protected override void InternalProcessRecord() { TaskLogger.LogEnter(); this.RemoveGroupByWKGuid(WellKnownGuid.ExSWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.MaSWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EraWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EmaWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EpaWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.E3iWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EwpWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EtsWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EahoWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EfomgWkGuid); foreach (RoleGroupDefinition roleGroupDefinition in InitializeExchangeUniversalGroups.RoleGroupsToCreate()) { if (!roleGroupDefinition.RoleGroupGuid.Equals(WellKnownGuid.EoaWkGuid)) { this.RemoveGroupByWKGuid(roleGroupDefinition.RoleGroupGuid); } } try { this.RemoveGroupByWKGuid(WellKnownGuid.EoaWkGuid); } catch (ADOperationException ex) { this.WriteWarning(Strings.NeedManuallyRemoveEOA(ex.Message)); } TaskLogger.LogExit(); }
private void CreateAndValidateRoleGroups(ADOrganizationalUnit usgContainer, RoleGroupCollection roleGroups) { foreach (RoleGroupDefinition roleGroup in roleGroups) { this.CreateRoleGroup(usgContainer, roleGroup); } WindowsPrincipal windowsPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent()); string name = windowsPrincipal.Identity.Name; string[] array = name.Split(new char[] { '\\' }, 2); ADRecipient adrecipient = (ADRecipient)this.recipientSession.FindByAccountName <ADRecipient>(array[0], array[1]); if (adrecipient != null) { TaskLogger.Trace("Didn't find user {0})", new object[] { name }); } ADGroup adgroup = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EoaWkGuid); if (adgroup == null) { base.WriteError(new ExOrgAdminSGroupNotFoundException(WellKnownGuid.EoaWkGuid), ErrorCategory.ObjectNotFound, null); } else if (adrecipient != null) { base.LogReadObject(adrecipient); TaskLogger.Trace("User {0} is being set as member of RoleGroup {1}", new object[] { adrecipient.DistinguishedName, adgroup.Name }); InitializeExchangeUniversalGroups.AddMember(adrecipient, this.rootDomainRecipientSession, adgroup, new WriteVerboseDelegate(base.WriteVerbose)); } foreach (RoleGroupDefinition roleGroupDefinition in roleGroups) { if (roleGroupDefinition.ADGroup == null) { roleGroupDefinition.ADGroup = base.ResolveExchangeGroupGuid <ADGroup>(roleGroupDefinition.RoleGroupGuid); if (roleGroupDefinition.ADGroup == null) { base.WriteError(roleGroupDefinition.GuidNotFoundException, ErrorCategory.ObjectNotFound, null); } base.LogReadObject(roleGroupDefinition.ADGroup); } if (roleGroupDefinition.ADGroup != null && !roleGroupDefinition.ADGroup.ManagedBy.Contains(adgroup.Id)) { roleGroupDefinition.ADGroup.ManagedBy.Add(adgroup.Id); this.rootDomainRecipientSession.Save(roleGroupDefinition.ADGroup); base.LogWriteObject(roleGroupDefinition.ADGroup); } } }
internal static ADGroup CreateUniqueChildSG(IRecipientSession session, ADObjectId dom, ADObjectId containerId, string groupNameOrig, string groupDescription, string groupSam, GroupTypeFlags groupType, OrganizationId orgId) { string commonName = InitializeExchangeUniversalGroups.FindUniqueCN(session, containerId, groupNameOrig); ADGroup adgroup = new ADGroup(session, commonName, containerId, groupType); MultiValuedProperty <string> multiValuedProperty = new MultiValuedProperty <string>(); multiValuedProperty.Add(groupDescription); adgroup[ADRecipientSchema.Description] = multiValuedProperty; adgroup.SamAccountName = groupSam; adgroup.OrganizationId = orgId; InitializeExchangeUniversalGroups.SaveGroup(session, containerId, adgroup); TaskLogger.Trace(Strings.InfoCreatedGroup(adgroup.DistinguishedName)); return(adgroup); }
