protected override void InternalProcessRecord() { TaskLogger.LogEnter(); this.RemoveGroupByWKGuid(WellKnownGuid.ExSWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.MaSWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EraWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EmaWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EpaWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.E3iWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EwpWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EtsWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EahoWkGuid); this.RemoveGroupByWKGuid(WellKnownGuid.EfomgWkGuid); foreach (RoleGroupDefinition roleGroupDefinition in InitializeExchangeUniversalGroups.RoleGroupsToCreate()) { if (!roleGroupDefinition.RoleGroupGuid.Equals(WellKnownGuid.EoaWkGuid)) { this.RemoveGroupByWKGuid(roleGroupDefinition.RoleGroupGuid); } } try { this.RemoveGroupByWKGuid(WellKnownGuid.EoaWkGuid); } catch (ADOperationException ex) { this.WriteWarning(Strings.NeedManuallyRemoveEOA(ex.Message)); } TaskLogger.LogExit(); }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(); RoleGroupCollection roleGroupCollection = InitializeExchangeUniversalGroups.RoleGroupsToCreate(); bool flag = false; foreach (RoleGroupDefinition roleGroupDefinition in roleGroupCollection) { roleGroupDefinition.ADGroup = base.ResolveExchangeGroupGuid <ADGroup>(roleGroupDefinition.RoleGroupGuid); if (roleGroupDefinition.ADGroup == null) { flag = true; } } ADGroup adgroup = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.ExSWkGuid); ADGroup adgroup2 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.E3iWkGuid); ADGroup adgroup3 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EtsWkGuid); ADGroup adgroup4 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EwpWkGuid); this.adSplitPermissionMode = false; if (this.ActiveDirectorySplitPermissions != null) { if (this.ActiveDirectorySplitPermissions.Value) { this.adSplitPermissionMode = true; } else { this.adSplitPermissionMode = false; } } else if (adgroup3 == null) { this.adSplitPermissionMode = false; } else if (adgroup4 == null) { this.adSplitPermissionMode = false; } else if (!adgroup4.Members.Contains(adgroup3.Id)) { this.adSplitPermissionMode = true; } else { this.adSplitPermissionMode = false; } ADOrganizationalUnit adorganizationalUnit = this.FindExchangeUSGContainer("Microsoft Exchange Protected Groups", this.domainConfigurationSession, this.rootDomain.Id); if (this.adSplitPermissionMode && adorganizationalUnit == null) { adorganizationalUnit = this.CreateExchangeUSGContainer("Microsoft Exchange Protected Groups", this.domainConfigurationSession, this.rootDomain.Id); if (adorganizationalUnit == null) { base.WriteError(new USGContainerNotFoundException("Microsoft Exchange Protected Groups", this.rootDomain.DistinguishedName), ErrorCategory.ObjectNotFound, null); } } ADOrganizationalUnit adorganizationalUnit2 = null; if (flag || adgroup == null || adgroup2 == null || adgroup3 == null || (!this.adSplitPermissionMode && adgroup4 == null)) { adorganizationalUnit2 = this.CreateExchangeUSGContainer("Microsoft Exchange Security Groups", this.domainConfigurationSession, this.rootDomain.Id); if (adorganizationalUnit2 == null) { base.WriteError(new USGContainerNotFoundException("Microsoft Exchange Security Groups", this.rootDomain.DistinguishedName), ErrorCategory.ObjectNotFound, null); } } else { adorganizationalUnit2 = this.FindExchangeUSGContainer("Microsoft Exchange Security Groups", this.domainConfigurationSession, this.rootDomain.Id); } this.CreateAndValidateRoleGroups(adorganizationalUnit2, roleGroupCollection); this.CreateGroup(adorganizationalUnit2, "Exchange Servers", 0, WellKnownGuid.ExSWkGuid, Strings.ExchangeServersUSGDescription); this.CreateGroup(adorganizationalUnit2, "Exchange Trusted Subsystem", 0, WellKnownGuid.EtsWkGuid, Strings.ExchangeTrustedSubsystemDescription); this.CreateGroup(adorganizationalUnit2, "Managed Availability Servers", 0, WellKnownGuid.MaSWkGuid, Strings.ManagedAvailabilityServersUSGDescription); if (this.adSplitPermissionMode) { this.CreateOrMoveEWPGroup(adgroup4, adorganizationalUnit); } else { this.CreateOrMoveEWPGroup(adgroup4, adorganizationalUnit2); if (adorganizationalUnit != null) { this.domainConfigurationSession.Delete(adorganizationalUnit); base.LogWriteObject(adorganizationalUnit); } } this.CreateGroup(adorganizationalUnit2, "ExchangeLegacyInterop", 0, WellKnownGuid.E3iWkGuid, Strings.ExchangeInteropUSGDescription); if (adgroup == null) { adgroup = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.ExSWkGuid); if (adgroup == null) { base.WriteError(new ExSGroupNotFoundException(WellKnownGuid.ExSWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup); ADGroup adgroup5 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.MaSWkGuid); if (adgroup5 == null) { base.WriteError(new