Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

10019 lines
382 KiB

  1. /*---------------------------------------------------------------------------
  2. File: AcctRepl.cpp
  3. Comments: Implementation of Account Replicator COM object.
  4. This COM object handles the copying or moving of directory objects.
  5. Win2K to Win2K migration is implemented in this file.
  6. NT -> Win2K migration is implemented in UserCopy.cpp
  7. (c) Copyright 1999, Mission Critical Software, Inc., All Rights Reserved
  8. Proprietary and confidential to Mission Critical Software, Inc.
  9. REVISION LOG ENTRY
  10. Revision By: Christy Boles
  11. Revised on 02/12/99 10:08:44
  12. Revision By: Sham Chauthani
  13. Revised on 07/02/99 12:40:00
  14. ---------------------------------------------------------------------------
  15. */
  16. // AcctRepl.cpp : Implementation of CAcctRepl
  17. #include "stdafx.h"
  18. #include "WorkObj.h"
  19. #include "AcctRepl.h"
  20. #include "BkupRstr.hpp"
  21. #include "StrHelp.h"
  22. /////////////////////////////////////////////////////////////////////////////
  23. // CAcctRepl
  24. #include "Err.hpp"
  25. #include "ErrDct.hpp"
  26. #include "EaLen.hpp"
  27. #include <dsgetdc.h>
  28. #include "UserRts.h"
  29. #include "RebootU.h"
  30. #include "DCTStat.h"
  31. #include "ResStr.h"
  32. #include "LSAUtils.h"
  33. #include "ARUtil.hpp"
  34. #include "Names.hpp"
  35. #include <lm.h>
  36. #include <iads.h>
  37. //#include <adshlp.h>
  38. #include "RegTrans.h"
  39. #include "TEvent.hpp"
  40. #include "RecNode.hpp"
  41. #include "ntdsapi.h"
  42. #include "TxtSid.h"
  43. #include "ExLDAP.h"
  44. #include "Win2KErr.h"
  45. //#import "\bin\McsDctWorkerObjects.tlb"
  46. //#import "\bin\McsVarSetMin.tlb" no_namespace
  47. //#import "\bin\AdsProp.tlb" no_namespace
  48. //#import "\bin\NetEnum.tlb" no_namespace
  49. //#import "\bin\DBManager.tlb" no_namespace
  50. //#import "WorkObj.tlb" //already #imported via ARUtil.cpp
  51. //#import "VarSet.tlb" no_namespace rename("property", "aproperty")//already #imported by AcctRepl.h
  52. #import "AdsProp.tlb" no_namespace
  53. #import "NetEnum.tlb" no_namespace
  54. //#import "DBMgr.tlb" no_namespace //already #imported via ARUtil.cpp
  55. #ifdef _DEBUG
  56. #define new DEBUG_NEW
  57. #undef THIS_FILE
  58. static char THIS_FILE[] = __FILE__;
  59. #endif
  60. IVarSet * g_pVarSet = NULL;
  61. TErrorDct err;
  62. TError & errCommon = err;
  63. extern bool g_bAddSidWorks;
  64. DWORD g_dwOpMask = OPS_All; // Global OpSeq by default all ops
  65. bool bAbortMessageWritten = false;
  66. BOOL BuiltinRid(DWORD rid);
  67. typedef HRESULT (CALLBACK * DSGETDCNAME)(LPWSTR, LPWSTR, GUID*, LPWSTR, DWORD, PDOMAIN_CONTROLLER_INFO*);
  68. ADSGETOBJECT ADsGetObject;
  69. typedef BOOL (CALLBACK * TConvertStringSidToSid)(LPCWSTR StringSid,PSID *Sid);
  70. TConvertStringSidToSid ConvertStringSidToSid;
  71. bool firstTime = true;
  72. typedef struct _Lookup {
  73. WCHAR * pName;
  74. WCHAR * pType;
  75. } Lookup;
  76. //Function to sort by account sam name only
  77. int TNodeCompareNameOnly(TNode const * t1,TNode const * t2)
  78. {
  79. // Sort function to sort by Type(dec) and Name(asc)
  80. TAcctReplNode const * n1 = (TAcctReplNode *)t1;
  81. TAcctReplNode const * n2 = (TAcctReplNode *)t2;
  82. return UStrICmp(n1->GetSourceSam(), n2->GetTargetSam());
  83. }
  84. // Function to do a find on the Account list that is sorted with TNodeCompareNameOnly function.
  85. int TNodeFindByNameOnly(TNode const * t1, void const * pVoid)
  86. {
  87. TAcctReplNode const * n1 = (TAcctReplNode *) t1;
  88. WCHAR * pLookup = (WCHAR *) pVoid;
  89. return UStrICmp(n1->GetTargetSam(), pLookup);
  90. }
  91. int TNodeCompareAccountType(TNode const * t1,TNode const * t2)
  92. {
  93. // Sort function to sort by Type(dec) and Name(asc)
  94. TAcctReplNode const * n1 = (TAcctReplNode *)t1;
  95. TAcctReplNode const * n2 = (TAcctReplNode *)t2;
  96. // Compare types
  97. int retVal = UStrICmp(n2->GetType(), n1->GetType());
  98. if ( retVal == 0 )
  99. {
  100. // If same type then compare names.
  101. return UStrICmp(n1->GetName(), n2->GetName());
  102. }
  103. else
  104. return retVal;
  105. }
  106. // Function to sort by Account type and then by SamAccountName
  107. int TNodeCompareAccountSam(TNode const * t1,TNode const * t2)
  108. {
  109. // Sort function to sort by Type(dec) and Name(asc)
  110. TAcctReplNode const * n1 = (TAcctReplNode *)t1;
  111. TAcctReplNode const * n2 = (TAcctReplNode *)t2;
  112. // Compare types Sort in decending order
  113. int retVal = UStrICmp(n2->GetType(), n1->GetType());
  114. if ( retVal == 0 )
  115. {
  116. // If same type then compare Sam Account names.
  117. return UStrICmp(n1->GetSourceSam(), n2->GetSourceSam());
  118. }
  119. else
  120. return retVal;
  121. }
  122. // Function to do a find on the Account list that is sorted with TNodeCompareAccountType function.
  123. int TNodeFindAccountName(TNode const * t1, void const * pVoid)
  124. {
  125. TAcctReplNode const * n1 = (TAcctReplNode *) t1;
  126. Lookup * pLookup = (Lookup *) pVoid;
  127. int retVal = UStrICmp(pLookup->pType, n1->GetType());
  128. if ( retVal == 0 )
  129. {
  130. return UStrICmp(n1->GetSourceSam(), pLookup->pName);
  131. }
  132. else
  133. return retVal;
  134. }
  135. int TNodeCompareMember(TNode const * t1, TNode const * t2)
  136. {
  137. TRecordNode const * n1 = (TRecordNode *) t1;
  138. TRecordNode const * n2 = (TRecordNode *) t2;
  139. if ( n1->GetARNode() < n2->GetARNode() )
  140. return -1;
  141. if ( n1->GetARNode() > n2->GetARNode() )
  142. return 1;
  143. return UStrICmp(n1->GetMember(), n2->GetMember());
  144. }
  145. int TNodeCompareMemberName(TNode const * t1, TNode const * t2)
  146. {
  147. TRecordNode const * n1 = (TRecordNode *) t1;
  148. TRecordNode const * n2 = (TRecordNode *) t2;
  149. return UStrICmp(n1->GetMember(), n2->GetMember());
  150. }
  151. int TNodeCompareMemberDN(TNode const * t1, TNode const * t2)
  152. {
  153. TRecordNode const * n1 = (TRecordNode *) t1;
  154. TRecordNode const * n2 = (TRecordNode *) t2;
  155. return UStrICmp(n1->GetDN(), n2->GetDN());
  156. }
  157. int TNodeCompareMemberItem(TNode const * t1, void const * t2)
  158. {
  159. TRecordNode const * n1 = (TRecordNode *) t1;
  160. WCHAR const * n2 = (WCHAR const *) t2;
  161. return UStrICmp(n1->GetDN(),n2);
  162. }
  163. int TNodeCompareAcctNode(TNode const * t1, TNode const * t2)
  164. {
  165. TRecordNode const * n1 = (TRecordNode *) t1;
  166. TRecordNode const * n2 = (TRecordNode *) t2;
  167. if ( n1->GetARNode() < n2->GetARNode() )
  168. return -1;
  169. if ( n1->GetARNode() > n2->GetARNode() )
  170. return 1;
  171. return 0;
  172. }
  173. // Checks to see if the account is from the BUILTIN domain.
  174. BOOL IsBuiltinAccount(Options * pOptions, WCHAR * sAcctName)
  175. {
  176. BOOL ret = FALSE;
  177. PSID sid = new BYTE[35];
  178. SID_NAME_USE use;
  179. WCHAR sDomain[LEN_Path];
  180. DWORD dwDom, dwsid;
  181. if (!sid)
  182. return TRUE;
  183. dwDom = DIM(sDomain);
  184. dwsid = 35;
  185. if ( LookupAccountName(pOptions->srcComp, sAcctName, sid, &dwsid, sDomain, &dwDom, &use) )
  186. {
  187. ret = !_wcsicmp(sDomain, L"BUILTIN");
  188. }
  189. else
  190. {
  191. // DWORD rd = GetLastError();
  192. }
  193. if ( sid ) delete [] sid;
  194. return ret;
  195. }
  196. // global counters defined in usercopy.cpp
  197. extern AccountStats warnings;
  198. extern AccountStats errors;
  199. extern AccountStats created;
  200. extern AccountStats replaced;
  201. extern AccountStats processed;
  202. // updates progress indicator
  203. // this updates the stats entries in the VarSet
  204. // this information will be returned to clients who call DCTAgent::QueryJobStatus
  205. // while the job is running.
  206. void
  207. Progress(
  208. WCHAR const * mesg // in - progress message
  209. )
  210. {
  211. if ( g_pVarSet )
  212. {
  213. g_pVarSet->put(GET_WSTR(DCTVS_CurrentPath),mesg);
  214. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Users_Examined),processed.users);
  215. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Users_Created),created.users);
  216. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Users_Replaced),replaced.users);
  217. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Users_Warnings),warnings.users);
  218. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Users_Errors),errors.users);
  219. g_pVarSet->put(GET_WSTR(DCTVS_Stats_GlobalGroups_Examined),processed.globals);
  220. g_pVarSet->put(GET_WSTR(DCTVS_Stats_GlobalGroups_Created),created.globals);
  221. g_pVarSet->put(GET_WSTR(DCTVS_Stats_GlobalGroups_Replaced),replaced.globals);
  222. g_pVarSet->put(GET_WSTR(DCTVS_Stats_GlobalGroups_Warnings),warnings.globals);
  223. g_pVarSet->put(GET_WSTR(DCTVS_Stats_GlobalGroups_Errors),errors.globals);
  224. g_pVarSet->put(GET_WSTR(DCTVS_Stats_LocalGroups_Examined),processed.locals);
  225. g_pVarSet->put(GET_WSTR(DCTVS_Stats_LocalGroups_Created),created.locals);
  226. g_pVarSet->put(GET_WSTR(DCTVS_Stats_LocalGroups_Replaced),replaced.locals);
  227. g_pVarSet->put(GET_WSTR(DCTVS_Stats_LocalGroups_Warnings),warnings.locals);
  228. g_pVarSet->put(GET_WSTR(DCTVS_Stats_LocalGroups_Errors),errors.locals);
  229. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Computers_Examined),processed.computers);
  230. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Computers_Created),created.computers);
  231. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Computers_Replaced),replaced.computers);
  232. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Computers_Warnings),warnings.computers);
  233. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Computers_Errors),errors.computers);
  234. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Generic_Examined),processed.generic);
  235. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Generic_Created),created.generic);
  236. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Generic_Replaced),replaced.generic);
  237. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Generic_Warnings),warnings.generic);
  238. g_pVarSet->put(GET_WSTR(DCTVS_Stats_Generic_Errors),errors.generic);
  239. }
  240. }
  241. // Gets the domain sid for the specified domain
  242. BOOL // ret- TRUE if successful
  243. GetSidForDomain(
  244. LPWSTR DomainName, // in - name of domain to get SID for
  245. PSID * pDomainSid // out- SID for domain, free with FreeSid
  246. )
  247. {
  248. PSID pSid = NULL;
  249. // DWORD lenSid = 200;
  250. DWORD rc = 0;
  251. WCHAR * domctrl = NULL;
  252. if ( DomainName[0] != L'\\' )
  253. {
  254. rc = NetGetDCName(NULL,DomainName,(LPBYTE*)&domctrl);
  255. }
  256. if ( ! rc )
  257. {
  258. rc = GetDomainSid(domctrl,&pSid);
  259. NetApiBufferFree(domctrl);
  260. }
  261. (*pDomainSid) = pSid;
  262. return ( pSid != NULL);
  263. }
  264. STDMETHODIMP
  265. CAcctRepl::Process(
  266. IUnknown * pWorkItemIn // in - VarSet defining account replication job
  267. )
  268. {
  269. HRESULT hr = S_OK;
  270. IVarSetPtr pVarSet = pWorkItemIn;
  271. MCSDCTWORKEROBJECTSLib::IStatusObjPtr pStatus;
  272. BOOL bSameForest = FALSE;
  273. HMODULE hMod = LoadLibrary(L"activeds.dll");
  274. if ( hMod == NULL )
  275. {
  276. DWORD eNum = GetLastError();
  277. err.SysMsgWrite(ErrE, eNum, DCT_MSG_LOAD_LIBRARY_FAILED_SD, L"activeds.dll", eNum);
  278. Mark(L"errors",L"generic");
  279. }
  280. ADsGetObject = (ADSGETOBJECT)GetProcAddress(hMod, "ADsGetObject");
  281. g_pVarSet = pVarSet;
  282. try{
  283. pStatus = pVarSet->get(GET_BSTR(DCTVS_StatusObject));
  284. opt.pStatus = pStatus;
  285. }
  286. catch (...)
  287. {
  288. // Oh well, keep going
  289. }
  290. // Load the options specified by the user including the account information
  291. WCHAR mesg[LEN_Path];
  292. wcscpy(mesg, GET_STRING(IDS_BUILDING_ACCOUNT_LIST));
  293. Progress(mesg);
  294. LoadOptionsFromVarSet(pVarSet);
  295. MCSDCTWORKEROBJECTSLib::IAccessCheckerPtr pAccess(__uuidof(MCSDCTWORKEROBJECTSLib::AccessChecker));
  296. if ( BothWin2K(&opt) )
  297. {
  298. hr = pAccess->raw_IsInSameForest(opt.srcDomainDns,opt.tgtDomainDns, (long*)&bSameForest);
  299. }
  300. if ( SUCCEEDED(hr) )
  301. {
  302. opt.bSameForest = bSameForest;
  303. }
  304. // We are going to initialize the Extension objects
  305. m_pExt = new CProcessExtensions(pVarSet);
  306. TNodeListSortable newList;
  307. if ( opt.expandMemberOf && ! opt.bUndo ) // always expand the member-of property, since we want to update the member-of property for migrated accounts
  308. {
  309. // Expand the containers and the membership
  310. wcscpy(mesg, GET_STRING(IDS_EXPANDING_MEMBERSHIP));
  311. Progress(mesg);
  312. // Expand the list to include all the groups that the accounts in this list are members of
  313. newList.CompareSet(&TNodeCompareAccountType);
  314. if ( newList.IsTree() ) newList.ToSorted();
  315. ExpandMembership( &acctList, &opt, &newList, Progress, FALSE);
  316. }
  317. if ( opt.expandContainers && !opt.bUndo)
  318. {
  319. // Expand the containers and the membership
  320. wcscpy(mesg, GET_STRING(IDS_EXPANDING_CONTAINERS));
  321. Progress(mesg);
  322. // Expand the list to include all the members of the containers.
  323. acctList.CompareSet(&TNodeCompareAccountType);
  324. ExpandContainers(&acctList, &opt, Progress);
  325. }
  326. // Add the newly created list ( if one was created )
  327. if ( opt.expandMemberOf && !opt.bUndo )
  328. {
  329. wcscpy(mesg, GET_STRING(IDS_MERGING_EXPANDED_LISTS));
  330. Progress(mesg);
  331. // add the new and the old list
  332. acctList.CompareSet(&TNodeCompareAccountType);
  333. for ( TNode * acct = newList.Head(); acct; )
  334. {
  335. TNode * temp = acct->Next();
  336. if ( ! acctList.InsertIfNew(acct) )
  337. delete acct;
  338. acct = temp;
  339. }
  340. Progress(L"");
  341. }
  342. do { // once
  343. // Copy the NT accounts for users, groups and/or computers
  344. if ( pStatus!= NULL && (pStatus->Status & DCT_STATUS_ABORTING) )
  345. break;
  346. int res;
  347. if ( opt.bUndo )
  348. res = UndoCopy(&opt,&acctList,&Progress, err,(IStatusObj *)((MCSDCTWORKEROBJECTSLib::IStatusObj *)pStatus),NULL);
  349. else
  350. res = CopyObj( &opt,&acctList,&Progress, err,(IStatusObj *)((MCSDCTWORKEROBJECTSLib::IStatusObj *)pStatus),NULL);
  351. // Close the password log
  352. if ( opt.passwordLog.IsOpen() )
  353. {
  354. opt.passwordLog.LogClose();
  355. }
  356. if ( pStatus != NULL && (pStatus->Status & DCT_STATUS_ABORTING) )
  357. break;
  358. // Update Rights for user and group accounts
  359. if ( m_UpdateUserRights )
  360. {
  361. // DWORD rc = UpdateUserRights((IStatusObj *)((MCSDCTWORKEROBJECTSLib::IStatusObj *)pStatus));
  362. UpdateUserRights((IStatusObj *)((MCSDCTWORKEROBJECTSLib::IStatusObj *)pStatus));
  363. }
  364. if ( pStatus != NULL && (pStatus->Status & DCT_STATUS_ABORTING) )
  365. break;
  366. // Change of Domain affiliation on computers and optional reboot will be done by local agent
  367. } while (false);
  368. LoadResultsToVarSet(pVarSet);
  369. // Cleanup the account list
  370. if ( acctList.IsTree() )
  371. {
  372. acctList.ToSorted();
  373. }
  374. TNodeListEnum e;
  375. TAcctReplNode * tnode;
  376. TAcctReplNode * tnext;
  377. for ( tnode = (TAcctReplNode *)e.OpenFirst(&acctList) ; tnode ; tnode = tnext )
  378. {
  379. tnext = (TAcctReplNode*)e.Next();
  380. acctList.Remove(tnode);
  381. delete tnode;
  382. }
  383. e.Close();
  384. err.LogClose();
  385. Progress(L"");
  386. if (m_pExt)
  387. delete m_pExt;
  388. g_pVarSet = NULL;
  389. if ( hMod )
  390. FreeLibrary(hMod);
  391. return hr;
  392. }
  393. //------------------------------------------------------------------------------
  394. // CopyObj: When source and target domains are both Win2k this function calls
  395. // The 2kobject functions. Other wise it calls the User copy functions.
  396. //------------------------------------------------------------------------------
  397. int CAcctRepl::CopyObj(
  398. Options * options, // in -options
  399. TNodeListSortable * acctlist, // in -list of accounts to process
  400. ProgressFn * progress, // in -window to write progress messages to
  401. TError & error, // in -window to write error messages to
  402. IStatusObj * pStatus, // in -status object to support cancellation
  403. void WindowUpdate (void ) // in - window update function
  404. )
  405. {
  406. BOOL bSameForest = FALSE;
  407. long rc;
  408. HRESULT hr = S_OK;
  409. // if the Source/Target domain is NT4 then use the UserCopy Function. If both domains are Win2K then use
  410. // the CopyObj2K function to do so.
  411. if ( BothWin2K( options ) )
  412. {
  413. // Since these are Win2k domains we need to process it with Win2k code.
  414. MCSDCTWORKEROBJECTSLib::IAccessCheckerPtr pAccess(__uuidof(MCSDCTWORKEROBJECTSLib::AccessChecker));
  415. // First of all we need to find out if they are in the same forest.
  416. HRESULT hr = pAccess->raw_IsInSameForest(options->srcDomainDns,options->tgtDomainDns, (long*)&bSameForest);
  417. if ( SUCCEEDED(hr) )
  418. {
  419. options->bSameForest = bSameForest;
  420. if ( !bSameForest || (options->flags & F_COMPUTERS) ) // always copy the computer accounts
  421. {
  422. // Different forest we need to copy.
  423. rc = CopyObj2K(options, acctlist, progress, pStatus);
  424. if (opt.fixMembership)
  425. {
  426. // Update the group memberships
  427. rc = UpdateGroupMembership(options, acctlist, progress, pStatus);
  428. if ( !options->expandMemberOf )
  429. {
  430. hr = UpdateMemberToGroups(acctlist, options, FALSE);
  431. rc = HRESULT_CODE(hr);
  432. }
  433. else //if groups migrated, still expand but only for groups
  434. {
  435. hr = UpdateMemberToGroups(acctlist, options, TRUE);
  436. rc = HRESULT_CODE(hr);
  437. }
  438. }
  439. //for user or group, migrate the manager\directReports or
  440. //managedBy\managedObjects properties respectively
  441. if ((options->flags & F_USERS) || (options->flags & F_GROUP))
  442. UpdateManagement(acctlist, options);
  443. }
  444. else
  445. {
  446. // Within a forest we can move the object around.
  447. rc = MoveObj2K(options, acctlist, progress, pStatus);
  448. }
  449. if ( progress )
  450. progress(L"");
  451. }
  452. else
  453. {
  454. rc = -1;
  455. err.SysMsgWrite(ErrE, hr, DCT_MSG_ACCESS_CHECKER_FAILED_D, hr);
  456. Mark(L"errors",L"generic");
  457. }
  458. }
  459. else
  460. {
  461. // Create the object.