private ADGroup CreateOrMoveEWPGroup(ADGroup ewp, ADOrganizationalUnit usgContainer) { if (ewp == null) { return(this.CreateGroup(usgContainer, "Exchange Windows Permissions", 0, WellKnownGuid.EwpWkGuid, Strings.ExchangeWindowsPermissionsDescription)); } if (!ewp.Id.IsDescendantOf(usgContainer.Id)) { ewp.SetId(usgContainer.Id.GetChildId("CN", ewp.Id.Rdn.UnescapedName)); InitializeExchangeUniversalGroups.SaveGroup(this.rootDomainRecipientSession, usgContainer.Id, ewp); TaskLogger.Trace(Strings.InfoMovedGroup(ewp.DistinguishedName, ewp.Id.Parent.ToDNString(), usgContainer.Id.ToDNString())); } return(ewp); }
internal static string FindUniqueCN(IRecipientSession session, ADObjectId parentId, string cnOrig) { string suffix = ""; for (int i = 1; i < 100; i++) { string text = InitializeExchangeUniversalGroups.Concat(cnOrig, suffix, 64); if (session.Read(parentId.GetChildId(text)) == null) { return(text); } suffix = i.ToString(); } return(InitializeExchangeUniversalGroups.Concat(cnOrig, Guid.NewGuid().ToString("N"), 64)); }
internal static string FindUniqueSamAccountName(IRecipientSession session, ADObjectId dom, string samOrig) { string suffix = ""; for (int i = 1; i < 100; i++) { string text = InitializeExchangeUniversalGroups.Concat(samOrig, suffix, 256); QueryFilter filter = new ComparisonFilter(ComparisonOperator.Equal, IADSecurityPrincipalSchema.SamAccountName, text); ADRawEntry[] array = session.Find(dom, QueryScope.SubTree, filter, null, 1); if (array.Length == 0) { return(text); } suffix = i.ToString(); } return(InitializeExchangeUniversalGroups.Concat(samOrig, Guid.NewGuid().ToString("N"), 256)); }
internal static ADGroup CreateUniqueRoleGroup(IRecipientSession session, ADObjectId dom, ADObjectId containerId, string groupNameOrig, int groupId, string groupDescription, string groupSam, List <ADObjectId> manageBy, OrganizationId orgId) { string commonName = InitializeExchangeUniversalGroups.FindUniqueCN(session, containerId, groupNameOrig); ADGroup adgroup = new ADGroup(session, commonName, containerId, GroupTypeFlags.Universal | GroupTypeFlags.SecurityEnabled); adgroup.RecipientTypeDetails = RecipientTypeDetails.RoleGroup; adgroup.SamAccountName = groupSam; adgroup.OrganizationId = orgId; adgroup[ADRecipientSchema.Description] = new MultiValuedProperty <string>(groupDescription); adgroup[ADGroupSchema.RoleGroupTypeId] = groupId; if (manageBy != null && manageBy.Count > 0) { adgroup.ManagedBy = new MultiValuedProperty <ADObjectId>(manageBy); } InitializeExchangeUniversalGroups.SaveGroup(session, containerId, adgroup); TaskLogger.Trace(Strings.InfoCreatedGroup(adgroup.DistinguishedName)); return(adgroup); }
private void FixExchangeTrustedSubsystemGroupMembership(ADGroup ets, ADGroup ewp, ADGroup exs, ADGroup ema, bool etsExisted, bool ewpExisted) { if (!ewpExisted && etsExisted) { ets.Members.Remove(exs.Id); ADPagedReader <Server> adpagedReader = ((ITopologyConfigurationSession)this.configurationSession).FindAllServersWithVersionNumber(Server.E14MinVersion); bool useGlobalCatalog = this.domainConfigurationSession.UseGlobalCatalog; this.domainConfigurationSession.UseGlobalCatalog = true; foreach (Server server in adpagedReader) { ADComputer adcomputer = ((ITopologyConfigurationSession)this.domainConfigurationSession).FindComputerByHostName(server.Fqdn); if (adcomputer == null) { this.WriteWarning(Strings.ErrorCannotFindComputerObjectByServerFqdnNeedManualAdd(server.Fqdn)); } else if (ets.Members.Contains(adcomputer.Id)) { base.WriteVerbose(Strings.InfoAlreadyIsMemberOfGroup(adcomputer.DistinguishedName, ets.DistinguishedName)); } else { ets.Members.Add(adcomputer.Id); } } this.domainConfigurationSession.UseGlobalCatalog = useGlobalCatalog; SetupTaskBase.Save(ets, this.rootDomainRecipientSession); } if (this.adSplitPermissionMode) { InitializeExchangeUniversalGroups.RemoveMember(ets, this.rootDomainRecipientSession, ewp, new WriteVerboseDelegate(base.WriteVerbose)); } else { InitializeExchangeUniversalGroups.AddMember(ets, this.rootDomainRecipientSession, ewp, new WriteVerboseDelegate(base.WriteVerbose)); } if (ema.Members.Contains(ets.Id)) { ema.Members.Remove(ets.Id); SetupTaskBase.Save(ema, this.rootDomainRecipientSession); } }
private void CreateRoleGroup(ADOrganizationalUnit usgContainer, RoleGroupDefinition roleGroup) { ADGroup adgroup = this.CreateGroup(usgContainer, roleGroup.Name, roleGroup.Id, roleGroup.RoleGroupGuid, roleGroup.Description, GroupTypeFlags.Universal | GroupTypeFlags.SecurityEnabled, true); if (adgroup == null) { base.WriteError(roleGroup.GuidNotFoundException, ErrorCategory.ObjectNotFound, null); } base.LogReadObject(adgroup); foreach (Guid wkg in roleGroup.E12USG) { ADGroup adgroup2 = base.ResolveExchangeGroupGuid <ADGroup>(wkg); if (adgroup2 != null && adgroup2.RecipientType == RecipientType.Group) { base.LogReadObject(adgroup2); TaskLogger.Trace("Adding old USG {0} as member of RG {1}", new object[] { adgroup2.Name, adgroup.Name }); InitializeExchangeUniversalGroups.AddMember(adgroup2, this.rootDomainRecipientSession, adgroup, new WriteVerboseDelegate(base.WriteVerbose)); } } }
private ADGroup CreateGroup(OrganizationId orgId, ADObjectId usgContainerId, string groupName, int groupId, Guid wkGuid, string groupDescription, GroupTypeFlags groupType, List <ADObjectId> manageBy) { ADGroup adgroup = null; DNWithBinary dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(this.configurationUnit.OtherWellKnownObjects, wkGuid); if (null != dnwithBinary) { ADObjectId adobjectId = new ADObjectId(dnwithBinary.DistinguishedName); if (adobjectId.IsDeleted) { base.WriteError(new InvalidWKObjectException(dnwithBinary.ToString(), orgId.ConfigurationUnit.DistinguishedName), ErrorCategory.InvalidData, null); } ADRecipient adrecipient = this.orgDomainRecipientSession.Read(adobjectId); if (adrecipient == null) { base.WriteError(new InvalidWKObjectException(dnwithBinary.ToString(), orgId.ConfigurationUnit.DistinguishedName), ErrorCategory.InvalidData, null); } base.LogReadObject(adrecipient); if (adrecipient.RecipientType != RecipientType.Group) { base.WriteError(new InvalidWKObjectTargetException(wkGuid.ToString(), orgId.ConfigurationUnit.ToString(), adgroup.Id.DistinguishedName, groupType.ToString()), ErrorCategory.InvalidData, null); } adgroup = (adrecipient as ADGroup); InitializeExchangeUniversalGroups.UpgradeRoleGroupLocalization(adgroup, groupId, groupDescription, this.orgDomainRecipientSession); if ((adgroup.GroupType & groupType) != groupType) { base.WriteVerbose(Strings.InfoChangingGroupType(adgroup.Id.DistinguishedName, groupType.ToString())); adgroup.GroupType = groupType; adgroup.RecipientTypeDetails = RecipientTypeDetails.RoleGroup; this.orgDomainRecipientSession.Save(adgroup); base.LogWriteObject(adgroup); } else { base.WriteVerbose(Strings.InfoGroupAlreadyPresent(adgroup.Id.DistinguishedName)); } return(adgroup); } ADGroup adgroup2 = null; try { string groupSam = groupName + "{" + Guid.NewGuid().ToString("N") + "}"; adgroup2 = InitializeExchangeUniversalGroups.CreateUniqueRoleGroup(this.orgDomainRecipientSession, orgId.OrganizationalUnit.DomainId, usgContainerId, groupName, groupId, groupDescription, groupSam, manageBy, orgId); dnwithBinary = this.CreateWKGuid(adgroup2.Id, wkGuid); } finally { if (adgroup2 == null && dnwithBinary != null) { this.configurationUnit.OtherWellKnownObjects.Remove(dnwithBinary); this.configurationSession.Save(this.configurationUnit); base.LogWriteObject(this.configurationUnit); } else if (adgroup2 != null && dnwithBinary == null) { this.orgDomainRecipientSession.Delete(adgroup2); base.LogWriteObject(adgroup2); adgroup2 = null; } } return(adgroup2); }
internal static ADGroup CreateUniqueRoleGroup(IRecipientSession session, ADObjectId dom, ADObjectId containerId, string groupNameOrig, int groupId, string groupDescription, OrganizationId orgId) { string groupSam = InitializeExchangeUniversalGroups.FindUniqueSamAccountName(session, dom, groupNameOrig); return(InitializeExchangeUniversalGroups.CreateUniqueRoleGroup(session, dom, containerId, groupNameOrig, groupId, groupDescription, groupSam, null, orgId)); }
internal static ADGroup CreateUniqueChildUSG(IRecipientSession session, ADObjectId dom, ADObjectId containerId, string groupNameOrig, string groupDescription, OrganizationId orgId) { return(InitializeExchangeUniversalGroups.CreateUniqueChildSG(session, dom, containerId, groupNameOrig, groupDescription, GroupTypeFlags.Universal | GroupTypeFlags.SecurityEnabled, orgId)); }
private ADGroup CreateGroup(ADOrganizationalUnit usgContainer, string groupName, int groupId, Guid wkGuid, string groupDescription, GroupTypeFlags groupType, bool createAsRoleGroup) { ADRecipient adrecipient = base.ResolveExchangeGroupGuid <ADRecipient>(wkGuid); DNWithBinary dnwithBinary = null; if (adrecipient != null) { base.LogReadObject(adrecipient); if (adrecipient.RecipientType != RecipientType.Group) { base.WriteError(new InvalidWKObjectTargetException(wkGuid.ToString(), "CN=Microsoft Exchange,CN=Services," + this.configurationSession.ConfigurationNamingContext.DistinguishedName, adrecipient.Id.DistinguishedName, groupType.ToString()), ErrorCategory.NotSpecified, null); } ADGroup adgroup = adrecipient as ADGroup; base.LogReadObject(adgroup); if ((adgroup.GroupType & groupType) != groupType) { base.WriteError(new InvalidWKObjectTargetException(wkGuid.ToString(), "CN=Microsoft Exchange,CN=Services," + this.configurationSession.ConfigurationNamingContext.DistinguishedName, adgroup.Id.DistinguishedName, groupType.ToString()), ErrorCategory.NotSpecified, null); } if (createAsRoleGroup && adgroup.RecipientTypeDetails != RecipientTypeDetails.RoleGroup) { base.WriteError(new InvalidWKObjectTargetException(wkGuid.ToString(), "CN=Microsoft Exchange,CN=Services," + this.configurationSession.ConfigurationNamingContext.DistinguishedName, adgroup.Id.DistinguishedName, RecipientTypeDetails.RoleGroup.ToString()), ErrorCategory.NotSpecified, null); } base.WriteVerbose(Strings.InfoGroupAlreadyPresent(adgroup.Id.DistinguishedName)); dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(this.exchangeConfigContainer.OtherWellKnownObjects, wkGuid); if (dnwithBinary == null) { dnwithBinary = this.CreateWKGuid(this.exchangeConfigContainer, adgroup.Id, wkGuid); } if (createAsRoleGroup) { InitializeExchangeUniversalGroups.UpgradeRoleGroupLocalization(adgroup, groupId, groupDescription, this.rootDomainRecipientSession); } return(adgroup); } ADContainer adcontainer = this.exchangeConfigContainer; dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(adcontainer.OtherWellKnownObjects, wkGuid); if (dnwithBinary == null) { adcontainer = this.configContainer; dnwithBinary = DirectoryCommon.FindWellKnownObjectEntry(adcontainer.OtherWellKnownObjects, wkGuid); } if (dnwithBinary != null) { base.WriteError(new InvalidWKObjectException(dnwithBinary.ToString(), adcontainer.DistinguishedName), ErrorCategory.NotSpecified, null); } ADGroup adgroup2 = null; try { if (createAsRoleGroup) { adgroup2 = InitializeExchangeUniversalGroups.CreateUniqueRoleGroup(this.rootDomainRecipientSession, this.rootDomain.Id, usgContainer.Id, groupName, groupId, groupDescription, OrganizationId.ForestWideOrgId); } else { adgroup2 = InitializeExchangeUniversalGroups.CreateUniqueChildSG(this.rootDomainRecipientSession, this.rootDomain.Id, usgContainer.Id, groupName, groupDescription, groupType, OrganizationId.ForestWideOrgId); } dnwithBinary = this.CreateWKGuid(this.exchangeConfigContainer, adgroup2.Id, wkGuid); } finally { if (adgroup2 == null && dnwithBinary != null) { this.exchangeConfigContainer.OtherWellKnownObjects.Remove(dnwithBinary); this.domainConfigurationSession.Save(this.exchangeConfigContainer); base.LogWriteObject(this.exchangeConfigContainer); } else if (adgroup2 != null && dnwithBinary == null) { this.rootDomainRecipientSession.Delete(adgroup2); base.LogWriteObject(adgroup2); adgroup2 = null; } } return(adgroup2); }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(); RoleGroupCollection roleGroupCollection = InitializeExchangeUniversalGroups.RoleGroupsToCreate(); bool flag = false; foreach (RoleGroupDefinition roleGroupDefinition in roleGroupCollection) { roleGroupDefinition.ADGroup = base.ResolveExchangeGroupGuid <ADGroup>(roleGroupDefinition.RoleGroupGuid); if (roleGroupDefinition.ADGroup == null) { flag = true; } } ADGroup adgroup = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.ExSWkGuid); ADGroup adgroup2 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.E3iWkGuid); ADGroup adgroup3 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EtsWkGuid); ADGroup adgroup4 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EwpWkGuid); this.adSplitPermissionMode = false; if (this.ActiveDirectorySplitPermissions != null) { if (this.ActiveDirectorySplitPermissions.Value) { this.adSplitPermissionMode = true; } else { this.adSplitPermissionMode = false; } } else if (adgroup3 == null) { this.adSplitPermissionMode = false; } else if (adgroup4 == null) { this.adSplitPermissionMode = false; } else if (!adgroup4.Members.Contains(adgroup3.Id)) { this.adSplitPermissionMode = true; } else { this.adSplitPermissionMode = false; } ADOrganizationalUnit adorganizationalUnit = this.FindExchangeUSGContainer("Microsoft Exchange Protected Groups", this.domainConfigurationSession, this.rootDomain.Id); if (this.adSplitPermissionMode && adorganizationalUnit == null) { adorganizationalUnit = this.CreateExchangeUSGContainer("Microsoft Exchange Protected Groups", this.domainConfigurationSession, this.rootDomain.Id); if (adorganizationalUnit == null) { base.WriteError(new USGContainerNotFoundException("Microsoft Exchange Protected