示例#1
0
 public static void SetAclOnAlternateProperty(ADObject obj, GenericAce[] aces, PropertyDefinition sdProperty)
 {
     using (WindowsIdentity current = WindowsIdentity.GetCurrent())
     {
         SecurityIdentifier user  = current.User;
         SecurityIdentifier group = user;
         DirectoryCommon.SetAclOnAlternateProperty(obj, aces, sdProperty, user, group);
     }
 }
示例#2
0
        protected override void InternalProcessRecord()
        {
            TaskLogger.LogEnter();
            ADSystemAttendantMailbox adsystemAttendantMailbox = null;
            Server             server             = null;
            SecurityIdentifier sid                = this.exs.Sid;
            SecurityIdentifier securityIdentifier = new SecurityIdentifier("SY");

            try
            {
                server = ((ITopologyConfigurationSession)this.configurationSession).FindLocalServer();
            }
            catch (LocalServerNotFoundException ex)
            {
                base.WriteError(new CouldNotFindExchangeServerDirectoryEntryException(ex.Fqdn), ErrorCategory.InvalidData, null);
            }
            if (server != null)
            {
                base.LogReadObject(server);
                this.recipientSession.DomainController = server.OriginatingServer;
                ADRecipient[] array = this.recipientSession.Find(server.Id.GetChildId("Microsoft System Attendant"), QueryScope.Base, null, null, 1);
                if (array.Length > 0)
                {
                    adsystemAttendantMailbox = (array[0] as ADSystemAttendantMailbox);
                }
            }
            if (adsystemAttendantMailbox != null)
            {
                base.LogReadObject(adsystemAttendantMailbox);
                GenericAce[] aces = new GenericAce[]
                {
                    new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 131073, securityIdentifier, false, null)
                };
                DirectoryCommon.SetAclOnAlternateProperty(adsystemAttendantMailbox, aces, ADSystemAttendantMailboxSchema.ExchangeSecurityDescriptor);
                if (base.ShouldProcess(adsystemAttendantMailbox.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null))
                {
                    this.recipientSession.Save(adsystemAttendantMailbox);
                }
            }
            TaskLogger.LogExit();
        }
        protected override void InternalProcessRecord()
        {
            TaskLogger.LogEnter();
            QueryFilter filter = null;

            if (base.Fields.IsModified("AdministrativeGroup"))
            {
                filter = new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Name, this.AdministrativeGroup);
            }
            IEnumerable <AdministrativeGroup> enumerable = this.configurationSession.FindPaged <AdministrativeGroup>(null, QueryScope.SubTree, filter, null, 0);
            IEnumerator <AdministrativeGroup> enumerator = enumerable.GetEnumerator();

            if (enumerator == null || !enumerator.MoveNext())
            {
                if (base.Fields.IsModified("AdministrativeGroup"))
                {
                    base.WriteError(new AdminGroupNotFoundException(this.AdministrativeGroup), ErrorCategory.ObjectNotFound, null);
                }
                else
                {
                    base.WriteError(new AdminGroupsNotFoundException(), ErrorCategory.ObjectNotFound, null);
                }
            }
            SecurityIdentifier sid = this.exs.Sid;
            SecurityIdentifier securityIdentifier = new SecurityIdentifier("AU");
            SecurityIdentifier identity           = new SecurityIdentifier("SY");
            Guid schemaClassGuid = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchExchangeServer");
            List <ActiveDirectoryAccessRule> list = new List <ActiveDirectoryAccessRule>();

            list.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.RecipientUpdateExtendedRightGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid));
            list.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.RecipientUpdateExtendedRightGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid));
            GenericAce[] aces = new GenericAce[]
            {
                new ObjectAce(AceFlags.None, AceQualifier.AccessAllowed, 256, securityIdentifier, ObjectAceFlags.ObjectAceTypePresent, WellKnownGuid.CreatePublicFolderExtendedRightGuid, Guid.Empty, false, null)
            };
            do
            {
                AdministrativeGroup administrativeGroup = enumerator.Current;
                base.LogReadObject(administrativeGroup);
                if (base.ShouldProcess(administrativeGroup.DistinguishedName, Strings.InfoProcessAction(this.eoa.Sid.ToString()), null))
                {
                    DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, administrativeGroup, list.ToArray());
                }
                DirectoryCommon.SetAclOnAlternateProperty(administrativeGroup, aces, AdministrativeGroupSchema.PublicFolderDefaultAdminAcl);
                if (base.ShouldProcess(administrativeGroup.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null))
                {
                    this.configurationSession.Save(administrativeGroup);
                }
                PublicFolderTree[] array = this.configurationSession.Find <PublicFolderTree>(administrativeGroup.Id, QueryScope.SubTree, new ComparisonFilter(ComparisonOperator.Equal, PublicFolderTreeSchema.PublicFolderTreeType, PublicFolderTreeType.Mapi), null, 0);
                if (array.Length == 0)
                {
                    base.WriteVerbose(Strings.InfoCouldNotFindMAPITLHInAdminGroup(administrativeGroup.AdminDisplayName));
                }
                else
                {
                    PublicFolderTree publicFolderTree = array[0];
                    base.LogReadObject(publicFolderTree);
                    DirectoryCommon.SetAclOnAlternateProperty(publicFolderTree, aces, AdministrativeGroupSchema.PublicFolderDefaultAdminAcl);
                    if (base.ShouldProcess(publicFolderTree.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null))
                    {
                        this.configurationSession.Save(publicFolderTree);
                    }
                }
                ActiveDirectoryAccessRule ace = new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All);
                this.SetAceByObjectClass <ServersContainer>(administrativeGroup.Id, ace);
            }while (enumerator.MoveNext());
            TaskLogger.LogExit();
        }