  462. rc = CopyObj2K(options, acctlist, progress, pStatus);
  463. if (opt.fixMembership)
  464. {
  465. rc = UpdateGroupMembership(options, acctlist, progress, pStatus);
  466. if ( !options->expandMemberOf )
  467. {
  468. hr = UpdateMemberToGroups(acctlist, options, FALSE);
  469. rc = HRESULT_CODE(hr);
  470. }
  471. else //if groups migrated, still expand but only for groups
  472. {
  473. hr = UpdateMemberToGroups(acctlist, options, TRUE);
  474. rc = HRESULT_CODE(hr);
  475. }
  476. }
  477. // Call NT4 Code to update the group memberships
  478. //UpdateNT4GroupMembership(options, acctlist, progress, pStatus, WindowUpdate);
  479. }
  480. return rc;
  481. }
  482. //------------------------------------------------------------------------------
  483. // BothWin2k: Checks to see if Source and Target domains are both Win2k.
  484. //------------------------------------------------------------------------------
  485. bool CAcctRepl::BothWin2K( // True if both domains are win2k
  486. Options * pOptions //in- options
  487. )
  488. {
  489. // This function checks for the version on the Source and Target domain. If either one is
  490. // a non Win2K domain then it returns false
  491. bool retVal = true;
  492. if ( (pOptions->srcDomainVer > -1) && (pOptions->tgtDomainVer > -1) )
  493. return ((pOptions->srcDomainVer > 4) && (pOptions->tgtDomainVer > 4));
  494. MCSDCTWORKEROBJECTSLib::IAccessCheckerPtr pAccess(__uuidof(MCSDCTWORKEROBJECTSLib::AccessChecker));
  495. HRESULT hr;
  496. DWORD verMaj, verMin, sp;
  497. hr = pAccess->raw_GetOsVersion(pOptions->srcComp, &verMaj, &verMin, &sp);
  498. if ( FAILED(hr) )
  499. {
  500. err.SysMsgWrite(ErrE,hr, DCT_MSG_GET_OS_VER_FAILED_SD, pOptions->srcDomain, hr);
  501. Mark(L"errors", L"generic");
  502. retVal = false;
  503. }
  504. else
  505. {
  506. pOptions->srcDomainVer = verMaj;
  507. if (verMaj < 5)
  508. retVal = false;
  509. }
  510. hr = pAccess->raw_GetOsVersion(pOptions->tgtComp, &verMaj, &verMin, &sp);
  511. if ( FAILED(hr) )
  512. {
  513. err.SysMsgWrite(ErrE, hr,DCT_MSG_GET_OS_VER_FAILED_SD, pOptions->tgtDomain , hr);
  514. Mark(L"errors", L"generic");
  515. retVal = false;
  516. }
  517. else
  518. {
  519. pOptions->tgtDomainVer = verMaj;
  520. if (verMaj < 5)
  521. retVal = false;
  522. }
  523. return retVal;
  524. }
  525. int CAcctRepl::CopyObj2K(
  526. Options * pOptions, //in -Options that we recieved from the user
  527. TNodeListSortable * acctlist, //in -AcctList of accounts to be copied.
  528. ProgressFn * progress, //in -Progress Function to display messages
  529. IStatusObj * pStatus // in -status object to support cancellation
  530. )
  531. {
  532. // This function copies the object from Win2K domain to another Win2K domain.
  533. TNodeTreeEnum tenum;
  534. TAcctReplNode * acct;
  535. IObjPropBuilderPtr pObjProp(__uuidof(ObjPropBuilder));
  536. IVarSetPtr pVarset(__uuidof(VarSet));
  537. IUnknown * pUnk;
  538. HRESULT hr;
  539. _bstr_t currentType = L"";
  540. // TNodeListSortable pMemberOf;
  541. // sort the account list by Source Type\Source Name
  542. acctlist->CompareSet(&TNodeCompareAccountType);
  543. if ( acctlist->IsTree() ) acctlist->ToSorted();
  544. acctlist->SortedToScrambledTree();
  545. acctlist->Sort(&TNodeCompareAccountType);
  546. acctlist->Balance();
  547. if ( pOptions->flags & F_AddSidHistory )
  548. {
  549. //Need to Add Sid history on the target account. So lets bind it and go from there
  550. g_bAddSidWorks = BindToDS( pOptions->tgtComp, pOptions );
  551. }
  552. if ( pOptions->flags & F_TranslateProfiles )
  553. {
  554. GetBkupRstrPriv((WCHAR*)NULL);
  555. GetPrivilege((WCHAR*)NULL,SE_SECURITY_NAME);
  556. }
  557. // Get the defaultNamingContext for the source domain
  558. _variant_t var;
  559. // Get an IUnknown pointer to the Varset for passing it around.
  560. hr = pVarset->QueryInterface(IID_IUnknown, (void**)&pUnk);
  561. for ( acct = (TAcctReplNode *)tenum.OpenFirst(acctlist) ; acct ; acct = (TAcctReplNode *)tenum.Next() )
  562. {
  563. //record group membership for intra-forest computer migrations
  564. /* if ((opt.bSameForest) && (pOptions->flags & F_COMPUTERS))
  565. {
  566. WCHAR mesg[LEN_Path];
  567. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RECORD_REMOVE_MEMBEROF_S), acct->GetName());
  568. Progress(mesg);
  569. RecordAndRemoveMemberOf( pOptions, acct, &pMemberOf );
  570. }
  571. */
  572. if (m_pExt && acct->CallExt())
  573. {
  574. hr = m_pExt->Process(acct, pOptions->tgtDomain, pOptions,TRUE);
  575. }
  576. // We will process accounts only if the corresponding check boxes (for object types to copy) are checked.
  577. if ( !NeedToProcessAccount( acct, pOptions ) )
  578. continue;
  579. // If we are told not to copy the object then we will obey
  580. if ( !acct->CreateAccount() )
  581. continue;
  582. //if the UPN name conflicted, then the UPNUpdate extension set the hr to
  583. //ERROR_OBJECT_ALREADY_EXISTS. If so, set flag for "no change" mode
  584. if (acct->GetHr() == ERROR_OBJECT_ALREADY_EXISTS)
  585. {
  586. acct->bUPNConflicted = TRUE;
  587. acct->SetHr(S_OK);
  588. }
  589. // Mark processed object count and update the status display
  590. Mark(L"processed", acct->GetType());
  591. if ( pStatus )
  592. {
  593. LONG status = 0;
  594. HRESULT hr = pStatus->get_Status(&status);
  595. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  596. {
  597. if ( !bAbortMessageWritten )
  598. {
  599. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  600. bAbortMessageWritten = true;
  601. }
  602. break;
  603. }
  604. }
  605. // Create the target object
  606. WCHAR mesg[LEN_Path];
  607. wsprintf(mesg, GET_STRING(IDS_CREATING_S), acct->GetName());
  608. if ( progress )
  609. progress(mesg);
  610. HRESULT hrCreate = Create2KObj(acct, pOptions);
  611. acct->SetHr(hrCreate);
  612. if ( SUCCEEDED(hrCreate) )
  613. {
  614. err.MsgWrite(0, DCT_MSG_ACCOUNT_CREATED_S, acct->GetTargetName());
  615. }
  616. else
  617. {
  618. // if the object already exists and the Replce flag is set then we should tell the user that we are replcing the target.
  619. if ((HRESULT_CODE(hrCreate) == ERROR_OBJECT_ALREADY_EXISTS) )
  620. {
  621. if (pOptions->flags & F_REPLACE)
  622. {
  623. // don't say we've replaced the account yet, because the replace may fail
  624. //err.MsgWrite(0, DCT_MSG_ACCOUNT_REPLACED_S, acct->GetTargetName());
  625. }
  626. }
  627. else
  628. {
  629. if ( acct->IsCritical() )
  630. {
  631. err.SysMsgWrite(ErrE,ERROR_SPECIAL_ACCOUNT,DCT_MSG_REPLACE_FAILED_SD,acct->GetName(),ERROR_SPECIAL_ACCOUNT);
  632. Mark(L"errors", acct->GetType());
  633. }
  634. else
  635. {
  636. if ( HRESULT_CODE(hrCreate) == ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH )
  637. {
  638. err.MsgWrite(ErrE, DCT_MSG_CANT_REPLACE_DIFFERENT_TYPE_SS, acct->GetTargetPath(), acct->GetSourcePath() );
  639. Mark(L"errors", acct->GetType());
  640. }
  641. else
  642. {
  643. err.SysMsgWrite(ErrE, hrCreate, DCT_MSG_CREATE_FAILED_SSD, acct->GetName(), pOptions->tgtDomain, hrCreate);
  644. Mark(L"errors", acct->GetType());
  645. }
  646. }
  647. }
  648. }
  649. if ( acct->WasCreated() )
  650. {
  651. // Do we need to add sid history
  652. if ( pOptions->flags & F_AddSidHistory )
  653. {
  654. // Global flag tells us if we should try the AddSidHistory because
  655. // for some special cases if it does not work once it will not work
  656. // see the AddSidHistory function for more details.
  657. if ( g_bAddSidWorks )
  658. {
  659. WCHAR mesg[LEN_Path];
  660. wsprintf(mesg, GET_STRING(IDS_ADDING_SIDHISTORY_S), acct->GetName());
  661. if ( progress )
  662. progress(mesg);
  663. if (! AddSidHistory( pOptions, acct->GetSourceSam(), acct->GetTargetSam(), pStatus ) )
  664. {
  665. Mark(L"errors", acct->GetType());
  666. }
  667. // CopySidHistoryProperty(pOptions, acct, pStatus);
  668. }
  669. }
  670. }
  671. }
  672. /* //fix group membership for intra-forest computer migrations
  673. if ((opt.bSameForest) && (pOptions->flags & F_COMPUTERS))
  674. {
  675. WCHAR mesg[LEN_Path];
  676. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RESET_MEMBERSHIP_S));
  677. Progress(mesg);
  678. ResetObjectsMembership( pOptions,&pMemberOf, pOptions->pDb );
  679. }
  680. */
  681. tenum.Close();
  682. bool bWin2k = BothWin2K(pOptions);
  683. TErrorEventLog evtLog(pOptions->srcComp, GET_STRING(IDS_EVENT_SOURCE));
  684. for ( acct = (TAcctReplNode *)tenum.OpenFirst(acctlist) ; acct ; acct = (TAcctReplNode *)tenum.Next() )
  685. {
  686. if ( pStatus )
  687. {
  688. LONG status = 0;
  689. HRESULT hr = pStatus->get_Status(&status);
  690. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  691. {
  692. if ( !bAbortMessageWritten )
  693. {
  694. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  695. bAbortMessageWritten = true;
  696. }
  697. break;
  698. }
  699. }
  700. // We are told not to copy the properties to the account so we ignore it.
  701. if ( acct->CopyProps() )
  702. {
  703. // If the object type is different from the one that was processed prior to this then we need to map properties
  704. if ((!pOptions->nochange) && (_wcsicmp(acct->GetType(),currentType) != 0))
  705. {
  706. WCHAR mesg[LEN_Path];
  707. wsprintf(mesg, GET_STRING(IDS_MAPPING_PROPS_S), acct->GetType());
  708. if ( progress )
  709. progress(mesg);
  710. // Set the current type
  711. currentType = acct->GetType();
  712. // Clear the current mapping
  713. pVarset->Clear();
  714. // Get a new mapping
  715. if ( BothWin2K(pOptions) )
  716. {
  717. hr = pObjProp->raw_MapProperties(currentType, pOptions->srcDomain, pOptions->srcDomainVer, currentType, pOptions->tgtDomain, pOptions->tgtDomainVer, 0, &pUnk);
  718. if (hr == DCT_MSG_PROPERTIES_NOT_MAPPED)
  719. {
  720. err.MsgWrite(ErrW,DCT_MSG_PROPERTIES_NOT_MAPPED, acct->GetType());
  721. hr = S_OK;
  722. }
  723. }
  724. else
  725. hr = S_OK;
  726. if ( FAILED( hr ) )
  727. {
  728. err.SysMsgWrite(ErrE, hr, DCT_MSG_PROPERTY_MAPPING_FAILED_SD, (WCHAR*)currentType, hr);
  729. Mark(L"errors", currentType);
  730. // No properties should be set if mapping fails
  731. pVarset->Clear();
  732. }
  733. }
  734. // We update the properties if the object was created or it already existed and the replce flag is set.
  735. BOOL bExists = FALSE;
  736. if (HRESULT_CODE(acct->GetHr()) == ERROR_OBJECT_ALREADY_EXISTS)
  737. bExists = TRUE;
  738. if ( ((SUCCEEDED(acct->GetHr()) && (!bExists)) || ((bExists) && (pOptions->flags & F_REPLACE))) )
  739. {
  740. WCHAR mesg[LEN_Path];
  741. wsprintf(mesg, GET_STRING(IDS_UPDATING_PROPS_S), acct->GetName());
  742. if ( progress )
  743. progress(mesg);
  744. // Create the AccountList object and update the list variable
  745. if ( !pOptions->nochange )
  746. {
  747. _bstr_t sExcList;
  748. if (pOptions->bExcludeProps)
  749. {
  750. if (!_wcsicmp(acct->GetType(), L"user"))
  751. sExcList = pOptions->sExcUserProps;
  752. if (!_wcsicmp(acct->GetType(), L"group"))
  753. sExcList = pOptions->sExcGroupProps;
  754. if (!_wcsicmp(acct->GetType(), L"computer"))
  755. sExcList = pOptions->sExcCmpProps;
  756. }
  757. if ( bWin2k )
  758. {
  759. //if ask to, exclude any properties desired by the user and create a new varset
  760. if (pOptions->bExcludeProps)
  761. {
  762. IVarSetPtr pVarsetTemp(__uuidof(VarSet));
  763. IUnknown * pUnkTemp;
  764. hr = pVarsetTemp->QueryInterface(IID_IUnknown, (void**)&pUnkTemp);
  765. if (SUCCEEDED(hr))
  766. {
  767. hr = pObjProp->raw_ExcludeProperties(sExcList, pUnk, &pUnkTemp);
  768. }
  769. if (SUCCEEDED(hr))
  770. {
  771. // Call the win 2k code to copy all but excluded props
  772. hr = pObjProp->raw_CopyProperties(const_cast<WCHAR*>(acct->GetSourcePath()), pOptions->srcDomain,
  773. const_cast<WCHAR*>(acct->GetTargetPath()), pOptions->tgtDomain, pUnkTemp, pOptions->pDb);
  774. }
  775. else
  776. {
  777. // Call the win 2k code to copy all props
  778. hr = pObjProp->raw_CopyProperties(const_cast<WCHAR*>(acct->GetSourcePath()), pOptions->srcDomain,
  779. const_cast<WCHAR*>(acct->GetTargetPath()), pOptions->tgtDomain, pUnk, pOptions->pDb);
  780. }
  781. pUnkTemp->Release();
  782. }//end if asked to exclude
  783. else
  784. {
  785. // Call the win 2k code to copy all props
  786. hr = pObjProp->raw_CopyProperties(const_cast<WCHAR*>(acct->GetSourcePath()), pOptions->srcDomain,
  787. const_cast<WCHAR*>(acct->GetTargetPath()), pOptions->tgtDomain, pUnk, pOptions->pDb);
  788. }
  789. }
  790. else
  791. {
  792. // Otherwise let the Net APIs do their thing.
  793. hr = pObjProp->raw_CopyNT4Props(const_cast<WCHAR*>(acct->GetSourceSam()),
  794. const_cast<WCHAR*>(acct->GetTargetSam()),
  795. pOptions->srcComp, pOptions->tgtComp,
  796. const_cast<WCHAR*>(acct->GetType()),
  797. acct->GetGroupType(),
  798. sExcList);
  799. }
  800. }
  801. else
  802. // we are going to assume that copy properties would work
  803. hr = S_OK;
  804. if ( FAILED(hr) )
  805. {
  806. if ( (acct->GetStatus() & AR_Status_Special) )
  807. {
  808. err.MsgWrite(ErrE,DCT_MSG_FAILED_TO_REPLACE_SPECIAL_ACCT_S,acct->GetTargetSam());
  809. }
  810. else
  811. {
  812. err.SysMsgWrite(ErrE, HRESULT_CODE(hr), DCT_MSG_COPY_PROPS_FAILED_SD, acct->GetTargetName(), hr);
  813. }
  814. acct->MarkError();
  815. Mark(L"errors", acct->GetType());
  816. }
  817. else
  818. {
  819. // Create an event logger to log events to the source PDC
  820. if ( !pOptions->nochange )
  821. {
  822. evtLog.MsgWrite(0, DCT_MSG_ACCT_COPIED_SSS, acct->GetName(), pOptions->tgtDomain, acct->GetTargetName());
  823. }
  824. if (HRESULT_CODE(acct->GetHr()) == ERROR_OBJECT_ALREADY_EXISTS)
  825. {
  826. acct->MarkAlreadyThere();
  827. acct->MarkReplaced();
  828. Mark(L"replaced",acct->GetType());
  829. err.MsgWrite(0, DCT_MSG_ACCOUNT_REPLACED_S, acct->GetTargetName());
  830. }
  831. }
  832. }
  833. }
  834. // do we need to call extensions. Only if Extension flag is set and the object is copied.
  835. if ((!pOptions->nochange) && (acct->CallExt()) && (acct->WasCreated() || acct->WasReplaced()))
  836. {
  837. // Let the Extension objects do their thing.
  838. WCHAR mesg[LEN_Path];
  839. wsprintf(mesg,GET_STRING(IDS_RUNNING_EXTS_S), acct->GetName());
  840. if ( progress )
  841. progress(mesg);
  842. // Close the log file if it is open
  843. WCHAR filename[LEN_Path];
  844. err.LogClose();
  845. if (m_pExt)
  846. hr = m_pExt->Process(acct, pOptions->tgtDomain, pOptions,FALSE);
  847. safecopy (filename,opt.logFile);
  848. err.LogOpen(filename,1 /*append*/);
  849. }
  850. // only do these updates for account's we're copying
  851. // and only do updates if the account was actually created
  852. // .. or if the account was replaced,
  853. // or if we intentionally didn't replace the account (as in the group merge case)
  854. if ( acct->CreateAccount()
  855. && ( acct->WasCreated()
  856. || ( acct->WasReplaced()
  857. || !acct->CopyProps()
  858. )
  859. )
  860. )
  861. {
  862. WCHAR mesg[LEN_Path];
  863. wsprintf(mesg, GET_STRING(IDS_TRANSLATE_ROAMING_PROFILE_S), acct->GetName());
  864. if ( progress )
  865. progress(mesg);
  866. //Set the new profile if needed
  867. if ( pOptions->flags & F_TranslateProfiles && (_wcsicmp(acct->GetType(), L"user") == 0))
  868. {
  869. WCHAR tgtProfilePath[MAX_PATH];
  870. GetBkupRstrPriv((WCHAR*)NULL);
  871. GetPrivilege((WCHAR*)NULL,SE_SECURITY_NAME);
  872. if ( wcslen(acct->GetSourceProfile()) > 0 )
  873. {
  874. DWORD ret = TranslateRemoteProfile( acct->GetSourceProfile(),
  875. tgtProfilePath,
  876. acct->GetSourceSam(),
  877. acct->GetTargetSam(),
  878. pOptions->srcDomain,
  879. pOptions->tgtDomain,
  880. pOptions->pDb,
  881. pOptions->lActionID,
  882. NULL,
  883. pOptions->nochange);
  884. if ( !ret )
  885. {
  886. WCHAR tgtuser[LEN_Path];
  887. USER_INFO_3 * tgtinfo;
  888. DWORD nParmErr;
  889. wcscpy(tgtuser, acct->GetTargetSam());
  890. // Get information for the target account
  891. long rc = NetUserGetInfo(const_cast<WCHAR *>(pOptions->tgtComp),
  892. tgtuser,
  893. 3,
  894. (LPBYTE *) &tgtinfo);
  895. if (!pOptions->nochange)
  896. {
  897. // Set the new profile path
  898. tgtinfo->usri3_profile = tgtProfilePath;
  899. // Set the information back for the account.
  900. rc = NetUserSetInfo(const_cast<WCHAR *>(pOptions->tgtComp),
  901. tgtuser,
  902. 3,
  903. (LPBYTE)tgtinfo,
  904. &nParmErr);
  905. NetApiBufferFree((LPVOID) tgtinfo);
  906. if (rc)
  907. {
  908. err.MsgWrite(ErrE, DCT_MSG_SETINFO_FAIL_SD, tgtuser, rc);
  909. Mark(L"errors", acct->GetType());
  910. }
  911. }
  912. }
  913. }
  914. }
  915. if ( acct->WasReplaced() )
  916. {
  917. // Do we need to add sid history
  918. if ( pOptions->flags & F_AddSidHistory )
  919. {
  920. WCHAR mesg[LEN_Path];
  921. wsprintf(mesg, GET_STRING(IDS_ADDING_SIDHISTORY_S), acct->GetName());
  922. if ( progress )
  923. progress(mesg);
  924. // Global flag tells us if we should try the AddSidHistory because
  925. // for some special cases if it does not work once it will not work
  926. // see the AddSidHistory function for more details.
  927. if ( g_bAddSidWorks )
  928. {
  929. if (! AddSidHistory( pOptions, acct->GetSourceSam(), acct->GetTargetSam(), pStatus ) )
  930. {
  931. Mark(L"errors", acct->GetType());
  932. }
  933. // CopySidHistoryProperty(pOptions, acct, pStatus);
  934. }
  935. }
  936. }
  937. wsprintf(mesg, L"", acct->GetName());
  938. if ( progress )
  939. progress(mesg);
  940. }
  941. }
  942. // Cleanup
  943. pUnk->Release();
  944. tenum.Close();
  945. return 0;
  946. }
  947. void CAcctRepl::LoadOptionsFromVarSet(IVarSet * pVarSet)
  948. {
  949. _bstr_t text;
  950. DWORD rc;
  951. MCSDCTWORKEROBJECTSLib::IAccessCheckerPtr pAccess(__uuidof(MCSDCTWORKEROBJECTSLib::AccessChecker));
  952. //store the name of the wizard being run
  953. opt.sWizard = pVarSet->get(GET_BSTR(DCTVS_Options_Wizard));
  954. // Read General Options
  955. // open log file first, so we'll be sure to get any errors!
