule> list8 = new List <ActiveDirectoryAccessRule>(); foreach (SecurityIdentifier identity9 in list6) { list8.Add(new ActiveDirectoryAccessRule(identity9, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid11, ActiveDirectorySecurityInheritance.All)); list8.Add(new ActiveDirectoryAccessRule(identity9, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid12, ActiveDirectorySecurityInheritance.All)); } if (base.ShouldProcess(this.recipPoliciesContainer.DistinguishedName, Strings.InfoProcessAction(this.recipPoliciesContainer.DistinguishedName), null)) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.recipPoliciesContainer, list8.ToArray()); } List <ActiveDirectoryAccessRule> list9 = new List <ActiveDirectoryAccessRule>(); Guid schemaClassGuid11 = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchExchangeServer"); foreach (SecurityIdentifier identity10 in list6) { list9.Add(new ActiveDirectoryAccessRule(identity10, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.RecipientUpdateExtendedRightGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid11)); } if (base.ShouldProcess(this.administrativeGroup.Id.DistinguishedName, Strings.InfoProcessAction(this.administrativeGroup.Id.DistinguishedName), null)) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.administrativeGroup, list9.ToArray()); } List <ActiveDirectoryAccessRule> list10 = new List <ActiveDirectoryAccessRule>(); for (int j = 0; j < array.Length; j++) { list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid7, ActiveDirectorySecurityInheritance.All, schemaClassGuid6)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid10, ActiveDirectorySecurityInheritance.All, schemaClassGuid6)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid8, ActiveDirectorySecurityInheritance.All, schemaClassGuid6)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid15, ActiveDirectorySecurityInheritance.All, schemaClassGuid6)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid16, ActiveDirectorySecurityInheritance.All, schemaClassGuid6)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid9, ActiveDirectorySecurityInheritance.All, schemaClassGuid7)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid10, ActiveDirectorySecurityInheritance.All, schemaClassGuid7)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.DeleteTree, AccessControlType.Allow, schemaClassGuid8, ActiveDirectorySecurityInheritance.Children, schemaClassGuid6)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.DeleteTree, AccessControlType.Allow, schemaClassGuid9, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid9)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.CreateChild | ActiveDirectoryRights.DeleteChild | ActiveDirectoryRights.DeleteTree, AccessControlType.Allow, schemaClassGuid10, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8)); list10.Add(new ActiveDirectoryAccessRule(array[j], ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid10)); } list10.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8)); list10.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid9)); list10.Add(new ActiveDirectoryAccessRule(identity3, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid10)); list10.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid8)); list10.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid9)); list10.Add(new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid10)); if (base.ShouldProcess(this.sitesContainer.Id.DistinguishedName, Strings.InfoProcessAction(this.sitesContainer.Id.DistinguishedName), null)) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, session, this.sitesContainer.Id, list10.ToArray()); } this.SetDeletedObjectsSecurityDescriptor(sid, ActiveDirectoryRights.ListChildren); this.SetDeletedObjectsSecurityDescriptor(sid2, ActiveDirectoryRights.GenericRead); this.SetDeletedObjectsSecurityDescriptor(this.eoa.Sid, ActiveDirectoryRights.ReadControl | ActiveDirectoryRights.WriteDacl | ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.ListObject); this.SetDeletedObjectsSecurityDescriptor(securityIdentifier2, ActiveDirectoryRights.ListChildren); ActiveDirectoryAccessRule[] aces3 = new ActiveDirectoryAccessRule[] { new ActiveDirectoryAccessRule(securityIdentifier, ActiveDirectoryRights.ListChildren, AccessControlType.Allow) }; if (base.ShouldProcess(this.arraysContainer.Id.DistinguishedName, Strings.InfoProcessAction(this.arraysContainer.Id.DistinguishedName), null)) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, this.arraysContainer, aces3); } TaskLogger.LogExit(); }