Groups", this.rootDomain.DistinguishedName), ErrorCategory.ObjectNotFound, null); } } ADOrganizationalUnit adorganizationalUnit2 = null; if (flag || adgroup == null || adgroup2 == null || adgroup3 == null || (!this.adSplitPermissionMode && adgroup4 == null)) { adorganizationalUnit2 = this.CreateExchangeUSGContainer("Microsoft Exchange Security Groups", this.domainConfigurationSession, this.rootDomain.Id); if (adorganizationalUnit2 == null) { base.WriteError(new USGContainerNotFoundException("Microsoft Exchange Security Groups", this.rootDomain.DistinguishedName), ErrorCategory.ObjectNotFound, null); } } else { adorganizationalUnit2 = this.FindExchangeUSGContainer("Microsoft Exchange Security Groups", this.domainConfigurationSession, this.rootDomain.Id); } this.CreateAndValidateRoleGroups(adorganizationalUnit2, roleGroupCollection); this.CreateGroup(adorganizationalUnit2, "Exchange Servers", 0, WellKnownGuid.ExSWkGuid, Strings.ExchangeServersUSGDescription); this.CreateGroup(adorganizationalUnit2, "Exchange Trusted Subsystem", 0, WellKnownGuid.EtsWkGuid, Strings.ExchangeTrustedSubsystemDescription); this.CreateGroup(adorganizationalUnit2, "Managed Availability Servers", 0, WellKnownGuid.MaSWkGuid, Strings.ManagedAvailabilityServersUSGDescription); if (this.adSplitPermissionMode) { this.CreateOrMoveEWPGroup(adgroup4, adorganizationalUnit); } else { this.CreateOrMoveEWPGroup(adgroup4, adorganizationalUnit2); if (adorganizationalUnit != null) { this.domainConfigurationSession.Delete(adorganizationalUnit); base.LogWriteObject(adorganizationalUnit); } } this.CreateGroup(adorganizationalUnit2, "ExchangeLegacyInterop", 0, WellKnownGuid.E3iWkGuid, Strings.ExchangeInteropUSGDescription); if (adgroup == null) { adgroup = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.ExSWkGuid); if (adgroup == null) { base.WriteError(new ExSGroupNotFoundException(WellKnownGuid.ExSWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup); ADGroup adgroup5 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.MaSWkGuid); if (adgroup5 == null) { base.WriteError(new MaSGroupNotFoundException(WellKnownGuid.MaSWkGuid), ErrorCategory.InvalidData, null); } base.LogReadObject(adgroup5); InitializeExchangeUniversalGroups.AddMember(adgroup, this.rootDomainRecipientSession, adgroup5, new WriteVerboseDelegate(base.WriteVerbose)); if (adgroup2 == null) { adgroup2 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.E3iWkGuid); if (adgroup2 == null) { base.WriteError(new E2k3InteropGroupNotFoundException(WellKnownGuid.E3iWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup2); bool etsExisted = adgroup3 != null; if (adgroup3 == null) { adgroup3 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EtsWkGuid); if (adgroup3 == null) { base.WriteError(new ExTrustedSubsystemGroupNotFoundException(WellKnownGuid.EtsWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup3); bool ewpExisted = adgroup4 != null; if (adgroup4 == null) { adgroup4 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EwpWkGuid); if (adgroup4 == null) { base.WriteError(new ExWindowsPermissionsGroupNotFoundException(WellKnownGuid.EwpWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup4); this.GrantWriteMembershipPermission(adgroup3.Sid, adorganizationalUnit2); this.FixExchangeTrustedSubsystemGroupMembership(adgroup3, adgroup4, adgroup, roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EmaWkGuid), etsExisted, ewpExisted); WindowsPrincipal windowsPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent()); string