  956. text = pVarSet->get(GET_BSTR(DCTVS_Options_Logfile));
  957. safecopy(opt.logFile,(WCHAR*)text);
  958. WCHAR filename[MAX_PATH];
  959. safecopy (filename,opt.logFile);
  960. err.LogOpen(filename,1 /*append*/);
  961. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_SidHistoryCredentials_Domain));
  962. safecopy(opt.authDomain ,(WCHAR*)text);
  963. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_SidHistoryCredentials_UserName));
  964. safecopy(opt.authUser ,(WCHAR*)text);
  965. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_SidHistoryCredentials_Password));
  966. safecopy(opt.authPassword,(WCHAR*)text);
  967. text = pVarSet->get(GET_BSTR(DCTVS_Options_SourceDomain));
  968. safecopy(opt.srcDomain,(WCHAR*)text);
  969. text = pVarSet->get(GET_BSTR(DCTVS_Options_TargetDomain));
  970. safecopy(opt.tgtDomain,(WCHAR*)text);
  971. text = pVarSet->get(GET_BSTR(DCTVS_Options_SourceDomainDns));
  972. safecopy(opt.srcDomainDns,(WCHAR*)text);
  973. text = pVarSet->get(GET_BSTR(DCTVS_Options_TargetDomainDns));
  974. safecopy(opt.tgtDomainDns,(WCHAR*)text);
  975. _bstr_t strSourceServer = pVarSet->get(GET_BSTR(DCTVS_Options_SourceServer));
  976. _bstr_t strTargetServer = pVarSet->get(GET_BSTR(DCTVS_Options_TargetServer));
  977. if (strSourceServer.length() && strTargetServer.length())
  978. {
  979. UStrCpy(opt.srcComp, (WCHAR*)strSourceServer);
  980. UStrCpy(opt.tgtComp, (WCHAR*)strTargetServer);
  981. }
  982. else
  983. {
  984. if ( GetClosestDC(&opt) )
  985. {
  986. pVarSet->put(GET_BSTR(DCTVS_Options_SourceServer), opt.srcComp);
  987. pVarSet->put(GET_BSTR(DCTVS_Options_TargetServer), opt.tgtComp);
  988. }
  989. else
  990. {
  991. rc = GetLastError();
  992. err.SysMsgWrite(ErrE,rc,DCT_MSG_DOMAIN_NOT_FOUND_S,opt.srcDomain);
  993. Mark(L"errors", L"generic");
  994. }
  995. }
  996. text = pVarSet->get(GET_BSTR(DCTVS_Options_SourceServerOverride));
  997. if ( text.length() )
  998. {
  999. UStrCpy(opt.srcComp,(WCHAR*)text);
  1000. }
  1001. text = pVarSet->get(GET_BSTR(DCTVS_Options_TargetServerOverride));
  1002. if ( text.length() )
  1003. {
  1004. UStrCpy(opt.tgtComp,(WCHAR*)text);
  1005. }
  1006. text = pVarSet->get(GET_BSTR(DCTVS_Options_NoChange));
  1007. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1008. {
  1009. opt.nochange = TRUE;
  1010. }
  1011. else
  1012. {
  1013. opt.nochange = FALSE;
  1014. }
  1015. // Read Account Replicator Options
  1016. // initialize
  1017. safecopy(opt.prefix, L"");
  1018. safecopy(opt.suffix, L"");
  1019. safecopy(opt.globalPrefix, L"");
  1020. safecopy(opt.globalSuffix, L"");
  1021. DWORD flags = 0;
  1022. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_ReplaceExistingAccounts));
  1023. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1024. {
  1025. flags |= F_REPLACE;
  1026. }
  1027. else
  1028. {
  1029. // Prefix/Suffix only apply if the Replace flag is not set.
  1030. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_Prefix));
  1031. safecopy(opt.prefix,(WCHAR*)text);
  1032. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_Suffix));
  1033. safecopy(opt.suffix,(WCHAR*)text);
  1034. }
  1035. // Global flags apply no matter what
  1036. text = pVarSet->get(GET_BSTR(DCTVS_Options_Prefix));
  1037. safecopy(opt.globalPrefix,(WCHAR*)text);
  1038. text = pVarSet->get(GET_BSTR(DCTVS_Options_Suffix));
  1039. safecopy(opt.globalSuffix,(WCHAR*)text);
  1040. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_CopyContainerContents));
  1041. if ( text == _bstr_t(GET_BSTR(IDS_YES)) )
  1042. opt.expandContainers = TRUE;
  1043. else
  1044. opt.expandContainers = FALSE;
  1045. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_CopyMemberOf));
  1046. if ( text == _bstr_t(GET_BSTR(IDS_YES)) )
  1047. opt.expandMemberOf = TRUE;
  1048. else
  1049. opt.expandMemberOf = FALSE;
  1050. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_FixMembership));
  1051. if ( text == _bstr_t(GET_BSTR(IDS_YES)) )
  1052. opt.fixMembership = TRUE;
  1053. else
  1054. opt.fixMembership = FALSE;
  1055. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_AddToGroup));
  1056. safecopy(opt.addToGroup,(WCHAR*)text);
  1057. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_AddToGroupOnSourceDomain));
  1058. safecopy(opt.addToGroupSource,(WCHAR*)text);
  1059. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_TranslateRoamingProfiles));
  1060. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1061. flags |= F_TranslateProfiles;
  1062. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_CopyUsers));
  1063. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1064. flags |= F_USERS;
  1065. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_CopyGlobalGroups));
  1066. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1067. flags |= F_GROUP;
  1068. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_CopyComputers));
  1069. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1070. flags |= F_COMPUTERS;
  1071. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_CopyOUs));
  1072. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1073. flags |= F_OUS;
  1074. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_CopyContainerContents));
  1075. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1076. flags |= F_COPY_CONT_CONTENT;
  1077. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_IncludeMigratedAccts));
  1078. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1079. flags |= F_COPY_MIGRATED_ACCT;
  1080. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_CopyLocalGroups));
  1081. if (! UStrICmp(text,GET_STRING(IDS_YES)) )
  1082. flags |= F_LGROUP;
  1083. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_DisableCopiedAccounts));
  1084. if (! UStrICmp(text,GET_STRING(IDS_All)) )
  1085. flags |= F_DISABLE_ALL;
  1086. else if (! UStrICmp(text,GET_STRING(IDS_Special)) )
  1087. flags |= F_DISABLE_SPECIAL;
  1088. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_DisableSourceAccounts));
  1089. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1090. flags |= F_DISABLESOURCE;
  1091. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_GenerateStrongPasswords));
  1092. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1093. flags |= F_STRONGPW_ALL;
  1094. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_PasswordFile));
  1095. if ( text.length() )
  1096. {
  1097. // don't need this anymore, since it is handled by a plug-in
  1098. // opt.passwordLog.LogOpen(text,TRUE);
  1099. }
  1100. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_UpdateUserRights));
  1101. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1102. {
  1103. m_UpdateUserRights = TRUE;
  1104. }
  1105. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_ReplaceExistingGroupMembers));
  1106. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1107. flags |= F_REMOVE_OLD_MEMBERS;
  1108. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_RemoveExistingUserRights));
  1109. if ( ! UStrICmp(text,GET_STRING(IDS_YES)) )
  1110. flags |= F_RevokeOldRights;
  1111. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_MoveReplacedAccounts));
  1112. if ( ! UStrICmp(text,GET_STRING(IDS_YES)) )
  1113. flags |= F_MOVE_REPLACED_ACCT;
  1114. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_CopyComputers));
  1115. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1116. {
  1117. flags |= F_MACHINE;
  1118. }
  1119. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_AddSidHistory));
  1120. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1121. {
  1122. flags |= F_AddSidHistory;
  1123. }
  1124. opt.flags = flags;
  1125. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_RenameOnly));
  1126. if (! UStrICmp(text,GET_STRING(IDS_YES)) )
  1127. {
  1128. m_RenameOnly = TRUE;
  1129. }
  1130. text = pVarSet->get(GET_BSTR(DCTVS_Options_Undo));
  1131. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1132. {
  1133. // this is an undo operation
  1134. opt.bUndo = TRUE;
  1135. }
  1136. else
  1137. {
  1138. opt.bUndo = FALSE;
  1139. }
  1140. // What undo action are we performing.
  1141. if ( opt.bUndo )
  1142. {
  1143. _variant_t var = pVarSet->get(L"UndoAction");
  1144. if (var.vt == VT_I4)
  1145. opt.lUndoActionID = var.lVal;
  1146. else
  1147. opt.lUndoActionID = -2;
  1148. }
  1149. else
  1150. {
  1151. _variant_t var = pVarSet->get(L"ActionID");
  1152. if (var.vt == VT_I4)
  1153. opt.lActionID = var.lVal;
  1154. else
  1155. opt.lActionID = -1;
  1156. }
  1157. // Read the password policy from the varset
  1158. // We used to get the strong password policy from the target EA Server, so we can generate strong passwords
  1159. // that meet the policy.
  1160. // we don't do that anymore, since we have removed all depenedencies on EA.
  1161. LONG len = 10;
  1162. // set the password settings to default values
  1163. opt.policyInfo.bEnforce = TRUE;
  1164. opt.policyInfo.maxConsecutiveAlpha = (LONG)pVarSet->get(GET_BSTR(DCTVS_AccountOptions_PasswordPolicy_MaxConsecutiveAlpha));
  1165. opt.policyInfo.minDigits = (LONG)pVarSet->get(GET_BSTR(DCTVS_AccountOptions_PasswordPolicy_MinDigit));
  1166. opt.policyInfo.minLower = (LONG)pVarSet->get(GET_BSTR(DCTVS_AccountOptions_PasswordPolicy_MinLower));
  1167. opt.policyInfo.minUpper = (LONG)pVarSet->get(GET_BSTR(DCTVS_AccountOptions_PasswordPolicy_MinUpper));
  1168. opt.policyInfo.minSpecial = (LONG)pVarSet->get(GET_BSTR(DCTVS_AccountOptions_PasswordPolicy_MinSpecial));
  1169. HRESULT hrAccess = pAccess->raw_GetPasswordPolicy(opt.tgtDomain,&len);
  1170. if ( SUCCEEDED(hrAccess) )
  1171. {
  1172. opt.minPwdLength = len;
  1173. pVarSet->put(GET_BSTR(DCTVS_AccountOptions_PasswordPolicy_MinLength),len);
  1174. }
  1175. WriteOptionsToLog();
  1176. // Build List of Accounts to Copy
  1177. // Clear the account list first though
  1178. TNodeListEnum e;
  1179. TAcctReplNode * acct;
  1180. for ( acct = (TAcctReplNode *)e.OpenFirst(&acctList) ; acct ; acct = (TAcctReplNode *)e.Next() )
  1181. {
  1182. acctList.Remove((TNode*)acct);
  1183. }
  1184. BothWin2K(&opt);
  1185. // See if a global operation mask specified.
  1186. _variant_t vdwOpMask = pVarSet->get(GET_BSTR(DCTVS_Options_GlobalOperationMask));
  1187. if ( vdwOpMask.vt == VT_I4 )
  1188. g_dwOpMask = (DWORD)vdwOpMask.lVal;
  1189. // Then build the new list
  1190. text = pVarSet->get(GET_BSTR(DCTVS_Accounts_InputFile));
  1191. if ( text.length() )
  1192. {
  1193. if ( ! PopulateAccountListFromFile(text) )
  1194. return;
  1195. }
  1196. else
  1197. {
  1198. // otherwise, expect a list of accounts to copy in the VarSet
  1199. if ( ! opt.bUndo )
  1200. {
  1201. rc = PopulateAccountListFromVarSet(pVarSet);
  1202. if ( rc )
  1203. return; // abort
  1204. }
  1205. }
  1206. // If we have an NT5 source domain then we need to fillin the path info
  1207. DWORD maj, min, sp;
  1208. HRESULT hr = pAccess->raw_GetOsVersion(opt.srcComp, &maj, &min, &sp);
  1209. if (SUCCEEDED(hr))
  1210. {
  1211. // Ask the auxiliarry function to fill in the the Path for the source object if the AcctNode is not filled
  1212. for ( acct = (TAcctReplNode *)e.OpenFirst(&acctList) ; acct ; acct = (TAcctReplNode *)e.Next() )
  1213. {
  1214. if ((!acct->IsFilled) && (maj > 4))
  1215. {
  1216. FillPathInfo(acct, &opt);
  1217. AddPrefixSuffix(acct, &opt);
  1218. }
  1219. else if ((maj == 4) && (!_wcsicmp(acct->GetType(),L"computer")))
  1220. FillPathInfo(acct, &opt);
  1221. }
  1222. }
  1223. // Check for incompatible options!
  1224. if ( (flags & F_RevokeOldRights) && !m_UpdateUserRights )
  1225. {
  1226. err.MsgWrite(ErrW,DCT_MSG_RIGHTS_INCOMPATIBLE_FLAGS);
  1227. Mark(L"warnings", "generic");
  1228. }
  1229. text = pVarSet->get(GET_BSTR(DCTVS_Options_OuPath));
  1230. if ( text.length() )
  1231. {
  1232. wcscpy(opt.tgtOUPath, text);
  1233. }
  1234. //store the object property exclusion lists in the options structure
  1235. opt.sExcUserProps = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_ExcludedUserProps));
  1236. opt.sExcGroupProps = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_ExcludedGroupProps));
  1237. opt.sExcCmpProps = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_ExcludedComputerProps));
  1238. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_ExcludeProps));
  1239. if ( !UStrICmp(text,GET_STRING(IDS_YES)) )
  1240. opt.bExcludeProps = TRUE;
  1241. else
  1242. opt.bExcludeProps = FALSE;
  1243. }
  1244. DWORD
  1245. CAcctRepl::PopulateAccountListFromVarSet(
  1246. IVarSet * pVarSet // in - varset containing account list
  1247. )
  1248. {
  1249. _bstr_t val;
  1250. long numAccounts;
  1251. _bstr_t text;
  1252. DWORD maj, min, sp;
  1253. PSID pSrcSid = NULL;
  1254. WCHAR txtSid[200] = L"";
  1255. DWORD lenTxt = DIM(txtSid);
  1256. MCSDCTWORKEROBJECTSLib::IAccessCheckerPtr pAccess(__uuidof(MCSDCTWORKEROBJECTSLib::AccessChecker));
  1257. numAccounts = pVarSet->get(GET_BSTR(DCTVS_Accounts_NumItems));
  1258. // Set up the account list functionality
  1259. acctList.CompareSet(&TNodeCompareNameOnly);
  1260. if ( acctList.IsTree() ) acctList.ToSorted();
  1261. //get the source domain's Sid so we can store it as part of the node
  1262. _bstr_t source = pVarSet->get(GET_BSTR(DCTVS_Options_SourceDomain));
  1263. GetSidForDomain((WCHAR*)source,&pSrcSid);
  1264. for ( int i = 0 ; i < numAccounts ; i++ )
  1265. {
  1266. WCHAR key[LEN_Path];
  1267. UCHAR acctName[LEN_Account];
  1268. TAcctReplNode * curr = new TAcctReplNode;
  1269. if (!curr)
  1270. return ERROR_NOT_ENOUGH_MEMORY;
  1271. if ( opt.pStatus )
  1272. {
  1273. LONG status = 0;
  1274. HRESULT hr = opt.pStatus->get_Status(&status);
  1275. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  1276. {
  1277. if ( !bAbortMessageWritten )
  1278. {
  1279. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  1280. bAbortMessageWritten = true;
  1281. }
  1282. break;
  1283. }
  1284. }
  1285. // The object type must be specified
  1286. swprintf(key,GET_STRING(DCTVSFmt_Accounts_Type_D),i);
  1287. val = pVarSet->get(key);
  1288. curr->SetType(val);
  1289. swprintf(key,GET_STRING(DCTVSFmt_Accounts_D),i);
  1290. text = pVarSet->get(key);
  1291. if ( ! text.length() )
  1292. {
  1293. // oops, no name specified
  1294. // skip this entry and try the next one
  1295. err.MsgWrite(ErrW,DCT_MSG_NO_NAME_IN_VARSET_S,key);
  1296. Mark(L"warnings",L"generic");
  1297. delete curr;
  1298. continue;
  1299. }
  1300. //set the source domain's sid
  1301. curr->SetSourceSid(pSrcSid);
  1302. // Set the operation to the global mask then check if we need to overwrite with the individual setting.
  1303. curr->operations = g_dwOpMask;
  1304. swprintf(key, GET_STRING(DCTVS_Accounts_D_OperationMask), i);
  1305. _variant_t vOpMask = pVarSet->get(key);
  1306. if ( vOpMask.vt == VT_I4 )
  1307. curr->operations = (DWORD)vOpMask.lVal;
  1308. // Get the rest of the info from the VarSet.
  1309. if ( ( (text.length() > 7 ) && (_wcsnicmp((WCHAR*) text, L"LDAP://",UStrLen(L"LDAP://")) == 0) )
  1310. || ( (text.length() > 8 ) && (_wcsnicmp((WCHAR*)text, L"WinNT://",UStrLen(L"WinNT://")) == 0)) )
  1311. {
  1312. //hmmmm... They are giving use ADsPath. Lets get all the info we can from the object then.
  1313. curr->SetSourcePath((WCHAR*) text);
  1314. FillNodeFromPath(curr, &opt, &acctList);
  1315. // Get the target name if one is specified.
  1316. swprintf(key,GET_STRING(DCTVSFmt_Accounts_TargetName_D),i);
  1317. text = pVarSet->get(key);
  1318. if ( text.length() )
  1319. {
  1320. // if target name is specified then use that.
  1321. curr->SetTargetName((WCHAR*) text);
  1322. curr->SetTargetSam((WCHAR*) text);
  1323. }
  1324. curr->IsFilled = true;
  1325. }
  1326. else
  1327. {
  1328. FillNamingContext(&opt);
  1329. // if this is a computer account, make sure the trailing $ is included in the name
  1330. curr->SetName(text);
  1331. curr->SetTargetName(text);
  1332. if ( !UStrICmp(val,L"computer") )
  1333. {
  1334. // if ( ((WCHAR*)text)[text.length() - 1] != L'$' ) //comment out to fix 89513.
  1335. text += L"$";
  1336. }
  1337. curr->SetSourceSam(text);
  1338. curr->SetTargetSam(text);
  1339. safecopy(acctName,(WCHAR*)text);
  1340. // optional target name
  1341. swprintf(key,GET_STRING(DCTVSFmt_Accounts_TargetName_D),i);
  1342. text = pVarSet->get(key);
  1343. if ( text.length() )
  1344. curr->SetTargetName(text);
  1345. // HRESULT hr = pAccess->raw_GetOsVersion(opt.srcComp, &maj, &min, &sp);
  1346. pAccess->raw_GetOsVersion(opt.srcComp, &maj, &min, &sp);
  1347. if ( maj < 5 )
  1348. AddPrefixSuffix(curr,&opt);
  1349. // if this is a computer account, make sure the trailing $ is included in the name
  1350. if ( !UStrICmp(val,L"computer") )
  1351. {
  1352. if ( text.length() && ((WCHAR*)text)[text.length() - 1] != L'$' )
  1353. text += L"$";
  1354. }
  1355. if ( text.length() )
  1356. {
  1357. if ( ((WCHAR*)text)[text.length() - 1] != L'$' )
  1358. text += L"$";
  1359. curr->SetTargetSam(text);
  1360. }
  1361. curr->IsFilled = false;
  1362. }
  1363. if ( _wcsicmp(val, L"") != 0 )
  1364. {
  1365. acctList.InsertBottom((TNode*)curr);
  1366. }
  1367. else
  1368. {
  1369. err.MsgWrite(ErrW,DCT_MSG_BAD_ACCOUNT_TYPE_SD,curr->GetName(),val);
  1370. Mark(L"warnings",L"generic");
  1371. delete curr;
  1372. }
  1373. }
  1374. return 0;
  1375. }
  1376. BOOL
  1377. CAcctRepl::PopulateAccountListFromFile(
  1378. WCHAR const * filename // in - filename containing account list
  1379. )
  1380. {
  1381. BOOL bSuccess = TRUE;
  1382. _bstr_t text;
  1383. FILE * pFile;
  1384. WCHAR sourceName[UNLEN];
  1385. WCHAR targetName[UNLEN];
  1386. WCHAR type[UNLEN];
  1387. DWORD status;
  1388. DWORD srcRid;
  1389. DWORD tgtRid;
  1390. int count = 0;
  1391. UCHAR srcName[LEN_Account];
  1392. TAcctReplNode * curr;
  1393. // The input file should have the format:
  1394. // the last 3 fields can be filled with 0s
  1395. // SourceName, TargetName, Type, Status, sourceRid, targetRid
  1396. pFile = _wfopen(filename,L"rb");
  1397. if ( pFile )
  1398. {
  1399. int result;
  1400. do
  1401. {
  1402. result = fwscanf(pFile,L"%[^\t]\t%[^\t]\t%[^\t]\t%lx\t%lx\t%lx\r\n",sourceName,targetName,&type,&status,&srcRid, &tgtRid);
  1403. if ( result != 6 )
  1404. break;
  1405. curr = new TAcctReplNode;
  1406. if (!curr)
  1407. return FALSE;
  1408. curr->SetName(sourceName);
  1409. curr->SetSourceSam(sourceName);
  1410. curr->SetTargetName(targetName);
  1411. curr->SetTargetSam(targetName);
  1412. if ( _wcsicmp(type, L"") == 0 )
  1413. {
  1414. // TODO: we may want to add code to get the object type if needed
  1415. // if type is not present, abort for now
  1416. // Couldn't get the account type, skip this account
  1417. safecopy(srcName,curr->GetName());
  1418. err.MsgWrite(ErrW,DCT_MSG_ACCOUNT_GET_INFO_ERROR_sD,srcName,0);
  1419. Mark(L"warnings",L"generic");
  1420. continue;
  1421. }
  1422. else
  1423. {
  1424. curr->SetType( type );
  1425. }
  1426. // Do we want to do something with the status field
  1427. // to allow us to go back and only do operations that failed before?