MaSGroupNotFoundException(WellKnownGuid.MaSWkGuid), ErrorCategory.InvalidData, null); } base.LogReadObject(adgroup5); InitializeExchangeUniversalGroups.AddMember(adgroup, this.rootDomainRecipientSession, adgroup5, new WriteVerboseDelegate(base.WriteVerbose)); if (adgroup2 == null) { adgroup2 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.E3iWkGuid); if (adgroup2 == null) { base.WriteError(new E2k3InteropGroupNotFoundException(WellKnownGuid.E3iWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup2); bool etsExisted = adgroup3 != null; if (adgroup3 == null) { adgroup3 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EtsWkGuid); if (adgroup3 == null) { base.WriteError(new ExTrustedSubsystemGroupNotFoundException(WellKnownGuid.EtsWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup3); bool ewpExisted = adgroup4 != null; if (adgroup4 == null) { adgroup4 = base.ResolveExchangeGroupGuid <ADGroup>(WellKnownGuid.EwpWkGuid); if (adgroup4 == null) { base.WriteError(new ExWindowsPermissionsGroupNotFoundException(WellKnownGuid.EwpWkGuid), ErrorCategory.InvalidData, null); } } base.LogReadObject(adgroup4); this.GrantWriteMembershipPermission(adgroup3.Sid, adorganizationalUnit2); this.FixExchangeTrustedSubsystemGroupMembership(adgroup3, adgroup4, adgroup, roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EmaWkGuid), etsExisted, ewpExisted); WindowsPrincipal windowsPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent()); string name = windowsPrincipal.Identity.Name; string[] array = name.Split(new char[] { '\\' }, 2); ADCrossRef[] domainPartitions = ADForest.GetLocalForest(base.DomainController).GetDomainPartitions(); if (domainPartitions == null || domainPartitions.Length == 0) { base.WriteError(new DomainsNotFoundException(), ErrorCategory.InvalidData, null); } List <SecurityIdentifier> list = new List <SecurityIdentifier>(); foreach (ADCrossRef adcrossRef in domainPartitions) { Exception ex = null; try { this.domainConfigurationSession.DomainController = null; ADDomain addomain = this.domainConfigurationSession.Read <ADDomain>(adcrossRef.NCName); base.LogReadObject(addomain); SecurityIdentifier item = new SecurityIdentifier(WellKnownSidType.AccountDomainAdminsSid, addomain.Sid); list.Add(item); } catch (ADExternalException ex2) { ex = ex2; } catch (ADTransientException ex3) { ex = ex3; } if (ex != null) { this.WriteWarning(Strings.DomainNotReachableWarning(adcrossRef.DnsRoot[0])); } } this.domainConfigurationSession.DomainController = null; ADGroup adgroupByGuid = roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EoaWkGuid); ADGroup adgroupByGuid2 = roleGroupCollection.GetADGroupByGuid(WellKnownGuid.EpaWkGuid); ActiveDirectoryAccessRule activeDirectoryAccessRule = new ActiveDirectoryAccessRule(adgroupByGuid.Sid, ActiveDirectoryRights.GenericAll, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All); List <ActiveDirectoryAccessRule> list2 = new List <ActiveDirectoryAccessRule>(); list2.Add(activeDirectoryAccessRule); Guid schemaPropertyGuid = DirectoryCommon.GetSchemaPropertyGuid(this.configurationSession, "member"); foreach (SecurityIdentifier identity in list) { list2.Add(new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, schemaPropertyGuid, ActiveDirectorySecurityInheritance.All)); } DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroup, list2.ToArray()); try { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroupByGuid, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); } catch (ADOperationException ex4) { this.WriteWarning(Strings.UnableToGrantFullControlOnEOA(adgroupByGuid.Id.ToString(), adgroupByGuid.Id.ToString(), ex4.Message)); } if (adgroupByGuid2 != null) { DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroupByGuid2, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); } if (adorganizationalUnit2 != null) { base.WriteVerbose(Strings.InfoSetAces(adorganizationalUnit2.Id.DistinguishedName)); DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adorganizationalUnit2, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); } DirectoryCommon.SetAces(new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), null, adgroup2, new ActiveDirectoryAccessRule[] { activeDirectoryAccessRule }); bool useGlobalCatalog = this.recipientSession.UseGlobalCatalog; this.recipientSession.UseGlobalCatalog = true; try { ADRecipient adrecipient = (ADRecipient)this.recipientSession.FindByAccountName <ADRecipient>(array[0], array[1]); if (adrecipient != null) { TaskLogger.Trace("Adding user {0} ({1}), to group {2}.", new object[] { name, adrecipient.DistinguishedName, adgroupByGuid.DistinguishedName }); InitializeExchangeUniversalGroups.AddMember(adrecipient, this.rootDomainRecipientSession, adgroupByGuid, new WriteVerboseDelegate(base.WriteVerbose)); } else { TaskLogger.Trace("Didn't find user {0})", new object[] { name }); } } catch (ADOperationException ex5) { base.WriteVerbose(new LocalizedString(ex5.Message)); } this.recipientSession.UseGlobalCatalog = useGlobalCatalog; TaskLogger.LogExit(); }