name = windowsPrincipal.Identity.Name; string[] array = name.Split(new char[] { '\\' }, 2); ADCrossRef[] domainPartitions = ADForest.GetLocalForest(base.DomainController).GetDomainPartitions(); if (domainPartitions == null || domainPartitions.Length == 0) { base.WriteError(new DomainsNotFoundException(), ErrorCategory.InvalidData, null); } List <SecurityIdentifier> list = new List <SecurityIdentifier>(); foreach (ADCrossRef adcrossRef in domainPartitions) { Exception ex = null; try { this.domainConfigurationSession.DomainController = null; ADDomain addomain = this.domainConfigurationSession.Read <ADDomain>(adcrossRef.NCName); base.LogReadObject(addomain); SecurityIdentifier item = new SecurityIdentifier(WellKnownSidType.AccountDomainAdminsSid, addomain.Sid); list.Add(item); } catch (ADExternalException ex2) { ex = ex2; } catch (ADTransientException ex3) { ex = ex3; } if (ex != null) { this.WriteWarning(Strings.DomainNotReachableWarning(adcrossRef.DnsRoot[0])); } } this.domainConfigurationSession.DomainController = null; ADGroup adgroupByGuid = roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EoaWkGuid); ADGroup adgroupByGuid2 = roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EpaWkGuid); ActiveDirectoryAccessRule activeDirectoryAccessRule = new ActiveDirectoryAccessRule(adgroupByGuid.Sid, ActiveDirectoryRights.GenericAll, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All); List <ActiveDirectoryAccessRule> list2 = new List <ActiveDirectoryAccessRule>(); list2.Add(activeDirectoryAccessRule); Guid schemaPropertyGuid = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "member"); foreach (SecurityIdentifier identity in list) { list2.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid, ActiveDirectorySecurityInheritance.All)); } DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroup, list2.ToArray()); try { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroupByGuid, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); } catch (ADOperationException ex4) { this.WriteWarning(Strings.UnableToGrantFullControlOnEOA(adgroupByGuid.Id.ToString(), adgroupByGuid.Id.ToString(), ex4.Message)); } if (adgroupByGuid2 != null) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroupByGuid2, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); } if (adorganizationalUnit2 != null) { base.WriteVerbose(Strings.InfoSetAces(adorganizationalUnit2.Id.DistinguishedName)); DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adorganizationalUnit2, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); } DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroup2, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); bool useGlobalCatalog = this.recipientSession.UseGlobalCatalog; this.recipientSession.UseGlobalCatalog = true; try { ADRecipient adrecipient = (ADRecipient)this.recipientSession.FindByAccountName <ADRecipient>(array[0], array[1]); if (adrecipient != null) { TaskLogger.Trace("Adding user {0} ({1}), to group {2}.", new object[] { name, adrecipient.DistinguishedName, adgroupByGuid.DistinguishedName }); InitializeExchangeUniversalGroups.AddMember(adrecipient, this.rootDomainRecipientSession, adgroupByGuid, new WriteVerboseDelegate(base.WriteVerbose)); } else { TaskLogger.Trace("Didn't find user {0})", new object[] { name }); } } catch (ADOperationException ex5) { base.WriteVerbose(new LocalizedString(ex5.Message)); } this.recipientSession.UseGlobalCatalog = useGlobalCatalog; TaskLogger.LogExit(); }