  1428. acctList.InsertBottom((TNode*)curr);
  1429. count++;
  1430. } while ( result == 6 ); // 6 fields read and assigned
  1431. if ( result )
  1432. {
  1433. err.MsgWrite(ErrW,DCT_MSG_ERROR_READING_INPUT_FILE_S,filename);
  1434. Mark(L"warnings",L"generic");
  1435. }
  1436. err.MsgWrite(0,DCT_MSG_ACCOUNTS_READ_FROM_FILE_DS,count,filename);
  1437. fclose(pFile);
  1438. }
  1439. else
  1440. {
  1441. err.MsgWrite(ErrE,DCT_MSG_ERROR_OPENING_FILE_S,filename);
  1442. Mark(L"errors", L"generic");
  1443. bSuccess = FALSE;
  1444. }
  1445. return bSuccess;
  1446. }
  1447. DWORD
  1448. CAcctRepl::UpdateUserRights(
  1449. IStatusObj * pStatus // in - status object
  1450. )
  1451. {
  1452. DWORD rc = 0;
  1453. TAcctReplNode * acct;
  1454. TNodeListEnum e;
  1455. IUserRights * pUserRights = NULL;
  1456. // Update user rights on the PDC of the target domain
  1457. HRESULT hr = CoCreateInstance(CLSID_UserRights,NULL,CLSCTX_ALL,IID_IUserRights,(void**)&pUserRights);
  1458. if ( FAILED(hr) )
  1459. {
  1460. return hr;
  1461. }
  1462. hr = pUserRights->OpenSourceServer(SysAllocString(opt.srcComp));
  1463. if ( SUCCEEDED(hr) )
  1464. {
  1465. hr = pUserRights->OpenTargetServer(SysAllocString(opt.tgtComp));
  1466. }
  1467. if ( SUCCEEDED(hr) )
  1468. {
  1469. pUserRights->put_NoChange(opt.nochange);
  1470. pUserRights->put_RemoveOldRightsFromTargetAccounts((opt.flags & F_RevokeOldRights) != 0);
  1471. if ( acctList.IsTree() )
  1472. {
  1473. acctList.ToSorted();
  1474. }
  1475. for ( acct = (TAcctReplNode *)e.OpenFirst(&acctList) ; acct ; acct = (TAcctReplNode *)e.Next() )
  1476. {
  1477. if ( pStatus )
  1478. {
  1479. LONG status = 0;
  1480. HRESULT hr = pStatus->get_Status(&status);
  1481. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  1482. {
  1483. if ( !bAbortMessageWritten )
  1484. {
  1485. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  1486. bAbortMessageWritten = true;
  1487. }
  1488. break;
  1489. }
  1490. }
  1491. if ( _wcsicmp(acct->GetType(), L"computer") != 0 ) // only update rights for users and groups, not computer accounts
  1492. {
  1493. // if the account wasn't created or replaced, don't bother
  1494. if ( acct->GetStatus() & ( AR_Status_Created | AR_Status_Replaced ) )
  1495. {
  1496. if ( opt.bSameForest && acct->GetSourceRid() && acct->GetTargetRid() )
  1497. {
  1498. WCHAR srcSidStr[LEN_Path] = L"";
  1499. WCHAR tgtSidStr[LEN_Path] = L"";
  1500. PSID srcSid = NULL;
  1501. PSID tgtSid = NULL;
  1502. DWORD sidLen = DIM(srcSidStr);
  1503. srcSid = GetWellKnownSid(acct->GetSourceRid(),&opt,FALSE);
  1504. tgtSid = GetWellKnownSid(acct->GetTargetRid(),&opt,TRUE);
  1505. if ( srcSid )
  1506. {
  1507. GetTextualSid(srcSid,srcSidStr,&sidLen);
  1508. }
  1509. if ( tgtSid )
  1510. {
  1511. sidLen = DIM(tgtSidStr);
  1512. GetTextualSid(tgtSid,tgtSidStr,&sidLen);
  1513. }
  1514. // build the source and target SIDs for the account
  1515. hr = pUserRights->CopyUserRightsWithSids(SysAllocString(acct->GetSourceSam()),SysAllocString(srcSidStr),SysAllocString(acct->GetTargetSam()),SysAllocString(tgtSidStr));
  1516. FreeSid(srcSid);
  1517. FreeSid(tgtSid);
  1518. srcSid = NULL;
  1519. tgtSid = NULL;
  1520. }
  1521. else
  1522. {
  1523. hr = pUserRights->CopyUserRights(SysAllocString(acct->GetSourceSam()),SysAllocString(acct->GetTargetSam()));
  1524. }
  1525. if ( ! rc )
  1526. {
  1527. err.MsgWrite(0,DCT_MSG_UPDATED_RIGHTS_S,acct->GetTargetName() );
  1528. acct->MarkRightsUpdated();
  1529. }
  1530. else
  1531. {
  1532. err.SysMsgWrite(ErrE,rc,DCT_MSG_UPDATE_RIGHTS_FAILED_SD,acct->GetTargetName(),rc);
  1533. acct->MarkError();
  1534. Mark(L"errors", acct->GetType());
  1535. }
  1536. }
  1537. }
  1538. }
  1539. e.Close();
  1540. }
  1541. if ( pUserRights )
  1542. pUserRights->Release();
  1543. Progress(L"");
  1544. return rc;
  1545. }
  1546. void
  1547. CAcctRepl::WriteOptionsToLog()
  1548. {
  1549. // This will make it easier to tell if arguments are ignored because they
  1550. // were specified in the wrong format, or misspelled, etc.
  1551. WCHAR cmdline[1000];
  1552. UStrCpy(cmdline ,GET_STRING(IDS_AccountMigration));
  1553. if ( opt.nochange )
  1554. {
  1555. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_WriteChanges_No));
  1556. }
  1557. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1558. UStrCpy(cmdline + UStrLen(cmdline),opt.srcDomain);
  1559. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1560. UStrCpy(cmdline + UStrLen(cmdline),opt.tgtDomain);
  1561. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1562. if ( opt.flags & F_USERS )
  1563. {
  1564. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_CopyUsers_Yes));
  1565. }
  1566. else
  1567. {
  1568. UStrCpy(cmdline + UStrLen(cmdline), GET_STRING(IDS_CopyUsers_No));
  1569. }
  1570. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1571. if ( opt.flags & F_GROUP )
  1572. {
  1573. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_CopyGlobalGroups_Yes));
  1574. }
  1575. else
  1576. {
  1577. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_CopyGlobalGroups_No));
  1578. }
  1579. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1580. if ( opt.flags & F_LGROUP )
  1581. {
  1582. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_CopyLocalGroups_Yes));
  1583. }
  1584. else
  1585. {
  1586. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_CopyLocalGroups_No));
  1587. }
  1588. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1589. if ( opt.flags & F_MACHINE )
  1590. {
  1591. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_CopyComputers_Yes));
  1592. }
  1593. else
  1594. {
  1595. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_CopyComputers_No));
  1596. }
  1597. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1598. if ( opt.flags & F_REPLACE )
  1599. {
  1600. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_ReplaceExisting_Yes));
  1601. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1602. }
  1603. if ( opt.flags & F_DISABLE_ALL )
  1604. {
  1605. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_DisableAll_Yes));
  1606. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1607. }
  1608. else if ( opt.flags & F_DISABLE_SPECIAL )
  1609. {
  1610. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_DisableSpecial_Yes));
  1611. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1612. }
  1613. if ( opt.flags & F_DISABLESOURCE )
  1614. {
  1615. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_DisableSourceAccounts_Yes));
  1616. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1617. }
  1618. if ( opt.flags & F_STRONGPW_ALL )
  1619. {
  1620. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_StrongPwd_All));
  1621. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1622. }
  1623. else if ( opt.flags & F_STRONGPW_SPECIAL )
  1624. {
  1625. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_StrongPwd_Special));
  1626. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1627. }
  1628. if ( *opt.addToGroup )
  1629. {
  1630. UStrCpy(cmdline + UStrLen(cmdline),GET_STRING(IDS_AddToGroup));
  1631. UStrCpy(cmdline + UStrLen(cmdline),opt.addToGroup);
  1632. UStrCpy(cmdline + UStrLen(cmdline),L" ");
  1633. }
  1634. err.MsgWrite(0,DCT_MSG_GENERIC_S,cmdline);
  1635. }
  1636. void
  1637. CAcctRepl::LoadResultsToVarSet(
  1638. IVarSet * pVarSet // i/o - VarSet
  1639. )
  1640. {
  1641. _bstr_t text;
  1642. text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_CSVResultFile));
  1643. if ( text.length() )
  1644. {
  1645. CommaDelimitedLog results;
  1646. if ( results.LogOpen((WCHAR*)text,FALSE) )
  1647. {
  1648. // Write the results to a comma-separated file
  1649. // as SrcName,TgtName,AccountType,Status, srcRid, tgtRid
  1650. // This file can be used by ST as input.
  1651. TNodeListEnum e;
  1652. TAcctReplNode * tnode;
  1653. if ( acctList.IsTree() )
  1654. {
  1655. acctList.ToSorted();
  1656. }
  1657. for ( tnode = (TAcctReplNode *)e.OpenFirst(&acctList) ; tnode ; tnode = (TAcctReplNode *)e.Next() )
  1658. {
  1659. results.MsgWrite(L"%s,%s,%lx,%lx,%lx,%lx",tnode->GetName(),tnode->GetTargetSam(), tnode->GetType(),tnode->GetStatus(),tnode->GetSourceRid(),tnode->GetTargetRid());
  1660. }
  1661. e.Close();
  1662. results.LogClose();
  1663. }
  1664. else
  1665. {
  1666. err.MsgWrite(ErrE,DCT_MSG_FAILED_TO_WRITE_ACCOUNT_STATS_S,text);
  1667. Mark(L"errors", "generic");
  1668. }
  1669. }
  1670. long level = pVarSet->get(GET_BSTR(DCTVS_Results_ErrorLevel));
  1671. if ( level < err.GetMaxSeverityLevel() )
  1672. {
  1673. pVarSet->put(GET_BSTR(DCTVS_Results_ErrorLevel),(LONG)err.GetMaxSeverityLevel());
  1674. }
  1675. }
  1676. IADsGroup * GetWellKnownTargetGroup(long groupID,Options * pOptions)
  1677. {
  1678. IADsGroup * pGroup = NULL;
  1679. HRESULT hr;
  1680. PSID pSid;
  1681. WCHAR strSid[LEN_Path];
  1682. WCHAR sPath[LEN_Path];
  1683. CLdapConnection c;
  1684. // Get the SID for the Domain Computers group
  1685. pSid = GetWellKnownSid(groupID,pOptions,TRUE);
  1686. if ( pSid )
  1687. {
  1688. c.BytesToString((LPBYTE)pSid,strSid,GetLengthSid(pSid));
  1689. swprintf(sPath,L"LDAP://%ls/<SID=%ls>",pOptions->tgtDomain,strSid);
  1690. hr = ADsGetObject(sPath,IID_IADsGroup,(void**)&pGroup);
  1691. FreeSid(pSid);
  1692. }
  1693. return pGroup;
  1694. }
  1695. void PadCnName(WCHAR * sTarget)
  1696. {
  1697. // escape character
  1698. const WCHAR ESCAPE_CHARACTER = L'\\';
  1699. // characters that need escaping for RDN format
  1700. static WCHAR SPECIAL_CHARACTERS[] = L"\"#+,;<=>\\";
  1701. // copy old name
  1702. WCHAR szOldName[LEN_Path];
  1703. wcscpy(szOldName, sTarget);
  1704. WCHAR* pchNew = sTarget;
  1705. // for each character in old name...
  1706. for (WCHAR* pchOld = szOldName; *pchOld; pchOld++)
  1707. {
  1708. // if special character...
  1709. if (wcschr(SPECIAL_CHARACTERS, *pchOld))
  1710. {
  1711. // then add escape character
  1712. *pchNew++ = ESCAPE_CHARACTER;
  1713. }
  1714. // add character
  1715. *pchNew++ = *pchOld;
  1716. }
  1717. // null terminate new name
  1718. *pchNew = L'\0';
  1719. }
  1720. //------------------------------------------------------------------------------
  1721. // Create2KObj: Creates a Win2K object. This code uses LDAP to create a new
  1722. // object of specified type in the specified container.
  1723. // If any information is incorrect or If there are any access
  1724. // problems then it simply returns the Failed HRESULT.
  1725. //------------------------------------------------------------------------------
  1726. HRESULT CAcctRepl::Create2KObj(
  1727. TAcctReplNode * pAcct, //in -TNode with account information
  1728. Options * pOptions //in -Options set by the user.
  1729. )
  1730. {
  1731. // This function creates a Win2K object.
  1732. IADs * pAds = NULL;
  1733. WCHAR sAdsPath[LEN_Path];
  1734. DWORD nPathLen = LEN_Path;
  1735. WCHAR sSubPath[LEN_Path];
  1736. WCHAR sClass[LEN_Path];
  1737. HRESULT hr;
  1738. WCHAR sTarget[LEN_Path];
  1739. _variant_t varT;
  1740. _bstr_t strName;
  1741. WCHAR strTarget[LEN_Path];
  1742. IADsContainer * pCont = NULL;
  1743. IDispatch * pDisp = NULL;
  1744. // Get the name of the class for the source object so we can use that to create the new object.
  1745. wcscpy(sClass, pAcct->GetType());
  1746. // check if the sourceAdsPath, for LDAP paths only, is correct before creating this object on the target. If not fail now.
  1747. if (!wcsncmp(L"LDAP://", pAcct->GetSourcePath(), 7))
  1748. {
  1749. wcsncpy(sAdsPath, pAcct->GetSourcePath(), nPathLen-1);
  1750. hr = ADsGetObject(sAdsPath, IID_IADs, (void**)&pAds);
  1751. if (FAILED(hr))
  1752. {
  1753. err.SysMsgWrite(ErrE,hr, DCT_MSG_LDAP_CALL_FAILED_SD, sAdsPath, hr);
  1754. Mark(L"errors", pAcct->GetType());
  1755. return hr;
  1756. }
  1757. }
  1758. pAds = NULL;
  1759. // Now that we have the classname we can go ahead and create an object in the target domain.
  1760. // First we need to get IAdsContainer * to the domain.
  1761. wcscpy(sSubPath, pOptions->tgtOUPath);
  1762. if ( !wcsncmp(L"LDAP://", sSubPath, 7) )
  1763. StuffComputerNameinLdapPath(sAdsPath, nPathLen, sSubPath, pOptions);
  1764. else
  1765. MakeFullyQualifiedAdsPath(sAdsPath, nPathLen, sSubPath, pOptions->tgtComp, pOptions->tgtNamingContext);
  1766. hr = ADsGetObject(sAdsPath, IID_IADsContainer, (void**)&pCont);
  1767. if ( FAILED(hr) )
  1768. {
  1769. if ( firstTime )
  1770. {
  1771. err.SysMsgWrite(ErrE,hr,DCT_MSG_CONTAINER_NOT_FOUND_SSD, pOptions->tgtOUPath, pOptions->tgtDomain, hr);
  1772. firstTime = false;
  1773. Mark(L"errors", pAcct->GetType());
  1774. }
  1775. if ( _wcsicmp((WCHAR*)sClass, L"computer") == 0 )
  1776. {
  1777. MakeFullyQualifiedAdsPath(sAdsPath, nPathLen, L"CN=Computers", pOptions->tgtDomain, pOptions->tgtNamingContext);
  1778. hr = ADsGetObject(sAdsPath, IID_IADsContainer, (void**)&pCont);
  1779. }
  1780. else
  1781. {
  1782. MakeFullyQualifiedAdsPath(sAdsPath, nPathLen, L"CN=Users", pOptions->tgtDomain, pOptions->tgtNamingContext);
  1783. hr = ADsGetObject(sAdsPath, IID_IADsContainer, (void**)&pCont);
  1784. }
  1785. if ( FAILED(hr) )
  1786. {
  1787. err.SysMsgWrite(ErrE, hr, DCT_MSG_DEFAULT_CONTAINER_NOT_FOUND_SD, sAdsPath, hr);
  1788. Mark(L"errors", pAcct->GetType());
  1789. return (hr);
  1790. }
  1791. }
  1792. WCHAR pref[LEN_Path], suf[LEN_Path];
  1793. // Call the create method on the container.
  1794. wcscpy(sTarget, pAcct->GetTargetName());
  1795. // In case of the NT4 source domain the source and the target name have no CN= so we need
  1796. // to add this to the target name. The target name from the group mapping wizard also needs a "CN="
  1797. // added to the target name.
  1798. if ((pOptions->srcDomainVer < 5) || (!_wcsicmp(sClass, L"computer")) || (!_wcsicmp((WCHAR*)pOptions->sWizard, L"groupmapping")))
  1799. {
  1800. WCHAR sTemp[LEN_Path];
  1801. wcscpy(sTemp, pAcct->GetTargetName());
  1802. PadCnName(sTemp);
  1803. // if the CN part is not there add it.
  1804. if ( _wcsicmp(sClass, L"organizationalUnit") == 0 )
  1805. wsprintf(sTarget, L"OU=%s", sTemp);
  1806. else
  1807. wsprintf(sTarget, L"CN=%s", sTemp);
  1808. pAcct->SetTargetName(sTarget);
  1809. }
  1810. // we need to truncate CN name to less that 64 characters
  1811. for ( DWORD z = 0; z < wcslen(sTarget); z++ )
  1812. {
  1813. if ( sTarget[z] == L'=' ) break;
  1814. }
  1815. if ( z < wcslen(sTarget) )
  1816. {
  1817. // Get the prefix part ex.CN=
  1818. wcsncpy(pref, sTarget, z+1);
  1819. pref[z+1] = 0;
  1820. wcscpy(suf, sTarget+z+1);
  1821. }
  1822. // The CN for the account could be greater than 64 we need to truncate it.
  1823. WCHAR sTempCn[LEN_Path];
  1824. if ( wcslen(suf) > 64 )
  1825. {
  1826. if ( wcslen(pOptions->globalSuffix) )
  1827. {
  1828. // in case of a global suffix we need to remove the suffix and then truncate the account and then readd the suffix.
  1829. suf[wcslen(suf) - wcslen(pOptions->globalSuffix)] = L'\0';
  1830. }
  1831. int truncate = 64 - wcslen(pOptions->globalSuffix);
  1832. wcsncpy(sTempCn, suf, truncate);
  1833. sTempCn[truncate] = L'\0';
  1834. if (wcslen(pOptions->globalSuffix))
  1835. wcscat(sTempCn, pOptions->globalSuffix);
  1836. err.MsgWrite(1, DCT_MSG_TRUNCATE_CN_SS, pAcct->GetTargetName(), sTempCn);
  1837. }
  1838. else
  1839. wcscpy(sTempCn, suf);
  1840. wsprintf(sTarget, L"%s%s", pref, sTempCn);
  1841. pAcct->SetTargetName(sTarget);
  1842. // even for a local group the object type of the group has to be a local group
  1843. if ( !_wcsicmp((WCHAR*)sClass, L"lgroup") )
  1844. {
  1845. wcscpy((WCHAR*)sClass,L"group");
  1846. }
  1847. // Call the create method on the container.
  1848. wcscpy(sTarget, pAcct->GetTargetName());
  1849. hr = pCont->Create(sClass, sTarget, &pDisp);
  1850. if ( FAILED(hr) )
  1851. {
  1852. err.SysMsgWrite(ErrE, hr,DCT_MSG_CREATE_FAILED_SSD, pAcct->GetTargetName(), pOptions->tgtOUPath, hr);
  1853. Mark(L"errors", pAcct->GetType());
  1854. pCont->Release();
  1855. return hr;
  1856. }
  1857. // Get the IADs interface to get the path to newly created object.
  1858. hr = pDisp->QueryInterface(IID_IADs, (void**)&pAds);
  1859. pDisp->Release();
  1860. pDisp = NULL;
  1861. if ( FAILED(hr) )
  1862. {
  1863. err.SysMsgWrite(ErrE, hr, DCT_MSG_GET_IADS_FAILED_SSD, pAcct->GetTargetName(), pOptions->tgtOUPath, hr);
  1864. Mark(L"errors", pAcct->GetType());
  1865. pCont->Release();
  1866. return hr;
  1867. }
  1868. // Set the Target Account Sam name if not an OU.
  1869. wcscpy(strTarget, pAcct->GetTargetSam());
  1870. StripSamName(strTarget);
  1871. pAcct->SetTargetSam(strTarget);
  1872. // check if the $ is at the end of the SAM name for computer accounts.
  1873. if ( !_wcsicmp(sClass, L"computer") )
  1874. {
  1875. // also make sure the target SAM name is not too long
  1876. if ( UStrLen(strTarget) > 16 )
  1877. {
  1878. strTarget[15] = 0;
  1879. }
  1880. if (strTarget[wcslen(strTarget)-1] != L'$')
  1881. {
  1882. WCHAR sTemp[LEN_Path];
  1883. wsprintf(sTemp, L"%s$", strTarget);
  1884. wcscpy(strTarget, sTemp);
  1885. pAcct->SetTargetSam(strTarget);
  1886. }
  1887. }
  1888. varT = strTarget;
  1889. if ( _wcsicmp(sClass, L"organizationalUnit") != 0)
  1890. // organizational unit has no sam account name
  1891. hr = pAds->Put(L"sAMAccountName", varT);
  1892. if ( _wcsicmp(sClass, L"group") == 0 )
  1893. {
  1894. varT = _variant_t(pAcct->GetGroupType());
  1895. if ( pOptions->srcDomainVer < 5 )
  1896. {
  1897. // all NT4 accounts are security accounts but they tell us that they are Dist accts so lets set them straight.
