public static void SetAclOnAlternateProperty(ADObject obj, GenericAce[] aces, PropertyDefinition sdProperty) { using (WindowsIdentity current = WindowsIdentity.GetCurrent()) { SecurityIdentifier user = current.User; SecurityIdentifier group = user; DirectoryCommon.SetAclOnAlternateProperty(obj, aces, sdProperty, user, group); } }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(); ADSystemAttendantMailbox adsystemAttendantMailbox = null; Server server = null; SecurityIdentifier sid = this.exs.Sid; SecurityIdentifier securityIdentifier = new SecurityIdentifier("SY"); try { server = ((ITopologyConfigurationSession)this.configurationSession).FindLocalServer(); } catch (LocalServerNotFoundException ex) { base.WriteError(new CouldNotFindExchangeServerDirectoryEntryException(ex.Fqdn), ErrorCategory.InvalidData, null); } if (server != null) { base.LogReadObject(server); this.recipientSession.DomainController = server.OriginatingServer; ADRecipient[] array = this.recipientSession.Find(server.Id.GetChildId("Microsoft System Attendant"), QueryScope.Base, null, null, 1); if (array.Length > 0) { adsystemAttendantMailbox = (array[0] as ADSystemAttendantMailbox); } } if (adsystemAttendantMailbox != null) { base.LogReadObject(adsystemAttendantMailbox); GenericAce[] aces = new GenericAce[] { new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 131073, securityIdentifier, false, null) }; DirectoryCommon.SetAclOnAlternateProperty(adsystemAttendantMailbox, aces, ADSystemAttendantMailboxSchema.ExchangeSecurityDescriptor); if (base.ShouldProcess(adsystemAttendantMailbox.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null)) { this.recipientSession.Save(adsystemAttendantMailbox); } } TaskLogger.LogExit(); }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(); QueryFilter filter = null; if (base.Fields.IsModified("AdministrativeGroup")) { filter = new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.Name, this.AdministrativeGroup); } IEnumerable <AdministrativeGroup> enumerable = this.configurationSession.FindPaged <AdministrativeGroup>(null, QueryScope.SubTree, filter, null, 0); IEnumerator <AdministrativeGroup> enumerator = enumerable.GetEnumerator(); if (enumerator == null || !enumerator.MoveNext()) { if (base.Fields.IsModified("AdministrativeGroup")) { base.WriteError(new AdminGroupNotFoundException(this.AdministrativeGroup), ErrorCategory.ObjectNotFound, null); } else { base.WriteError(new AdminGroupsNotFoundException(), ErrorCategory.ObjectNotFound, null); } } SecurityIdentifier sid = this.exs.Sid; SecurityIdentifier securityIdentifier = new SecurityIdentifier("AU"); SecurityIdentifier identity = new SecurityIdentifier("SY"); Guid schemaClassGuid = DirectoryCommon.GetSchemaClassGuid(this.configurationSession, "msExchExchangeServer"); List <ActiveDirectoryAccessRule> list = new List <ActiveDirectoryAccessRule>(); list.Add(new ActiveDirectoryAccessRule(this.eoa.Sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.RecipientUpdateExtendedRightGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid)); list.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow, WellKnownGuid.RecipientUpdateExtendedRightGuid, ActiveDirectorySecurityInheritance.Descendents, schemaClassGuid)); GenericAce[] aces = new GenericAce[] { new ObjectAce(AceFlags.None, AceQualifier.AccessAllowed, 256, securityIdentifier, ObjectAceFlags.ObjectAceTypePresent, WellKnownGuid.CreatePublicFolderExtendedRightGuid, Guid.Empty, false, null) }; do { AdministrativeGroup administrativeGroup = enumerator.Current; base.LogReadObject(administrativeGroup); if (base.ShouldProcess(administrativeGroup.DistinguishedName, Strings.InfoProcessAction(this.eoa.Sid.ToString()), null)) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, administrativeGroup, list.ToArray()); } DirectoryCommon.SetAclOnAlternateProperty(administrativeGroup, aces, AdministrativeGroupSchema.PublicFolderDefaultAdminAcl); if (base.ShouldProcess(administrativeGroup.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null)) { this.configurationSession.Save(administrativeGroup); } PublicFolderTree[] array = this.configurationSession.Find <PublicFolderTree>(administrativeGroup.Id, QueryScope.SubTree, new ComparisonFilter(ComparisonOperator.Equal, PublicFolderTreeSchema.PublicFolderTreeType, PublicFolderTreeType.Mapi), null, 0); if (array.Length == 0) { base.WriteVerbose(Strings.InfoCouldNotFindMAPITLHInAdminGroup(administrativeGroup.AdminDisplayName)); } else { PublicFolderTree publicFolderTree = array[0]; base.LogReadObject(publicFolderTree); DirectoryCommon.SetAclOnAlternateProperty(publicFolderTree, aces, AdministrativeGroupSchema.PublicFolderDefaultAdminAcl); if (base.ShouldProcess(publicFolderTree.DistinguishedName, Strings.InfoProcessAction(securityIdentifier.ToString()), null)) { this.configurationSession.Save(publicFolderTree); } } ActiveDirectoryAccessRule ace = new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny, WellKnownGuid.ReceiveAsExtendedRightGuid, ActiveDirectorySecurityInheritance.All); this.SetAceByObjectClass <ServersContainer>(administrativeGroup.Id, ace); }while (enumerator.MoveNext()); TaskLogger.LogExit(); }