  1898. varT.lVal |= 0x80000000;
  1899. }
  1900. hr = pAds->Put(L"groupType", varT);
  1901. }
  1902. else if ( !_wcsicmp(sClass, L"user") )
  1903. {
  1904. // Get the source profile path and store it in the path
  1905. _variant_t var;
  1906. IADs * pAdsSource = NULL;
  1907. hr = ADsGetObject(const_cast<WCHAR*>(pAcct->GetSourcePath()), IID_IADs, (void**)&pAdsSource);
  1908. if ( SUCCEEDED(hr) )
  1909. {
  1910. // Don't know why it is different for WinNT to ADSI
  1911. if ( pOptions->srcDomainVer > 4 )
  1912. hr = pAdsSource->Get(L"profilePath", &var);
  1913. else
  1914. hr = pAdsSource->Get(L"profile", &var);
  1915. if ( SUCCEEDED(hr))
  1916. {
  1917. pAcct->SetSourceProfile((WCHAR*) V_BSTR(&var));
  1918. }
  1919. pAdsSource->Release();
  1920. }
  1921. }
  1922. // In no change mode we do not call the set info.
  1923. if ( !pOptions->nochange )
  1924. {
  1925. hr = pAds->SetInfo();
  1926. if ( FAILED(hr) )
  1927. {
  1928. if (HRESULT_CODE(hr) == ERROR_OBJECT_ALREADY_EXISTS)
  1929. {
  1930. if ( wcslen(pOptions->prefix) > 0 )
  1931. {
  1932. WCHAR tgt[LEN_Path];
  1933. WCHAR pref[LEN_Path], suf[LEN_Path];
  1934. WCHAR sTempSam[LEN_Path];
  1935. _variant_t varStr;
  1936. // Here I am adding a prefix and then lets see if we can setinfo that way
  1937. // find the '=' sign
  1938. wcscpy(tgt, pAcct->GetTargetName());
  1939. for ( DWORD z = 0; z < wcslen(tgt); z++ )
  1940. {
  1941. if ( tgt[z] == L'=' ) break;
  1942. }
  1943. if ( z < wcslen(tgt) )
  1944. {
  1945. // Get the prefix part ex.CN=
  1946. wcsncpy(pref, tgt, z+1);
  1947. pref[z+1] = 0;
  1948. wcscpy(suf, tgt+z+1);
  1949. }
  1950. // The CN for the account could be greater than 64 we need to truncate it.
  1951. WCHAR sTempCn[LEN_Path];
  1952. if ( wcslen(suf) + wcslen(pOptions->prefix) > 64 )
  1953. {
  1954. int truncate = 64 - wcslen(pOptions->prefix);
  1955. wcsncpy(sTempCn, suf, truncate);
  1956. sTempCn[truncate] = L'\0';
  1957. err.MsgWrite(1, DCT_MSG_TRUNCATE_CN_SS, pAcct->GetTargetName(), sTempCn);
  1958. }
  1959. else
  1960. wcscpy(sTempCn, suf);
  1961. // Remove the \ if it is escaping the space
  1962. if ( sTempCn[0] == L'\\' && sTempCn[1] == L' ' )
  1963. {
  1964. WCHAR sTemp[LEN_Path];
  1965. wcscpy(sTemp, sTempCn+1);
  1966. wcscpy(sTempCn, sTemp);
  1967. }
  1968. // Build the target string with the Prefix
  1969. wsprintf(tgt, L"%s%s%s", pref, pOptions->prefix, sTempCn);
  1970. pAcct->SetTargetName(tgt);
  1971. // Create the object in the container
  1972. hr = pCont->Create(sClass, tgt, &pDisp);
  1973. if ( FAILED(hr) )
  1974. {
  1975. err.SysMsgWrite(ErrE, hr,DCT_MSG_CREATE_FAILED_SSD, pAcct->GetTargetName(), pOptions->tgtOUPath, hr);
  1976. Mark(L"errors", pAcct->GetType());
  1977. pCont->Release();
  1978. pAds->Release();
  1979. pDisp->Release();
  1980. return hr;
  1981. }
  1982. // Get the IADs interface to get the path to newly created object.
  1983. pAds->Release();
  1984. hr = pDisp->QueryInterface(IID_IADs, (void**)&pAds);
  1985. pDisp->Release();
  1986. if ( FAILED(hr) )
  1987. {
  1988. err.SysMsgWrite(ErrE, hr, DCT_MSG_GET_IADS_FAILED_SSD, pAcct->GetTargetName(), pOptions->tgtOUPath, hr);
  1989. Mark(L"errors", pAcct->GetType());
  1990. pCont->Release();
  1991. return hr;
  1992. }
  1993. // truncate to allow prefix/suffix to fit in 20 characters.
  1994. int resLen = wcslen(pOptions->prefix) + wcslen(pAcct->GetTargetSam());
  1995. if ( !_wcsicmp(pAcct->GetType(), L"computer") )
  1996. {
  1997. // Computer name can be only 15 characters long + $
  1998. if ( resLen > 16 )
  1999. {
  2000. WCHAR sTruncatedSam[LEN_Path];
  2001. wcscpy(sTruncatedSam, pAcct->GetTargetSam());
  2002. if ( wcslen( pOptions->globalSuffix ) )
  2003. {
  2004. // We must remove the global suffix if we had one.
  2005. sTruncatedSam[wcslen(sTruncatedSam) - wcslen(pOptions->globalSuffix)] = L'\0';
  2006. }
  2007. int truncate = 16 - wcslen(pOptions->prefix) - wcslen(pOptions->globalSuffix);
  2008. if ( truncate < 1 ) truncate = 1;
  2009. wcsncpy(sTempSam, sTruncatedSam, truncate - 1);
  2010. sTempSam[truncate-1] = L'\0'; // Dont forget the $ sign and terminate string.
  2011. wcscat(sTempSam, pOptions->globalSuffix);
  2012. wcscat(sTempSam, L"$");
  2013. }
  2014. else
  2015. wcscpy(sTempSam, pAcct->GetTargetSam());
  2016. // Add the prefix
  2017. wsprintf(tgt, L"%s%s", pOptions->prefix,sTempSam);
  2018. }
  2019. else if ( !_wcsicmp(pAcct->GetType(), L"user") )
  2020. {
  2021. if ( resLen > 20 )
  2022. {
  2023. WCHAR sTruncatedSam[LEN_Path];
  2024. wcscpy(sTruncatedSam, pAcct->GetTargetSam());
  2025. if ( wcslen( pOptions->globalSuffix ) )
  2026. {
  2027. // We must remove the global suffix if we had one.
  2028. sTruncatedSam[wcslen(sTruncatedSam) - wcslen(pOptions->globalSuffix)] = L'\0';
  2029. }
  2030. int truncate = 20 - wcslen(pOptions->prefix) - wcslen(pOptions->globalSuffix);
  2031. if ( truncate < 0 ) truncate = 0;
  2032. wcsncpy(sTempSam, sTruncatedSam, truncate);
  2033. sTempSam[truncate] = L'\0';
  2034. wcscat(sTempSam, pOptions->globalSuffix);
  2035. }
  2036. else
  2037. wcscpy(sTempSam, pAcct->GetTargetSam());
  2038. // Add the prefix
  2039. wsprintf(tgt, L"%s%s", pOptions->prefix,sTempSam);
  2040. }
  2041. else
  2042. wsprintf(tgt, L"%s%s", pOptions->prefix,pAcct->GetTargetSam());
  2043. StripSamName(tgt);
  2044. pAcct->SetTargetSam(tgt);
  2045. varStr = tgt;
  2046. pAds->Put(L"sAMAccountName", varStr);
  2047. if ( _wcsicmp(sClass, L"group") == 0 )
  2048. {
  2049. varT = _variant_t(pAcct->GetGroupType());
  2050. if ( pOptions->srcDomainVer < 5 )
  2051. {
  2052. // all NT4 accounts are security accounts but they tell us that they are Dist accts so lets set them straight.
  2053. varT.lVal |= 0x80000000;
  2054. }
  2055. hr = pAds->Put(L"groupType", varT);
  2056. }
  2057. hr = pAds->SetInfo();
  2058. if ( SUCCEEDED(hr) )
  2059. {
  2060. Mark(L"created", sClass);
  2061. pAcct->MarkCreated();
  2062. WCHAR * sTgtPath;
  2063. HRESULT temphr = pAds->get_ADsPath(&sTgtPath);
  2064. if ( SUCCEEDED(temphr) )
  2065. pAcct->SetTargetPath(sTgtPath);
  2066. else
  2067. pAcct->SetTargetPath(L"");
  2068. }
  2069. else if ( HRESULT_CODE(hr) == ERROR_OBJECT_ALREADY_EXISTS )
  2070. {
  2071. pAcct->MarkAlreadyThere();
  2072. err.MsgWrite(ErrE, DCT_MSG_PREF_ACCOUNT_EXISTS_S, pAcct->GetTargetSam());
  2073. Mark(L"errors",pAcct->GetType());
  2074. }
  2075. else
  2076. {
  2077. pAcct->MarkError();
  2078. err.SysMsgWrite(ErrE, hr, DCT_MSG_CREATE_FAILED_SSD, pAcct->GetTargetSam(), pOptions->tgtOUPath, hr);
  2079. Mark(L"errors",pAcct->GetType());
  2080. }
  2081. }
  2082. else if ( wcslen(pOptions->suffix) > 0 )
  2083. {
  2084. WCHAR tgt[LEN_Path];
  2085. WCHAR pref[LEN_Path], suf[LEN_Path];
  2086. WCHAR sTempSam[LEN_Path];
  2087. _variant_t varStr;
  2088. wcscpy(tgt, pAcct->GetTargetName());
  2089. for ( DWORD z = 0; z < wcslen(tgt); z++ )
  2090. {
  2091. if ( tgt[z] == L'=' ) break;
  2092. }
  2093. if ( z < wcslen(tgt) )
  2094. {
  2095. // Get the prefix part ex.CN=
  2096. wcsncpy(pref, tgt, z+1);
  2097. pref[z+1] = 0;
  2098. wcscpy(suf, tgt+z+1);
  2099. }
  2100. // The CN for the account could be greater than 64 we need to truncate it.
  2101. WCHAR sTempCn[LEN_Path];
  2102. if ( wcslen(suf) + wcslen(pOptions->suffix) + wcslen(pOptions->globalSuffix) > 64 )
  2103. {
  2104. if ( wcslen(pOptions->globalSuffix) )
  2105. {
  2106. // in case of a global suffix we need to remove the suffix and then truncate the account and then readd the suffix.
  2107. suf[wcslen(suf) - wcslen(pOptions->globalSuffix)] = L'\0';
  2108. }
  2109. int truncate = 64 - wcslen(pOptions->suffix) - wcslen(pOptions->globalSuffix);
  2110. wcsncpy(sTempCn, suf, truncate);
  2111. sTempCn[truncate] = L'\0';
  2112. wcscat(sTempCn, pOptions->globalSuffix);
  2113. err.MsgWrite(1, DCT_MSG_TRUNCATE_CN_SS, pAcct->GetTargetName(), suf);
  2114. }
  2115. else
  2116. wcscpy(sTempCn, suf);
  2117. // Remove the trailing space \ escape sequence
  2118. wcscpy(tgt, sTempCn);
  2119. for ( int i = wcslen(tgt)-1; i >= 0; i-- )
  2120. {
  2121. if ( tgt[i] != L' ' )
  2122. break;
  2123. }
  2124. if ( tgt[i] == L'\\' )
  2125. {
  2126. WCHAR * pTemp = &tgt[i];
  2127. *pTemp = 0;
  2128. wcscat(pref, tgt);
  2129. wcscpy(suf, pTemp+1);
  2130. }
  2131. else
  2132. {
  2133. wcscat(pref, tgt);
  2134. wcscpy(suf, L"");
  2135. }
  2136. wsprintf(tgt, L"%s%s%s", pref, suf, pOptions->suffix);
  2137. pAcct->SetTargetName(tgt);
  2138. // Create the object in the container
  2139. hr = pCont->Create(sClass, tgt, &pDisp);
  2140. if ( FAILED(hr) )
  2141. {
  2142. err.SysMsgWrite(ErrE, hr,DCT_MSG_CREATE_FAILED_SSD, pAcct->GetTargetName(), pOptions->tgtOUPath, hr);
  2143. Mark(L"errors", pAcct->GetType());
  2144. pCont->Release();
  2145. pAds->Release();
  2146. return hr;
  2147. }
  2148. // Get the IADs interface to get the path to newly created object.
  2149. pAds->Release();
  2150. hr = pDisp->QueryInterface(IID_IADs, (void**)&pAds);
  2151. pDisp->Release();
  2152. if ( FAILED(hr) )
  2153. {
  2154. err.SysMsgWrite(ErrE, hr, DCT_MSG_GET_IADS_FAILED_SSD, pAcct->GetTargetName(), pOptions->tgtOUPath, hr);
  2155. Mark(L"errors", pAcct->GetType());
  2156. pCont->Release();
  2157. return hr;
  2158. }
  2159. // truncate to allow prefix/suffix to fit in valid length
  2160. int resLen = wcslen(pOptions->suffix) + wcslen(pAcct->GetTargetSam());
  2161. if ( !_wcsicmp(pAcct->GetType(), L"computer") )
  2162. {
  2163. // Computer name can be only 15 characters long + $
  2164. if ( resLen > 16 )
  2165. {
  2166. WCHAR sTruncatedSam[LEN_Path];
  2167. wcscpy(sTruncatedSam, pAcct->GetTargetSam());
  2168. if ( wcslen( pOptions->globalSuffix ) )
  2169. {
  2170. // We must remove the global suffix if we had one.
  2171. sTruncatedSam[wcslen(sTruncatedSam) - wcslen(pOptions->globalSuffix)] = L'\0';
  2172. }
  2173. int truncate = 16 - wcslen(pOptions->suffix) - wcslen(pOptions->globalSuffix);
  2174. if ( truncate < 1 ) truncate = 1;
  2175. wcsncpy(sTempSam, sTruncatedSam, truncate - 1);
  2176. sTempSam[truncate-1] = L'\0';
  2177. // Re add the global suffix after the truncation.
  2178. wcscat(sTempSam, pOptions->globalSuffix);
  2179. wcscat(sTempSam, L"$");
  2180. }
  2181. else
  2182. wcscpy(sTempSam, pAcct->GetTargetSam());
  2183. // Add the suffix taking into account the $ sign
  2184. if ( sTempSam[wcslen(sTempSam) - 1] == L'$' )
  2185. sTempSam[wcslen(sTempSam) - 1] = L'\0';
  2186. wsprintf(tgt, L"%s%s$", sTempSam, pOptions->suffix);
  2187. }
  2188. else if ( !_wcsicmp(pAcct->GetType(), L"user") )
  2189. {
  2190. if ( resLen > 20 )
  2191. {
  2192. WCHAR sTruncatedSam[LEN_Path];
  2193. wcscpy(sTruncatedSam, pAcct->GetTargetSam());
  2194. if ( wcslen( pOptions->globalSuffix ) )
  2195. {
  2196. // We must remove the global suffix if we had one.
  2197. sTruncatedSam[wcslen(sTruncatedSam) - wcslen(pOptions->globalSuffix)] = L'\0';
  2198. }
  2199. int truncate = 20 - wcslen(pOptions->suffix) - wcslen(pOptions->globalSuffix);
  2200. if ( truncate < 0 ) truncate = 0;
  2201. wcsncpy(sTempSam, sTruncatedSam, truncate);
  2202. sTempSam[truncate] = L'\0';
  2203. wcscat(sTempSam, pOptions->globalSuffix);
  2204. }
  2205. else
  2206. wcscpy(sTempSam, pAcct->GetTargetSam());
  2207. // Add the suffix.
  2208. wsprintf(tgt, L"%s%s", sTempSam, pOptions->suffix);
  2209. }
  2210. else
  2211. wsprintf(tgt, L"%s%s", pAcct->GetTargetSam(), pOptions->suffix);
  2212. StripSamName(tgt);
  2213. pAcct->SetTargetSam(tgt);
  2214. varStr = tgt;
  2215. pAds->Put(L"sAMAccountName", varStr);
  2216. if ( _wcsicmp(sClass, L"group") == 0 )
  2217. {
  2218. varT = _variant_t(pAcct->GetGroupType());
  2219. if ( pOptions->srcDomainVer < 5 )
  2220. {
  2221. // all NT4 accounts are security accounts but they tell us that they are Dist accts so lets set them straight.
  2222. varT.lVal |= 0x80000000;
  2223. }
  2224. hr = pAds->Put(L"groupType", varT);
  2225. }
  2226. hr = pAds->SetInfo();
  2227. if ( SUCCEEDED(hr) )
  2228. {
  2229. Mark(L"created", sClass);
  2230. pAcct->MarkCreated();
  2231. WCHAR * sTgtPath;
  2232. HRESULT temphr = pAds->get_ADsPath(&sTgtPath);
  2233. if ( SUCCEEDED(temphr) )
  2234. pAcct->SetTargetPath(sTgtPath);
  2235. else
  2236. pAcct->SetTargetPath(L"");
  2237. }
  2238. else if ( HRESULT_CODE(hr) == ERROR_OBJECT_ALREADY_EXISTS )
  2239. {
  2240. pAcct->MarkAlreadyThere();
  2241. err.MsgWrite(ErrE, DCT_MSG_PREF_ACCOUNT_EXISTS_S, pAcct->GetTargetSam());
  2242. Mark(L"errors",pAcct->GetType());
  2243. }
  2244. else
  2245. {
  2246. pAcct->MarkError();
  2247. err.SysMsgWrite(ErrE, hr, DCT_MSG_CREATE_FAILED_SSD, pAcct->GetTargetSam(), pOptions->tgtOUPath, hr);
  2248. Mark(L"errors",pAcct->GetType());
  2249. }
  2250. }
  2251. else
  2252. {
  2253. if (pOptions->flags & F_REPLACE)
  2254. {
  2255. WCHAR sPath[LEN_Path], sQuery[LEN_Path];
  2256. WCHAR sPath9[LEN_Path];
  2257. SAFEARRAY * pszColNames = NULL;
  2258. BSTR HUGEP * pData;
  2259. LPWSTR sData[] = { L"ADsPath", L"profilePath", L"objectClass" };
  2260. INetObjEnumeratorPtr pQuery(__uuidof(NetObjEnumerator));
  2261. IEnumVARIANT * pEnumMem = NULL;
  2262. _variant_t var;
  2263. DWORD dwFetch;
  2264. HRESULT temphr;
  2265. int nElt = DIM(sData);
  2266. SAFEARRAYBOUND bd = { nElt, 0 };
  2267. BOOL bIsCritical = FALSE;
  2268. BOOL bIsDifferentType = FALSE;
  2269. // Since the object already exists we need to get the ADsPath to the object and update the acct structure
  2270. // Set up the query and the path
  2271. wsprintf(sPath, L"LDAP://%s/%s", pOptions->tgtComp+2, pOptions->tgtNamingContext);
  2272. WCHAR sTempSamName[LEN_Path];
  2273. wcscpy(sTempSamName, pAcct->GetTargetSam());
  2274. if ( sTempSamName[0] == L' ' )
  2275. {
  2276. WCHAR sTemp[LEN_Path];
  2277. wsprintf(sTemp, L"\\20%s", sTempSamName + 1);
  2278. wcscpy(sTempSamName, sTemp);
  2279. }
  2280. wsprintf(sQuery, L"(sAMAccountName=%s)", sTempSamName);
  2281. temphr = pQuery->raw_SetQuery(sPath, pOptions->tgtDomainDns, sQuery, ADS_SCOPE_SUBTREE, FALSE);
  2282. if ( FAILED(temphr) )
  2283. {
  2284. pCont->Release();
  2285. pAds->Release();
  2286. return temphr;
  2287. }
  2288. // Set up the columns so we get the ADsPath of the object.
  2289. pszColNames = ::SafeArrayCreate(VT_BSTR, 1, &bd);
  2290. temphr = ::SafeArrayAccessData(pszColNames, (void HUGEP **)&pData);
  2291. if ( FAILED(temphr) )
  2292. {
  2293. pCont->Release();
  2294. pAds->Release();
  2295. SafeArrayDestroy(pszColNames);
  2296. return temphr;
  2297. }
  2298. for ( long i = 0; i < nElt; i++ )
  2299. {
  2300. pData[i] = SysAllocString(sData[i]);
  2301. }
  2302. temphr = ::SafeArrayUnaccessData(pszColNames);
  2303. if ( FAILED(temphr) )
  2304. {
  2305. ::SafeArrayDestroy(pszColNames);
  2306. pCont->Release();
  2307. pAds->Release();
  2308. return temphr;
  2309. }
  2310. temphr = pQuery->raw_SetColumns(pszColNames);
  2311. if ( FAILED(temphr) )
  2312. {
  2313. pCont->Release();
  2314. pAds->Release();
  2315. ::SafeArrayDestroy(pszColNames);
  2316. return temphr;
  2317. }
  2318. // Time to execute the plan.
  2319. temphr = pQuery->raw_Execute(&pEnumMem);
  2320. if ( FAILED(temphr) )
  2321. {
  2322. ::SafeArrayDestroy(pszColNames);
  2323. pCont->Release();
  2324. pAds->Release();
  2325. return temphr;
  2326. }
  2327. ::SafeArrayDestroy(pszColNames);
  2328. temphr = pEnumMem->Next(1, &var, &dwFetch);
  2329. if ( temphr == S_OK )
  2330. {
  2331. // This would only happen if the member existed in the target domain.
  2332. // We now have a Variant containing an array of variants so we access the data
  2333. _variant_t * pVar;
  2334. _bstr_t sConfName = pAcct->GetTargetName();
  2335. _bstr_t sOldCont;
  2336. pszColNames = V_ARRAY(&var);
  2337. SafeArrayAccessData(pszColNames, (void HUGEP **)&pVar);
  2338. wcscpy(sAdsPath, (WCHAR*)pVar[0].bstrVal);
  2339. pAcct->SetTargetPath(sAdsPath);
  2340. // Check if the object we are about to replace is of the same type.
  2341. if ( _wcsicmp(pAcct->GetType(), (WCHAR*) pVar[2].bstrVal) )
  2342. bIsDifferentType = TRUE;
  2343. SafeArrayUnaccessData(pszColNames);
  2344. IADs * pAdsNew = NULL;
  2345. temphr = ADsGetObject(const_cast<WCHAR*>(pAcct->GetTargetPath()), IID_IADs, (void**)&pAdsNew);
  2346. if ( SUCCEEDED(temphr) )
  2347. {
  2348. //see if critical
  2349. _variant_t varCritical;
  2350. temphr = pAdsNew->Get(L"isCriticalSystemObject", &varCritical);
  2351. if (SUCCEEDED(temphr))
  2352. {
  2353. bIsCritical = V_BOOL(&varCritical) == -1 ? TRUE : FALSE;
  2354. }
  2355. //get the name
  2356. BSTR sTgtName = NULL;
  2357. temphr = pAdsNew->get_Name(&sTgtName);
  2358. if ( SUCCEEDED(temphr) )
  2359. sConfName = _bstr_t(sTgtName, false);
  2360. //get the parent container of the conflicting object
  2361. BSTR sTgtCont = NULL;
  2362. temphr = pAdsNew->get_Parent(&sTgtCont);
  2363. if ( SUCCEEDED(temphr) )
  2364. sOldCont = _bstr_t(sTgtCont, false);
  2365. }
  2366. if ( pAdsNew )
  2367. {
  2368. pAdsNew->Release();
  2369. pAdsNew = NULL;
  2370. }
  2371. if ( bIsDifferentType )
  2372. {
  2373. // Since the source and target accounts are of different types we do not want to replace these.
  2374. hr = HRESULT_FROM_WIN32(ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH);
  2375. }
  2376. //else if not critical then move the account
  2377. else if ( !bIsCritical )
  2378. {
  2379. //if user selected to move that account into the user-specified OU, then move it
  2380. if (pOptions->flags & F_MOVE_REPLACED_ACCT)
  2381. {
  2382. temphr = pCont->MoveHere(const_cast<WCHAR*>(pAcct->GetTargetPath()), const_cast<WCHAR*>(pAcct->GetTargetName()), &pDisp);
  2383. //if move failed due to CN conflict, do not migrate
  2384. if ( FAILED(temphr) )
  2385. {
  2386. // The move failed one of the reasons might be that there is a conflict in container name ( CN )
  2387. DWORD nPathLen = LEN_Path;
  2388. WCHAR path9[LEN_Path];
  2389. IADs * pAds9 = NULL;
  2390. // Build the path to the target object
  2391. MakeFullyQualifiedAdsPath(sPath9, nPathLen, pOptions->tgtOUPath, pOptions->tgtDomain, pOptions->tgtNamingContext);
  2392. WCHAR * pRelativeTgtOUPath = wcschr(sPath9 + UStrLen(L"LDAP://") + 2,L'/');
  2393. if ( pRelativeTgtOUPath )
  2394. {
  2395. *pRelativeTgtOUPath = 0;
  2396. swprintf(path9,L"%ls/%ls,%ls",sPath9,pAcct->GetTargetName(),pRelativeTgtOUPath+1);
  2397. }
  2398. if ( _wcsicmp(path9, pAcct->GetTargetPath()) )
  2399. {
  2400. HRESULT phr = ADsGetObject(path9, IID_IADs, (void**)&pAds9);
  2401. if ( SUCCEEDED(phr) )
  2402. {
  2403. // Object with that CN exists so we can not move the object
  2404. err.MsgWrite(ErrE, DCT_MSG_MOVE_FAILED_CN_CONFLICT_SSS, pAcct->GetTargetName(), pRelativeTgtOUPath+1);
  2405. Mark(L"errors", pAcct->GetType());
  2406. pAds9->Release();
  2407. }
  2408. }
  2409. pAds->Release();
  2410. pCont->Release();
  2411. return temphr;
  2412. }
  2413. }
  2414. else //else try to rename the CN of the object (I'll use the same MoveHere API)
  2415. {
  2416. IADsContainer * pOldCont = NULL;
  2417. temphr = ADsGetObject(sOldCont, IID_IADsContainer, (void**)&pOldCont);
  2418. if (SUCCEEDED(temphr))
  2419. {
  2420. temphr = pOldCont->MoveHere(const_cast<WCHAR*>(pAcct->GetTargetPath()), const_cast<WCHAR*>(pAcct->GetTargetName()), &pDisp);
  2421. pOldCont->Release();
  2422. }
  2423. //if failed to rename the CN, do not migrate
  2424. if ( FAILED(temphr) )
  2425. {
  2426. // The CN rename failed due to conflicting CN in this container
  2427. err.MsgWrite(ErrE, DCT_MSG_CN_RENAME_CONFLICT_SSS, (WCHAR*)sConfName, pAcct->GetTargetName(), (WCHAR*)sOldCont);
  2428. Mark(L"errors", pAcct->GetType());
  2429. pAds->Release();
  2430. pCont->Release();
  2431. //if we couldn't rename the CN, change the error code so we don't continue migrating this user
  2432. if ((HRESULT_CODE(temphr) == ERROR_OBJECT_ALREADY_EXISTS))
  2433. temphr = HRESULT_FROM_WIN32(ERROR_DS_INVALID_DN_SYNTAX);
  2434. return temphr;
  2435. }
  2436. }
  2437. // Get the new location of the object.
  2438. BSTR sNewPath;
  2439. temphr = pDisp->QueryInterface(IID_IADs, (void**)&pAdsNew);
  2440. pDisp->Release();
  2441. if ( FAILED(temphr) )
  2442. {
  2443. pCont->Release();
  2444. pAds->Release();
  2445. return temphr;
  2446. }
  2447. temphr = pAdsNew->get_ADsPath(&sNewPath);
  2448. pAdsNew->Release();
  2449. if ( FAILED(temphr) )
  2450. {
  2451. pCont->Release();
  2452. pAds->Release();
  2453. return temphr;
  2454. }
  2455. // And store that in the target path
  2456. pAcct->SetTargetPath((WCHAR*) sNewPath);
  2457. SysFreeString(sNewPath);
  2458. // If the account is a group account and the Replace Existing members flag is set then we need to
  2459. // remove all the members of this group.
  2460. if ( (_wcsicmp(L"group", pAcct->GetType()) == 0 ) && (pOptions->flags & F_REMOVE_OLD_MEMBERS) )
  2461. RemoveMembers(pAcct, pOptions);
  2462. pAcct->MarkAlreadyThere();
  2463. pAcct->MarkReplaced();
  2464. }
  2465. else
  2466. {
  2467. //if this is a special account that we need to mark as such
  2468. if (bIsCritical)
  2469. {
  2470. pAcct->MarkCritical();
  2471. hr = HRESULT_FROM_WIN32(ERROR_SPECIAL_ACCOUNT);
  2472. }
  2473. }
  2474. }
  2475. else
  2476. {
  2477. // Sam Account name is not in the target domain and we have a conflict see if it is a CN conf
  2478. WCHAR sPath9[LEN_Path];
  2479. DWORD nPathLen = LEN_Path;
  2480. WCHAR path9[LEN_Path];
  2481. IADs * pAdsNew = NULL;
  2482. // Build the path to the target object
  2483. MakeFullyQualifiedAdsPath(sPath9, nPathLen, pOptions->tgtOUPath, pOptions->tgtDomain, pOptions->tgtNamingContext);
  2484. WCHAR * pRelativeTgtOUPath = wcschr(sPath9 + UStrLen(L"LDAP://") + 2,L'/');
  2485. if ( pRelativeTgtOUPath )
  2486. {
  2487. *pRelativeTgtOUPath = 0;
  2488. swprintf(path9,L"%ls/%ls,%ls",sPath9,pAcct->GetTargetName(),pRelativeTgtOUPath+1);
  2489. }
  2490. temphr = ADsGetObject(path9, IID_IADs, (void**) &pAdsNew);
  2491. if ( SUCCEEDED(temphr) )
  2492. {
  2493. // Object with that CN exists so we use it
  2494. BSTR sTgtPath;
  2495. HRESULT temphr = pAdsNew->get_ADsPath(&sTgtPath);
  2496. if (SUCCEEDED(temphr))
  2497. pAcct->SetTargetPath(sTgtPath);
  2498. else
  2499. pAcct->SetTargetPath(L"");
  2500. // Check if the object we are about to replace is of the same type.
  2501. BSTR sClass;
  2502. temphr = pAdsNew->get_Class(&sClass);
  2503. if ((SUCCEEDED(temphr)) && (!_wcsicmp(pAcct->GetType(), (WCHAR*)sClass)))
  2504. bIsDifferentType = FALSE;
  2505. else
  2506. bIsDifferentType = TRUE;
  2507. _variant_t varCritical;
  2508. temphr = pAdsNew->Get(L"isCriticalSystemObject", &varCritical);
  2509. if (SUCCEEDED(temphr))
  2510. bIsCritical = V_BOOL(&varCritical) == -1 ? TRUE : FALSE;
  2511. //if the source and target accounts are of different types we do not want to replace these.
  2512. if (bIsDifferentType)
  2513. {
  2514. hr = HRESULT_FROM_WIN32(ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH);
  2515. }
  2516. //else if not critical then fix the SAM name and other related chores
  2517. else if ( !bIsCritical )
  2518. {
  2519. //get the old Target Account Sam name
  2520. _variant_t varOldSAM = pAcct->GetTargetSam();
  2521. temphr = pAdsNew->Get(L"sAMAccountName", &varOldSAM);
  2522. // Set the Target Account Sam name
  2523. _variant_t varSAM = pAcct->GetTargetSam();
  2524. temphr = pAdsNew->Put(L"sAMAccountName", varSAM);
  2525. if (SUCCEEDED(temphr))
  2526. temphr = pAdsNew->SetInfo();
  2527. if ( FAILED(temphr) )
  2528. {
  2529. // The SAM rename failed due to conflicting SAM, do not migrate
  2530. err.MsgWrite(ErrE, DCT_MSG_SAM_RENAME_CONFLICT_SS, (WCHAR*)(varOldSAM.bstrVal), pAcct->GetTargetSam());
  2531. Mark(L"errors", pAcct->GetType());
  2532. pAds->Release();
  2533. pCont->Release();
  2534. pAdsNew->Release();
  2535. return temphr;
  2536. }
  2537. // If the account is a group account and the Replace Existing members flag is set then we need to
  2538. // remove all the members of this group.
  2539. if ( (_wcsicmp(L"group", pAcct->GetType()) == 0 ) && (pOptions->flags & F_REMOVE_OLD_MEMBERS) )
  2540. RemoveMembers(pAcct, pOptions);
  2541. pAcct->MarkAlreadyThere();
  2542. pAcct->MarkReplaced();
  2543. }
  2544. else
  2545. {
  2546. //if this is a special account that we need to mark as such
  2547. if (bIsCritical)
  2548. {
  2549. pAcct->MarkCritical();
  2550. hr = HRESULT_FROM_WIN32(ERROR_SPECIAL_ACCOUNT);
  2551. }
  2552. }
  2553. if ( pAdsNew )
  2554. {
  2555. pAdsNew->Release();
  2556. pAdsNew = NULL;
  2557. }
  2558. }
  2559. else
  2560. {
  2561. // This should only happen if the replace fails because the object that already has
  2562. // this SAM Account Name is a special Win2K builtin object or container
  2563. // One example of this problem is "Service".
  2564. pAcct->SetStatus(pAcct->GetStatus()|AR_Status_Special);
  2565. err.SysMsgWrite(ErrE,ERROR_SPECIAL_ACCOUNT,DCT_MSG_REPLACE_FAILED_SD,pAcct->GetName(),ERROR_SPECIAL_ACCOUNT);
  2566. Mark(L"errors", pAcct->GetType());
  2567. }
  2568. }
  2569. pEnumMem->Release();
  2570. VariantInit(&var);
  2571. }
  2572. else
  2573. {
  2574. pAcct->MarkAlreadyThere();
  2575. err.MsgWrite(ErrW,DCT_MSG_ACCOUNT_EXISTS_S, pAcct->GetTargetSam());
  2576. Mark(L"warnings",pAcct->GetType());
  2577. }
  2578. }
  2579. }
  2580. }
  2581. else
  2582. {
  2583. Mark(L"created", pAcct->GetType());
  2584. pAcct->MarkCreated();
  2585. BSTR sTgtPath = NULL;
  2586. HRESULT temphr = pAds->get_ADsPath(&sTgtPath);
  2587. if ( SUCCEEDED(temphr) )
  2588. {
  2589. pAcct->SetTargetPath(sTgtPath);
  2590. SysFreeString(sTgtPath);
  2591. }
  2592. else
  2593. pAcct->SetTargetPath(L"");
  2594. // Add computers to
  2595. if ( !_wcsicmp(sClass,L"computer") )
  2596. {
  2597. IADsGroup * pGroup = GetWellKnownTargetGroup(DOMAIN_COMPUTERS,pOptions);
  2598. if ( pGroup )
  2599. {
  2600. temphr = pGroup->Add(SysAllocString(pAcct->GetTargetPath()));
  2601. pGroup->Release();
  2602. if ( SUCCEEDED(temphr) )
  2603. {
  2604. // if we successfully added the computer to Domain computers, now set Domain Computers as
  2605. // the primary group
  2606. temphr = pAds->Put(L"primaryGroupID",_variant_t(LONG(515)));
  2607. if ( SUCCEEDED(temphr) )
  2608. {
  2609. temphr = pAds->SetInfo();
  2610. }
  2611. if ( SUCCEEDED(hr) )
  2612. {
  2613. // if this worked, now we can remove the computer from Domain Users
  2614. pGroup = GetWellKnownTargetGroup(DOMAIN_USERS,pOptions);
  2615. if ( pGroup )
  2616. {
  2617. temphr = pGroup->Remove(SysAllocString(pAcct->GetTargetPath()));
  2618. pGroup->Release();
  2619. }
  2620. }
  2621. }
  2622. }
  2623. }
  2624. }
  2625. }
  2626. else
  2627. {
  2628. // This is the No change mode. All we need to do here is to see if there might be a collision.
  2629. WCHAR sPath[LEN_Path];
  2630. WCHAR sPath9[LEN_Path];
  2631. DWORD nPathLen = LEN_Path;
  2632. WCHAR path9[LEN_Path];
  2633. IADs * pAdsNew = NULL;
  2634. BOOL bConflict = FALSE;
  2635. /* see if the CN conflicts */
  2636. // Build the path to the target object
  2637. MakeFullyQualifiedAdsPath(sPath9, nPathLen, pOptions->tgtOUPath, pOptions->tgtDomain, pOptions->tgtNamingContext);
  2638. WCHAR * pRelativeTgtOUPath = wcschr(sPath9 + UStrLen(L"LDAP://") + 2,L'/');
  2639. if ( pRelativeTgtOUPath )
  2640. {
  2641. *pRelativeTgtOUPath = 0;
  2642. swprintf(path9,L"%ls/%ls,%ls",sPath9,pAcct->GetTargetName(),pRelativeTgtOUPath+1);
  2643. }
  2644. HRESULT temphr = ADsGetObject(path9, IID_IADs, (void**) &pAdsNew);
  2645. if (SUCCEEDED(temphr))
  2646. {
  2647. bConflict = TRUE;
  2648. pAdsNew->Release();
  2649. pAdsNew = NULL;
  2650. }
  2651. /* if no CN conflict, see if the SAM conflicts */
  2652. if (!bConflict)
  2653. {
  2654. hr = LookupAccountInTarget(pOptions, const_cast<WCHAR*>(pAcct->GetTargetSam()), sPath);
  2655. if ( hr == S_OK )
  2656. bConflict = TRUE;
  2657. }
  2658. if (!bConflict)
  2659. {
  2660. // There is no such account on the target. We can go ahead and assume that it would have worked.
  2661. hr = S_OK;
  2662. Mark(L"created", pAcct->GetType());
  2663. pAcct->MarkCreated();
  2664. //if the UPN conflicted, post a message
  2665. if (pAcct->bUPNConflicted)
  2666. err.MsgWrite(ErrE, DCT_MSG_UPN_CONF, pAcct->GetTargetSam());
  2667. }
  2668. else
  2669. {
  2670. bConflict = FALSE; //reset the conflict flag
  2671. // there is a conflict. See if we need to add prefix or suffix. Or simply replace the account.
  2672. if ( wcslen(pOptions->prefix) > 0 )
  2673. {
  2674. // Prefix was specified so we need to try that.
  2675. WCHAR tgt[LEN_Path];
  2676. WCHAR pref[LEN_Path], suf[LEN_Path];
  2677. _variant_t varStr;
  2678. // Here I am adding a prefix and then lets see if we can setinfo that way
  2679. // find the '=' sign
  2680. wcscpy(tgt, pAcct->GetTargetName());
  2681. for ( DWORD z = 0; z < wcslen(tgt); z++ )
  2682. {
  2683. if ( tgt[z] == L'=' ) break;
  2684. }
  2685. if ( z < wcslen(tgt) )
  2686. {
  2687. // Get the prefix part ex.CN=
  2688. wcsncpy(pref, tgt, z+1);
  2689. pref[z+1] = 0;
  2690. wcscpy(suf, tgt+z+1);
  2691. }
  2692. // Build the target string with the Prefix
  2693. wsprintf(tgt, L"%s%s%s", pref, pOptions->prefix, suf);
  2694. pAcct->SetTargetName(tgt);
  2695. // Build the target SAM name with the prefix.
  2696. wsprintf(tgt, L"%s%s", pOptions->prefix, pAcct->GetTargetSam());
  2697. StripSamName(tgt);
  2698. pAcct->SetTargetSam(tgt);
  2699. //see if the CN still conflicts
  2700. swprintf(path9,L"%ls/%ls,%ls",sPath9,pAcct->GetTargetName(),pRelativeTgtOUPath+1);
  2701. temphr = ADsGetObject(path9, IID_IADs, (void**) &pAdsNew);
  2702. if (SUCCEEDED(temphr))
  2703. {
  2704. bConflict = TRUE;
  2705. pAdsNew->Release();
  2706. pAdsNew = NULL;
  2707. }
  2708. //if no CN conflict, see if the SAM name conflicts
  2709. if (!bConflict)
  2710. {
  2711. hr = LookupAccountInTarget(pOptions, const_cast<WCHAR*>(pAcct->GetTargetSam()), sPath);
  2712. if ( hr == S_OK )
  2713. bConflict = TRUE;
  2714. }
  2715. if (!bConflict)
  2716. {
  2717. hr = 0;
  2718. Mark(L"created", sClass);
  2719. pAcct->MarkCreated();
  2720. }
  2721. else
  2722. {
  2723. hr = HRESULT_FROM_WIN32(ERROR_OBJECT_ALREADY_EXISTS);
  2724. pAcct->MarkAlreadyThere();
  2725. err.MsgWrite(ErrE, DCT_MSG_ACCOUNT_EXISTS_S, pAcct->GetTargetSam());
  2726. Mark(L"errors",pAcct->GetType());
  2727. }
  2728. //if the UPN conflicted, post a message
  2729. if (pAcct->bUPNConflicted)
  2730. err.MsgWrite(ErrE, DCT_MSG_UPN_CONF, pAcct->GetTargetSam());
  2731. }
  2732. else if ( wcslen(pOptions->suffix) > 0 )
  2733. {
  2734. // Suffix was specified so we will try that.
  2735. WCHAR tgt[LEN_Path];
  2736. _variant_t varStr;
  2737. // Here I am adding a prefix and then lets see if we can setinfo that way
  2738. wsprintf(tgt, L"%s%s", pAcct->GetTargetName(), pOptions->suffix);
  2739. // Build the target SAM name with the prefix.
  2740. wsprintf(tgt, L"%s%s", pAcct->GetTargetSam(), pOptions->suffix);
  2741. StripSamName(tgt);
  2742. pAcct->SetTargetSam(tgt);
  2743. //see if the CN still conflicts
  2744. swprintf(path9,L"%ls/%ls,%ls",sPath9,pAcct->GetTargetName(),pRelativeTgtOUPath+1);
  2745. temphr = ADsGetObject(path9, IID_IADs, (void**) &pAdsNew);
  2746. if (SUCCEEDED(temphr))
  2747. {
  2748. bConflict = TRUE;
  2749. pAdsNew->Release();
  2750. pAdsNew = NULL;
  2751. }
  2752. //if no CN conflict, see if the SAM name conflicts
  2753. if (!bConflict)
  2754. {
  2755. hr = LookupAccountInTarget(pOptions, const_cast<WCHAR*>(pAcct->GetTargetSam()), sPath);
  2756. if ( hr == S_OK )
  2757. bConflict = TRUE;
  2758. }
  2759. if (!bConflict)
  2760. {
  2761. hr = 0;
  2762. Mark(L"created", sClass);
  2763. pAcct->MarkCreated();
  2764. }
  2765. else
  2766. {
  2767. hr = HRESULT_FROM_WIN32(ERROR_OBJECT_ALREADY_EXISTS);
  2768. pAcct->MarkAlreadyThere();
  2769. err.MsgWrite(ErrE, DCT_MSG_ACCOUNT_EXISTS_S, pAcct->GetTargetSam());
  2770. Mark(L"errors",pAcct->GetType());
  2771. }
  2772. //if the UPN conflicted, post a message
  2773. if (pAcct->bUPNConflicted)
  2774. err.MsgWrite(ErrE, DCT_MSG_UPN_CONF, pAcct->GetTargetSam());
  2775. }
  2776. else if (pOptions->flags & F_REPLACE)
  2777. {
  2778. // Replace the account.
  2779. hr = HRESULT_FROM_WIN32(ERROR_OBJECT_ALREADY_EXISTS);
  2780. }
  2781. else
  2782. {
  2783. // The account is already there and we really cant do anything about it. So tell the user.
  2784. hr = HRESULT_FROM_WIN32(ERROR_OBJECT_ALREADY_EXISTS);
  2785. pAcct->MarkAlreadyThere();
  2786. err.MsgWrite(ErrE, DCT_MSG_ACCOUNT_EXISTS_S, pAcct->GetTargetSam());
  2787. Mark(L"errors",pAcct->GetType());
  2788. }
  2789. }
  2790. }
  2791. // Cleanup
  2792. pCont->Release();
  2793. pAds->Release();
  2794. return hr;
  2795. }
  2796. void VariantSidToString(_variant_t & varSid)
  2797. {
  2798. if ( varSid.vt == VT_BSTR )
  2799. {
  2800. return;
  2801. }
  2802. else if ( varSid.vt == ( VT_ARRAY | VT_UI1) )
  2803. {
  2804. // convert the array of bits to a string
  2805. CLdapConnection c;
  2806. LPBYTE pByte = NULL;
  2807. WCHAR str[LEN_Path];
  2808. SafeArrayAccessData(varSid.parray,(void**)&pByte);
  2809. c.BytesToString(pByte,str,GetLengthSid(pByte));
  2810. SafeArrayUnaccessData(varSid.parray);
  2811. varSid = SysAllocString(str);
  2812. }
  2813. else
  2814. {
  2815. varSid.ChangeType(VT_BSTR);
  2816. }
  2817. }
  2818. HRESULT CAcctRepl::UpdateGroupMembership(
  2819. Options * pOptions, //in -Options set by the user
  2820. TNodeListSortable * acctlist, //in -List of all accounts being copied
  2821. ProgressFn * progress, //in -Progress update
  2822. IStatusObj * pStatus //in -Status update
  2823. )
  2824. {
  2825. IADsGroup * pGroup = NULL;
  2826. IADsGroup * pTarget = NULL;
  2827. IADsMembers * pMem = NULL;
  2828. IVarSetPtr pVs(__uuidof(VarSet));
  2829. TAcctReplNode * acct = NULL;
  2830. MCSDCTWORKEROBJECTSLib::IAccessCheckerPtr pAccess(__uuidof(MCSDCTWORKEROBJECTSLib::AccessChecker));
  2831. IEnumVARIANT * pVar = NULL;
  2832. _variant_t var, v2;
  2833. BSTR sPath;
  2834. WCHAR sTgtPath[LEN_Path];
  2835. _bstr_t sSam;
  2836. IADs * pAds = NULL;
  2837. IIManageDBPtr pDB = pOptions->pDb;
  2838. IUnknown * pUnk = NULL;
  2839. TNodeTreeEnum tenum;
  2840. HRESULT hr = S_OK;
  2841. DWORD ret = 0;
  2842. IDispatch * pDisp = NULL;
  2843. bool bFoundGroups = false;
  2844. WCHAR sDomain[LEN_Path];
  2845. BSTR sClass;
  2846. DWORD grpType = 0;
  2847. pVs->QueryInterface(IID_IUnknown, (void**)&pUnk);
  2848. // sort the account list by Source Type\Source Sam Name
  2849. if ( acctlist->IsTree() ) acctlist->ToSorted();
  2850. acctlist->SortedToScrambledTree();
  2851. acctlist->Sort(&TNodeCompareAccountSam);
  2852. acctlist->Balance();
  2853. for ( acct = (TAcctReplNode *)tenum.OpenFirst(acctlist) ; acct ; acct = (TAcctReplNode *)tenum.Next() )
  2854. {
  2855. if ( !acct->ProcessMem() )
  2856. continue;
  2857. if ( pStatus )
  2858. {
  2859. LONG status = 0;
  2860. HRESULT hr = pStatus->get_Status(&status);
  2861. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  2862. {
  2863. if ( !bAbortMessageWritten )
  2864. {
  2865. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  2866. bAbortMessageWritten = true;
  2867. }
  2868. break;
  2869. }
  2870. }
  2871. // Since the list is sorted by account type we can continue to ignore everything till we get to the
  2872. // group type and once it is found and processed the rest of types can be ignored
  2873. if ( _wcsicmp(acct->GetType(), L"group") != 0 )
  2874. {
  2875. if ( !bFoundGroups )
  2876. continue;
  2877. else
  2878. break;
  2879. }
  2880. else
  2881. {
  2882. bFoundGroups = true;
  2883. }
  2884. // If we are here this must be a group type so tell the progrss function what we are doing
  2885. WCHAR mesg[LEN_Path];
  2886. PSID pSid = NULL;
  2887. bool bGotPrimaryGroups = false;
  2888. wsprintf(mesg, GET_STRING(IDS_UPDATING_GROUP_MEMBERSHIPS_S), acct->GetName());
  2889. if ( progress )
  2890. progress(mesg);
  2891. if ( acct->CreateAccount() && (!acct->WasCreated() && !acct->WasReplaced()) )
  2892. // if the account was not copied then why should we even process it?
  2893. // Bad idea. We need to process the account membership because the group may have been previously copied and
  2894. // in this run we simply need to update the membership. Changing the expansion code to mark the account as created.
  2895. // that should fix the problem.
  2896. continue;
  2897. if ( !_wcsicmp(acct->GetType(), L"group") && *acct->GetTargetPath() )
  2898. {
  2899. err.MsgWrite(0, DCT_MSG_PROCESSING_GROUP_MEMBER_S, (WCHAR*) acct->GetTargetName());
  2900. if ( !pOptions->nochange )
  2901. {
  2902. hr = ADsGetObject(const_cast<WCHAR*>(acct->GetTargetPath()), IID_IADsGroup, (void**) &pTarget);
  2903. if (FAILED(hr))
  2904. {
  2905. err.SysMsgWrite(ErrE, 0, DCT_MSG_OBJECT_NOT_FOUND_SSD, acct->GetTargetPath(), pOptions->tgtDomain, hr );
  2906. Mark(L"errors", acct->GetType());
  2907. continue; // we cant possibly do any thing without the source group
  2908. }
  2909. }
  2910. else
  2911. hr = S_OK;
  2912. hr = GetTargetGroupType(const_cast<WCHAR*>(acct->GetTargetPath()), grpType);
  2913. hr = ADsGetObject(const_cast<WCHAR*>(acct->GetSourcePath()), IID_IADsGroup, (void**) &pGroup);
  2914. if (FAILED(hr))
  2915. {
  2916. if ( pTarget )pTarget->Release();
  2917. err.SysMsgWrite(ErrE, 0, DCT_MSG_OBJECT_NOT_FOUND_SSD, acct->GetSourcePath(), pOptions->srcDomain, hr );
  2918. Mark(L"errors", acct->GetType());
  2919. continue; // we cant possibly do any thing for this group without the target group
  2920. }
  2921. // Now we get the members interface.
  2922. if ( SUCCEEDED(hr) )
  2923. hr = pGroup->Members(&pMem);
  2924. // Ask for an enumeration of the members
  2925. if ( SUCCEEDED(hr) )
  2926. hr = pMem->get__NewEnum((IUnknown **)&pVar);
  2927. // Now enumerate through all the objects in the Group
  2928. while ( SUCCEEDED(pVar->Next(1, &var, &ret)) )
  2929. {
  2930. // Check if user wants to abort the operation
  2931. if ( pOptions->pStatus )
  2932. {
  2933. LONG status = 0;
  2934. HRESULT hr = pOptions->pStatus->get_Status(&status);
  2935. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  2936. {
  2937. if ( !bAbortMessageWritten )
  2938. {
  2939. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  2940. bAbortMessageWritten = true;
  2941. }
  2942. break;
  2943. }
  2944. }
  2945. // If no values are returned that means we are done with all members
  2946. if ( ret == 0 || var.vt == VT_EMPTY)
  2947. {
  2948. if ( bGotPrimaryGroups )
  2949. break;
  2950. else
  2951. {
  2952. // Go through and add all the users that have this group as their primary group.
  2953. bGotPrimaryGroups = true;
  2954. if (pVar) pVar->Release();
  2955. pVar = NULL;
  2956. hr = GetThePrimaryGroupMembers(pOptions, const_cast<WCHAR*>(acct->GetSourceSam()), pVar);
  2957. continue;
  2958. }
  2959. }
  2960. // Depending on what we are looking at we get two variant types. In case of members we get
  2961. // IDispatch pointer in a variant. In case of primary group members we get variant(bstr) array
  2962. // So we need to branch here depending on what we get
  2963. if ( bGotPrimaryGroups )
  2964. {
  2965. // first element is the ADsPath of the object so use that to get the object and continue
  2966. if ( var.vt == (VT_ARRAY | VT_VARIANT) )
  2967. {
  2968. SAFEARRAY * pArray = var.parray;
  2969. _variant_t * pDt;
  2970. hr = SafeArrayAccessData(pArray, (void**) &pDt);
  2971. if (SUCCEEDED(hr))
  2972. {
  2973. if ( pDt[0].vt == VT_BSTR )
  2974. hr = ADsGetObject((WCHAR*)pDt[0].bstrVal, IID_IADs, (void**) &pAds);
  2975. else
  2976. hr = E_FAIL;
  2977. SafeArrayUnaccessData(pArray);
  2978. }
  2979. VariantInit(&var);
  2980. }
  2981. else
  2982. hr = E_FAIL;
  2983. }
  2984. else
  2985. {
  2986. // We have a dispatch pointer in the VARIANT so we will get the IADs pointer to it and
  2987. // then get the ADs path to that object and then remove it from the group
  2988. pDisp = V_DISPATCH(&var);
  2989. hr = pDisp->QueryInterface(IID_IADs, (void**) &pAds);
  2990. }
  2991. if ( SUCCEEDED(hr) )
  2992. {
  2993. hr = pAds->get_ADsPath(&sPath);
  2994. if ( SUCCEEDED(hr) )
  2995. {
  2996. // Parse out the domain name from the LDAP path.
  2997. if ( !wcsncmp(L"WinNT://", (WCHAR*)sPath, 8) )
  2998. {
  2999. //Grab the domain name from the WinNT path.
  3000. WCHAR sTemp[LEN_Path];
  3001. WCHAR * p = (WCHAR*)sPath;
  3002. wcscpy(sTemp, p+8);
  3003. p = wcschr(sTemp, L'/');
  3004. if ( p )
  3005. *p = L'\0';
  3006. else
  3007. {
  3008. //we have the path in this format "WinNT://S-1-5....."
  3009. // in this case we need to get the SID and then try and get its domain and account name
  3010. PSID pSid = NULL;
  3011. WCHAR sName[255];
  3012. DWORD rc = 1;
  3013. pSid = SidFromString(sTemp);
  3014. if ( pSid )
  3015. {
  3016. rc = GetName(pSid, sName, sTemp);
  3017. if ( !rc )
  3018. {
  3019. // Give it a winnt path. This way we get the path that we can use
  3020. sPath = _bstr_t(L"WinNT://") + sTemp + _bstr_t(L"/") + sName;
  3021. }
  3022. FreeSid(pSid);
  3023. }
  3024. if ( rc )
  3025. {
  3026. // Log a message that we cant resolve this guy
  3027. err.SysMsgWrite(ErrE, rc, DCT_MSG_PATH_NOT_RESOLVED_SD, sTemp, rc);
  3028. if ( pAds ) pAds->Release();
  3029. pAds = NULL;
  3030. Mark("errors", acct->GetType());
  3031. continue;
  3032. }
  3033. }
  3034. wcscpy(sDomain, sTemp);
  3035. }
  3036. else
  3037. {
  3038. // Get the domain name from the LDAP path. Convert domain name to the NETBIOS name.
  3039. WCHAR sTemp[LEN_Path];
  3040. WCHAR sp[LEN_Path];
  3041. WCHAR * p = (WCHAR*)sPath;
  3042. wcscpy(sTemp, p+7);
  3043. p = wcschr(sTemp, L'/');
  3044. if ( p )
  3045. *p = L'\0';
  3046. // Now run this domain name through the Function to get the NETBIOS name.
  3047. GetDnsAndNetbiosFromName(sTemp, sDomain, sp);
  3048. }
  3049. }
  3050. if ( SUCCEEDED(hr) )
  3051. {
  3052. if ( !(acct->GetGroupType() & 4) )
  3053. {
  3054. // Global/Universal groups are easy all we have to do is use the path we got back and get the info from that object
  3055. hr = pAds->get_Class(&sClass);
  3056. hr = pAds->Get(L"samAccountName", &v2);
  3057. if ( SUCCEEDED(hr) )
  3058. sSam = v2;
  3059. else
  3060. {
  3061. // make sure it is a WinNT:// path
  3062. sSam = L"";
  3063. if ( !wcsncmp((WCHAR*)sPath, L"WinNT://", 8) )
  3064. {
  3065. // it must be a non NT4 account we are going to have to parse the path to get samName
  3066. // ignore the WinNT://<domain>/ part and you got yourself the sam name
  3067. WCHAR * t = (WCHAR*) sPath;
  3068. WCHAR * sTemp = wcschr(t+(8), L'/');
  3069. if ( sTemp )
  3070. {
  3071. sSam = ++sTemp;
  3072. hr = S_OK;
  3073. }
  3074. }
  3075. }
  3076. //if universal group change domain if foreign security principal
  3077. if ((acct->GetGroupType() & 8))
  3078. {
  3079. _bstr_t sTempDomain = GetDomainOfMigratedForeignSecPrincipal(sPath);
  3080. if (sTempDomain.length())
  3081. wcscpy(sDomain, sTempDomain);
  3082. }
  3083. }
  3084. else
  3085. {
  3086. // Local group we need to get the SID LDAP path and then use that to add the account to the group.
  3087. WCHAR sSidPath[LEN_Path];
  3088. WCHAR sSamName[LEN_Path];
  3089. HRESULT hrGetSid;
  3090. if ( pSid )
  3091. {
  3092. delete pSid;
  3093. pSid = NULL;
  3094. }
  3095. hrGetSid = BuildSidPath(sPath, sSidPath, sSamName, sDomain, pOptions,&pSid);
  3096. if (SUCCEEDED(hrGetSid))
  3097. {
  3098. _bstr_t sTempDomain = GetDomainOfMigratedForeignSecPrincipal(sPath);
  3099. if (sTempDomain.length())
  3100. wcscpy(sDomain, sTempDomain);
  3101. sPath = sSidPath;
  3102. sSam = sSamName;
  3103. }
  3104. }
  3105. }
  3106. }
  3107. if ( pAds ) pAds->Release();
  3108. if ( SUCCEEDED(hr) )
  3109. {
  3110. // Now that we have the SamAccountname and the path we can lookup the info from the DB
  3111. hr = pDB->GetAMigratedObject((WCHAR*)sSam, sDomain, pOptions->tgtDomain, &pUnk);
  3112. if ( pOptions->nochange )
  3113. {
  3114. WCHAR targetPath[LEN_Path];
  3115. // in this case the account was not really copied so we need to make sure that we
  3116. // we include the accounts that would have been added if this was a true migration.
  3117. Lookup p;
  3118. p.pName = (WCHAR*) sSam;
  3119. p.pType = (WCHAR*) sClass;
  3120. TAcctReplNode * pNode = (TAcctReplNode *) acctlist->Find(&TNodeFindAccountName, &p);
  3121. if (pNode)
  3122. {
  3123. v2 = pNode->GetTargetSam();
  3124. pVs->put(L"MigratedObjects.TargetSamName", v2);
  3125. v2 = pNode->GetTargetName();
  3126. BuildTargetPath( (WCHAR*) v2.bstrVal, pOptions->tgtOUPath, targetPath);
  3127. v2 = targetPath;
  3128. pVs->put(L"MigratedObjects.TargetAdsPath", v2);
  3129. hr = S_OK;
  3130. }
  3131. }
  3132. if ( hr == S_OK )
  3133. {
  3134. // Since we have previously copied the account we can simply add the one that we copied.
  3135. v2 = pVs->get(L"MigratedObjects.TargetAdsPath");
  3136. if ( v2.vt == VT_BSTR )
  3137. {
  3138. if ( !pOptions->nochange )
  3139. hr = pTarget->Add(v2.bstrVal);
  3140. else
  3141. hr = S_OK;
  3142. if ( SUCCEEDED(hr) )
  3143. {
  3144. err.MsgWrite(0, DCT_MSG_ADDED_TO_GROUP_S, (WCHAR*)v2.bstrVal);
  3145. //if this is not a global group, remove the source account from the group, if there
  3146. if (!(acct->GetGroupType() & 2))
  3147. RemoveSourceAccountFromGroup(pTarget, pVs, pOptions);
  3148. }
  3149. else
  3150. {
  3151. hr = BetterHR(hr);
  3152. switch ( HRESULT_CODE(hr) )
  3153. {
  3154. case NERR_UserNotFound:
  3155. case 0x5000:
  3156. err.SysMsgWrite(0, hr, DCT_MSG_MEMBER_NONEXIST_SS, (WCHAR *)v2.bstrVal, acct->GetTargetName(), hr);
  3157. break;
  3158. default:
  3159. {
  3160. err.SysMsgWrite(ErrW, hr, DCT_MSG_FAILED_TO_ADD_TO_GROUP_SSD, (WCHAR *)v2.bstrVal, acct->GetTargetName(), hr);
  3161. Mark(L"warnings", acct->GetType());
  3162. }
  3163. }
  3164. }
  3165. }
  3166. }
  3167. else
  3168. {
  3169. // We have not migrated the accounts from source domain to the target domain.
  3170. // so we now have to branch for different group types.
  3171. WCHAR domain[LEN_Path];
  3172. DWORD cbDomain = DIM(domain);
  3173. // DWORD rc = 0;
  3174. SID_NAME_USE use;
  3175. if ( grpType & 2 )
  3176. {
  3177. // For the global groups we simply say that account has not been migrated.
  3178. err.MsgWrite(0, DCT_MSG_MEMBER_NONEXIST_SS, (WCHAR*)sSam, acct->GetTargetName());
  3179. }
  3180. else
  3181. {
  3182. //Process local/universal groups ( can add objects from non-target domains )
  3183. // 1. See if we have migrated this account to some other domain.
  3184. // 2. Is the Source accounts SID valid here (trust) if so add that.
  3185. // 3. See if we can find an account with the same name in the target.
  3186. // if any of these operations yield a valid account then just add it.
  3187. // we are going to lookup migrated objects table to find migration of this object
  3188. // from source domain to any other domain.
  3189. hr = pDB->raw_GetAMigratedObjectToAnyDomain((WCHAR*)sSam, sDomain, &pUnk);
  3190. if ( hr == S_OK )
  3191. {
  3192. // we have migrated the object to some other domain. So we will get the path to that object and try to add it to the group
  3193. // it may fail if there is no trust/forest membership of the target domain and the domain that this object resides in.
  3194. v2 = pVs->get(L"MigratedObjects.TargetAdsPath");
  3195. if ( v2.vt == VT_BSTR )
  3196. {
  3197. // Since the object is in a different domain, we will have to get the SID of the object,
  3198. // and use that for the Add
  3199. IADs * pAds = NULL;
  3200. _variant_t varSid;
  3201. hr = ADsGetObject(v2.bstrVal,IID_IADs,(void**)&pAds);
  3202. if ( SUCCEEDED(hr) )
  3203. {
  3204. hr = pAds->Get(SysAllocString(L"objectSid"),&varSid);
  3205. pAds->Release();
  3206. }
  3207. if ( SUCCEEDED(hr) )
  3208. {
  3209. // Make sure the SID we got was in string format
  3210. VariantSidToString(varSid);
  3211. UStrCpy(sTgtPath,L"LDAP://<SID=");
  3212. UStrCpy(sTgtPath + UStrLen(sTgtPath),varSid.bstrVal);
  3213. UStrCpy(sTgtPath + UStrLen(sTgtPath),L">");
  3214. if ( !pOptions->nochange )
  3215. hr = pTarget->Add(sTgtPath);
  3216. else
  3217. hr = S_OK;
  3218. }
  3219. if ( SUCCEEDED(hr) )
  3220. {
  3221. err.MsgWrite(0, DCT_MSG_ADDED_TO_GROUP_S, (WCHAR*)v2.bstrVal);
  3222. //remove the source account from the group, if there
  3223. RemoveSourceAccountFromGroup(pTarget, pVs, pOptions);
  3224. }
  3225. else
  3226. {
  3227. hr = BetterHR(hr);
  3228. if ( HRESULT_CODE(hr) == NERR_UserExists )
  3229. {
  3230. err.MsgWrite(0,DCT_MSG_USER_IN_GROUP_SS,(WCHAR*)v2.bstrVal,acct->GetTargetName());
  3231. }
  3232. else if ( HRESULT_CODE(hr) == NERR_UserNotFound )
  3233. {
  3234. err.SysMsgWrite(0, hr, DCT_MSG_MEMBER_NONEXIST_SS, (WCHAR*)v2.bstrVal, acct->GetTargetName(), hr);
  3235. }
  3236. else
  3237. {
  3238. // message for the generic failure case
  3239. err.SysMsgWrite(ErrW, hr, DCT_MSG_FAILED_TO_ADD_TO_GROUP_SSD, (WCHAR*)v2.bstrVal, acct->GetTargetName(), hr);
  3240. Mark(L"warnings", acct->GetType());
  3241. }
  3242. }
  3243. }
  3244. }
  3245. else
  3246. {
  3247. // we have never migrated this account. So we will try to add the original account to the target domain.
  3248. // This would work if the target domain and the domain where this object is satisfy the requirements of
  3249. // forest membership/ trusts imposed by Universal/Local groups respectively.
  3250. // Get the sid of the source account
  3251. // IADs * pAds = NULL;
  3252. _variant_t varSid;
  3253. // check whether the target domain knows this sid
  3254. // Before we try to add, make sure the target domain knows this account
  3255. WCHAR name[LEN_Path];
  3256. DWORD lenName = DIM(name);
  3257. cbDomain = DIM(domain);
  3258. if ( grpType & 8 )
  3259. {
  3260. // in case of the Universal group we need to make sure that domains are in
  3261. // the same forest. We will use access checker for this
  3262. BOOL bIsSame = FALSE;
  3263. _bstr_t sSrcDomainDNS = GetDomainDNSFromPath(sPath);
  3264. hr = pAccess->raw_IsInSameForest(pOptions->tgtDomainDns, sSrcDomainDNS, (long*)&bIsSame);
  3265. if ( SUCCEEDED(hr) && bIsSame )
  3266. {
  3267. // We have accounts that are in same forest so we can simply add the account.
  3268. if ( !pOptions->nochange )
  3269. hr = pTarget->Add(sPath);
  3270. else
  3271. hr = S_OK;
  3272. }
  3273. else
  3274. hr = HRESULT_FROM_WIN32(NERR_UserNotFound);
  3275. if ( SUCCEEDED(hr) )
  3276. {
  3277. WCHAR sWholeName[LEN_Path];
  3278. wcscpy(sWholeName, sSrcDomainDNS);
  3279. wcscat(sWholeName, L"\\");
  3280. wcscat(sWholeName, sSam);
  3281. err.MsgWrite(0, DCT_MSG_ADDED_TO_GROUP_S, sWholeName);
  3282. }
  3283. else
  3284. {
  3285. hr = BetterHR(hr);
  3286. err.SysMsgWrite(ErrW, hr, DCT_MSG_FAILED_TO_ADD_TO_GROUP_SSD, (WCHAR*) sSam, acct->GetTargetName(), hr);
  3287. Mark(L"warnings", acct->GetType());
  3288. }
  3289. }
  3290. else
  3291. {
  3292. if ( !pOptions->nochange )
  3293. hr = pTarget->Add(sPath);
  3294. else
  3295. hr = S_OK;
  3296. // In case of local groups If we know the SID in the target domain then we can simply
  3297. // add that account to the target group
  3298. if ( LookupAccountSid(pOptions->tgtComp,pSid,name,&lenName,domain,&cbDomain,&use) )
  3299. {
  3300. WCHAR sWholeName[LEN_Path];
  3301. wcscpy(sWholeName, domain);
  3302. wcscat(sWholeName, L"\\");
  3303. wcscat(sWholeName, sSam);
  3304. err.MsgWrite(0, DCT_MSG_ADDED_TO_GROUP_S, sWholeName);
  3305. }
  3306. else
  3307. {
  3308. // log the fact that the SID could not be resolved in the target domain
  3309. // this will happen when the target domain does not trust the source domain
  3310. WCHAR sWholeName[LEN_Path];
  3311. wcscpy(sWholeName, sDomain);
  3312. wcscat(sWholeName, L"\\");
  3313. wcscat(sWholeName, sSam);
  3314. err.MsgWrite(0, DCT_MSG_CANNOT_RESOLVE_SID_IN_TARGET_SS, sWholeName, acct->GetTargetName(), HRESULT_FROM_WIN32(GetLastError()));
  3315. }
  3316. }
  3317. }
  3318. } // if group type
  3319. } // if not migrated to the target domain.
  3320. } // if can get to the member.
  3321. VariantClear(&var);
  3322. } //while
  3323. if ( pMem ) pMem->Release();
  3324. if ( pGroup ) pGroup->Release();
  3325. if ( pVar ) pVar->Release();
  3326. if ( pTarget ) pTarget->Release();
  3327. }
  3328. if( pSid )
  3329. delete pSid;
  3330. }
  3331. if ( pUnk )
  3332. pUnk->Release();
  3333. return hr;
  3334. }
  3335. HRESULT CAcctRepl::LookupAccountInTarget(Options * pOptions, WCHAR * sSam, WCHAR * sPath)
  3336. {
  3337. if ( pOptions->tgtDomainVer < 5 )
  3338. {
  3339. // for NT4 we can just build the path and send it back.
  3340. wsprintf(sPath, L"WinNT://%s/%s", pOptions->tgtDomain, sSam);
  3341. return S_OK;
  3342. }
  3343. // Use the net object enumerator to lookup the account in the target domain.
  3344. INetObjEnumeratorPtr pQuery(__uuidof(NetObjEnumerator));
  3345. IEnumVARIANT * pEnum = NULL;
  3346. SAFEARRAYBOUND bd = { 1, 0 };
  3347. SAFEARRAY * pszColNames;
  3348. BSTR HUGEP * pData = NULL;
  3349. LPWSTR sData[] = { L"aDSPath" };
  3350. WCHAR sQuery[LEN_Path];
  3351. WCHAR sDomPath[LEN_Path];
  3352. DWORD ret = 0;
  3353. _variant_t var, varVal;
  3354. HRESULT hr = S_OK;
  3355. wsprintf(sDomPath, L"LDAP://%s/%s", pOptions->tgtDomainDns, pOptions->tgtNamingContext);
  3356. WCHAR sTempSamName[LEN_Path];
  3357. wcscpy(sTempSamName, sSam);
  3358. if ( sTempSamName[0] == L' ' )
  3359. {
  3360. WCHAR sTemp[LEN_Path];
  3361. wsprintf(sTemp, L"\\20%s", sTempSamName + 1);
  3362. wcscpy(sTempSamName, sTemp);
  3363. }
  3364. wsprintf(sQuery, L"(sAMAccountName=%s)", sTempSamName);
  3365. hr = pQuery->raw_SetQuery(sDomPath, pOptions->tgtDomain, sQuery, ADS_SCOPE_SUBTREE, FALSE);
  3366. // Set up the columns that we want back from the query ( in this case we need SAM accountname )
  3367. pszColNames = ::SafeArrayCreate(VT_BSTR, 1, &bd);
  3368. hr = ::SafeArrayAccessData(pszColNames, (void HUGEP **)&pData);
  3369. if ( SUCCEEDED(hr) )
  3370. pData[0] = SysAllocString(sData[0]);
  3371. if ( SUCCEEDED(hr) )
  3372. hr = ::SafeArrayUnaccessData(pszColNames);
  3373. if ( SUCCEEDED(hr) )
  3374. hr = pQuery->raw_SetColumns(pszColNames);
  3375. // Time to execute the plan.
  3376. if ( SUCCEEDED(hr) )
  3377. hr = pQuery->raw_Execute(&pEnum);
  3378. if ( SUCCEEDED(hr) )
  3379. {
  3380. // if this worked that means we can only have one thing in the result.
  3381. if ( (pEnum->Next(1, &var, &ret) == S_OK) && ( ret > 0 ) )
  3382. {
  3383. SAFEARRAY * pArray = var.parray;
  3384. long ndx = 0;
  3385. hr = SafeArrayGetElement(pArray,&ndx,&varVal);
  3386. if ( SUCCEEDED(hr) )
  3387. wcscpy(sPath, (WCHAR*)varVal.bstrVal);
  3388. else
  3389. hr = HRESULT_FROM_WIN32(NERR_UserNotFound);
  3390. }
  3391. else
  3392. hr = HRESULT_FROM_WIN32(NERR_UserNotFound);
  3393. VariantInit(&var);
  3394. }
  3395. if ( pEnum ) pEnum->Release();
  3396. return hr;
  3397. }
  3398. //----------------------------------------------------------------------------
  3399. // RemoveMembers : This function enumerates through all the members of the
  3400. // given group and removes them one at a time.
  3401. //----------------------------------------------------------------------------
  3402. HRESULT CAcctRepl::RemoveMembers(
  3403. TAcctReplNode * pAcct, //in- AccountReplicator Node with the Account info
  3404. Options * pOptions //in- Options set by the user.
  3405. )
  3406. {
  3407. IADsMembers * pMem = NULL;
  3408. IADs * pAds = NULL;
  3409. IADsGroup * pGrp = NULL;
  3410. // IUnknown * pUnk;
  3411. IEnumVARIANT * pVar = NULL;
  3412. IDispatch * pDisp = NULL;
  3413. DWORD ret = 0;
  3414. _variant_t var;
  3415. WCHAR * sPath;
  3416. // First we make sure that this is really a group otherwise we ignore it.
  3417. if (_wcsicmp((WCHAR*)pAcct->GetType(),L"group"))
  3418. return S_OK;
  3419. // Lets get a IADsGroup * to the group object.
  3420. HRESULT hr = ADsGetObject(const_cast<WCHAR*>(pAcct->GetTargetPath()), IID_IADsGroup, (void **) &pGrp);
  3421. // Now we get the members interface.
  3422. if ( SUCCEEDED(hr) )
  3423. hr = pGrp->Members(&pMem);
  3424. // Ask for an enumeration of the members
  3425. if ( SUCCEEDED(hr) )
  3426. hr = pMem->get__NewEnum((IUnknown **)&pVar);
  3427. // Now enumerate through all the objects in the Group and for each one remove it from the group
  3428. while ( SUCCEEDED(pVar->Next(1, &var, &ret)) )
  3429. {
  3430. // If no values are returned that means we are done with all members so break out of this loop
  3431. if ( ret == 0 )
  3432. break;
  3433. // We hace a dispatch pointer in the VARIANT so we will get the IADs pointer to it and
  3434. // then get the ADs path to that object and then remove it from the group
  3435. pDisp = V_DISPATCH(&var);
  3436. hr = pDisp->QueryInterface(IID_IADs, (void**) &pAds);
  3437. if ( SUCCEEDED(hr) )
  3438. hr = pAds->get_ADsPath(&sPath);
  3439. if ( pAds ) pAds->Release();
  3440. if ( SUCCEEDED(hr) )
  3441. {
  3442. _bstr_t bstrPath(sPath);
  3443. if ( !pOptions->nochange )
  3444. hr = pGrp->Remove(bstrPath);
  3445. }
  3446. VariantClear(&var);
  3447. }
  3448. if ( pMem ) pMem->Release();
  3449. if ( pGrp ) pGrp->Release();
  3450. if ( pVar ) pVar->Release();
  3451. return hr;
  3452. }
  3453. //----------------------------------------------------------------------------
  3454. // FillPathInfo : This function looks up the ADs path from the source domain
  3455. // for a given SAMAccountName
  3456. //----------------------------------------------------------------------------
  3457. bool CAcctRepl::FillPathInfo(
  3458. TAcctReplNode * pAcct, //in- AccountReplicator Node with the Account info
  3459. Options * pOptions //in- Options set by the user.
  3460. )
  3461. {
  3462. WCHAR sPath[LEN_Path];
  3463. _bstr_t sTgtPath;
  3464. WCHAR sQuery[LEN_Path];
  3465. // WCHAR sPrefix[LEN_Path];
  3466. // WCHAR sTgtName[LEN_Path];
  3467. WCHAR sProfPath[LEN_Path];
  3468. WCHAR sName[LEN_Path];
  3469. // Fill the naming context for the domains. If the Naming context does not work then it is not a Win2kDomain
  3470. // so we need to stop right here.
  3471. if ( wcslen(pOptions->srcNamingContext) == 0 )
  3472. FillNamingContext(pOptions);
  3473. if ( wcslen(pOptions->srcNamingContext) == 0 )
  3474. {
  3475. // this is probably an NT 4 source domain
  3476. // construct the source path
  3477. if ( ! *pAcct->GetSourcePath() )
  3478. {
  3479. swprintf(sPath,L"WinNT://%ls/%ls",pOptions->srcDomain,pAcct->GetName());
  3480. pAcct->SetSourcePath(sPath);
  3481. }
  3482. return true;
  3483. }
  3484. WCHAR strName[LEN_Path];
  3485. wcscpy(strName, pAcct->GetName());
  3486. // Check if the Name field is a LDAP sub path or not. If we have LDAP subpath then we
  3487. // call the AcctReplFullPath function to fillup the path information.
  3488. if ( (wcslen(strName) > 3) && (strName[2] == (L'=')) )
  3489. {
  3490. AcctReplFullPath(pAcct, pOptions);
  3491. return true;
  3492. }
  3493. INetObjEnumeratorPtr pQuery(__uuidof(NetObjEnumerator));
  3494. HRESULT hr;
  3495. LPWSTR sData[] = { L"ADsPath", L"distinguishedName", L"name", L"profilePath", L"groupType" };
  3496. long nElt = DIM(sData);
  3497. BSTR HUGEP * pData;
  3498. SAFEARRAY * pszColNames;
  3499. IEnumVARIANT * pEnum;
  3500. _variant_t var;
  3501. DWORD dwFetch;
  3502. // We are going to update all fields that we know about
  3503. // pAcct->SetSourceSam(pAcct->GetName());
  3504. // Set the LDAP path to the whole domain and then the query to the SAMAccountname
  3505. wsprintf(sPath, L"LDAP://%s/%s", pOptions->srcDomain, pOptions->srcNamingContext);
  3506. WCHAR sTempSamName[LEN_Path];
  3507. wcscpy(sTempSamName, pAcct->GetSourceSam());
  3508. if ( sTempSamName[0] == L' ' )
  3509. {
  3510. WCHAR sTemp[LEN_Path];
  3511. wsprintf(sTemp, L"\\20%s", sTempSamName + 1);
  3512. wcscpy(sTempSamName, sTemp);
  3513. }
  3514. wsprintf(sQuery, L"(sAMAccountName=%s)", sTempSamName);
  3515. // Set the enumerator query
  3516. hr = pQuery->raw_SetQuery(sPath, pOptions->srcDomain, sQuery, ADS_SCOPE_SUBTREE, FALSE);
  3517. if (SUCCEEDED(hr))
  3518. {
  3519. // Create a safearray of columns we need from the enumerator.
  3520. SAFEARRAYBOUND bd = { nElt, 0 };
  3521. pszColNames = ::SafeArrayCreate(VT_BSTR, 1, &bd);
  3522. HRESULT hr = ::SafeArrayAccessData(pszColNames, (void HUGEP **)&pData);
  3523. if ( SUCCEEDED(hr) )
  3524. {
  3525. for( long i = 0; i < nElt; i++)
  3526. {
  3527. pData[i] = SysAllocString(sData[i]);
  3528. }
  3529. hr = ::SafeArrayUnaccessData(pszColNames);
  3530. }
  3531. if (SUCCEEDED(hr))
  3532. {
  3533. // Set the columns on the enumerator object.
  3534. hr = pQuery->raw_SetColumns(pszColNames);
  3535. }
  3536. }
  3537. if (SUCCEEDED(hr))
  3538. {
  3539. // Now execute.
  3540. hr = pQuery->raw_Execute(&pEnum);
  3541. }
  3542. if (SUCCEEDED(hr))
  3543. {
  3544. // We should have recieved only one value. So we will get the value and set it into the Node.
  3545. hr = pEnum->Next(1, &var, &dwFetch);
  3546. }
  3547. if ( SUCCEEDED(hr) && ( var.vt & VT_ARRAY) )
  3548. {
  3549. // This would only happen if the member existed in the target domain.
  3550. // We now have a Variant containing an array of variants so we access the data
  3551. _variant_t * pVar;
  3552. pszColNames = V_ARRAY(&var);
  3553. SafeArrayAccessData(pszColNames, (void HUGEP **)&pVar);
  3554. // Get the AdsPath first
  3555. sTgtPath = pVar[0].bstrVal;
  3556. if (sTgtPath.length() > 0)
  3557. {
  3558. // Set the source Path in the Account node
  3559. pAcct->SetSourcePath(sTgtPath);
  3560. // Then we get the distinguishedName to get the prefix string
  3561. sTgtPath = V_BSTR(&pVar[1]);
  3562. // We also get the name value to set the target name
  3563. wcscpy(sName, (WCHAR*) V_BSTR(&pVar[2]));
  3564. // We also get the profile path so we can translate it
  3565. wcscpy(sProfPath, (WCHAR*) V_BSTR(&pVar[3]));
  3566. pAcct->SetTargetProfile(sProfPath);
  3567. if ( pVar[4].vt == VT_I4 )
  3568. {
  3569. // We have the object type property so lets set it.
  3570. pAcct->SetGroupType(pVar[4].lVal);
  3571. }
  3572. SafeArrayUnaccessData(pszColNames);
  3573. pEnum->Release();
  3574. VariantInit(&var);
  3575. return true;
  3576. }
  3577. else
  3578. {
  3579. //There is no account with this SAM name in this domain
  3580. err.SysMsgWrite(ErrE, 2, DCT_MSG_PATH_NOT_FOUND_SS, pAcct->GetName(), pOptions->tgtDomain);
  3581. Mark(L"errors", pAcct->GetType());
  3582. SafeArrayUnaccessData(pszColNames);
  3583. }
  3584. }
  3585. if (SUCCEEDED(hr))
  3586. pEnum->Release();
  3587. return false;
  3588. }
  3589. //--------------------------------------------------------------------------
  3590. // AcctReplFullPath : Fills up Account node when the account information
  3591. // coming in is a LDAP sub path.
  3592. //--------------------------------------------------------------------------
  3593. bool CAcctRepl::AcctReplFullPath(
  3594. TAcctReplNode * pAcct, //in- AccountReplicator Node with the Account info
  3595. Options * pOptions //in- Options set by the user.
  3596. )
  3597. {
  3598. WCHAR sName[LEN_Path];
  3599. WCHAR sPath[LEN_Path];
  3600. IADs * pAds;
  3601. _variant_t var;
  3602. // Build a full path and save it to the Account node
  3603. wsprintf(sPath, L"LDAP://%s/%s,%s", pOptions->srcDomain, pAcct->GetName(), pOptions->srcNamingContext);
  3604. pAcct->SetSourcePath(sPath);
  3605. // Do the same for Target account.
  3606. wcscpy(sName, pAcct->GetTargetName());
  3607. if ( !wcslen(sName) )
  3608. {
  3609. // Since Target name not specified we will go ahead and use the source name as the target name,
  3610. wcscpy(sName, pAcct->GetName());
  3611. pAcct->SetTargetName(sName);
  3612. }
  3613. // Build a full path from the sub path
  3614. /* wsprintf(sPath, L"LDAP://%s/%s,%s", pOptions->tgtDomain, sName, pOptions->tgtNamingContext);
  3615. pAcct->SetTargetPath(sPath);
  3616. */
  3617. // Lets try and get the SAM name for the source account
  3618. HRESULT hr = ADsGetObject(const_cast<WCHAR*>(pAcct->GetSourcePath()), IID_IADs, (void**) &pAds);
  3619. if ( FAILED(hr)) return false;
  3620. hr = pAds->Get(L"sAMAccountName", &var);
  3621. pAds->Release();
  3622. if ( SUCCEEDED(hr) )
  3623. pAcct->SetSourceSam((WCHAR*)var.bstrVal);
  3624. // SAM account name for the target account
  3625. // Since we are here we have a LDAP sub path. So we can copy string from 3rd character to end of line or
  3626. // till the first ','
  3627. wcscpy(sName, pAcct->GetTargetName());
  3628. WCHAR * p = wcschr(sName, L',');
  3629. int ndx = wcslen(sName);
  3630. if ( p )
  3631. {
  3632. // There is a , So we can find how many characters that is by subtracting two pointers
  3633. ndx = (int)(p - sName);
  3634. }
  3635. ndx -= 3; // We are going to ignore the first three characters
  3636. // Copy from third character on to the , or End of line this is going to be the SAM name for target
  3637. wcsncpy(sPath, sName + 3, ndx);
  3638. sPath[ndx] = 0; // Truncate it.
  3639. pAcct->SetTargetSam(sPath);
  3640. return true;
  3641. }
  3642. //--------------------------------------------------------------------------
  3643. // NeedToProcessAccount : This function tells us if the user has set the
  3644. // options to copy certain types of accounts.
  3645. //--------------------------------------------------------------------------
  3646. BOOL CAcctRepl::NeedToProcessAccount(
  3647. TAcctReplNode * pAcct, //in- AccountReplicator Node with the Account info
  3648. Options * pOptions //in- Options set by the user.
  3649. )
  3650. {
  3651. if (_wcsicmp(pAcct->GetType(), L"user") == 0)
  3652. return (pOptions->flags & F_USERS);
  3653. else if ( _wcsicmp(pAcct->GetType(), L"group") == 0)
  3654. return ((pOptions->flags & F_GROUP) || (pOptions->flags & F_LGROUP));
  3655. else if ( _wcsicmp(pAcct->GetType(), L"computer") == 0)
  3656. return pOptions->flags & F_COMPUTERS;
  3657. else if ( _wcsicmp(pAcct->GetType(), L"organizationalUnit") == 0)
  3658. return pOptions->flags & F_OUS;
  3659. else
  3660. {
  3661. err.MsgWrite(0,DCT_MSG_SKIPPING_OBJECT_TYPE_SS,pAcct->GetName(),pAcct->GetType());
  3662. return false;
  3663. }
  3664. }
  3665. // Compares the DC=...,DC=com part of two ads paths to determine if the objects
  3666. // are in the same domain.
  3667. BOOL CompareDCPath(WCHAR const * sPath, WCHAR const * sPath2)
  3668. {
  3669. WCHAR * p1 = NULL, * p2 = NULL;
  3670. p1 = wcsstr(sPath, L"DC=");
  3671. p2 = wcsstr(sPath2, L"DC=");
  3672. if ( p1 && p2 )
  3673. return !_wcsicmp(p1, p2);
  3674. else
  3675. return FALSE;
  3676. }
  3677. _bstr_t PadDN(_bstr_t sDN)
  3678. {
  3679. _bstr_t retVal = sDN;
  3680. int offset = 0;
  3681. WCHAR sLine[LEN_Path];
  3682. WCHAR sOut[LEN_Path];
  3683. safecopy(sLine, (WCHAR*) sDN);
  3684. for ( DWORD i = 0; i < wcslen(sLine); i++ )
  3685. {
  3686. if ( sLine[i] == L'/' )
  3687. {
  3688. sOut[i + offset] = L'\\';
  3689. offset++;
  3690. }
  3691. sOut[i + offset] = sLine[i];
  3692. }
  3693. sOut[i+offset] = 0;
  3694. retVal = sOut;
  3695. return retVal;
  3696. }
  3697. //--------------------------------------------------------------------------
  3698. // ExpandContainers : Adds all the members of a container/group to the
  3699. // account list recursively.
  3700. //--------------------------------------------------------------------------
  3701. BOOL CAcctRepl::ExpandContainers(
  3702. TNodeListSortable *acctlist, //in- Accounts being processed
  3703. Options *pOptions, //in- Options specified by the user
  3704. ProgressFn *progress //in- Show status
  3705. )
  3706. {
  3707. TAcctReplNode * pAcct;
  3708. IEnumVARIANT * pEnum;
  3709. HRESULT hr;
  3710. _variant_t var;
  3711. DWORD dwf;
  3712. INetObjEnumeratorPtr pQuery(__uuidof(NetObjEnumerator));
  3713. LPWSTR sCols[] = { L"member" };
  3714. LPWSTR sCols1[] = { L"ADsPath" };
  3715. int nElt = DIM(sCols);
  3716. SAFEARRAY * cols;
  3717. SAFEARRAY * vals;
  3718. SAFEARRAY * multiVals;
  3719. SAFEARRAYBOUND bd = { nElt, 0 };
  3720. BSTR HUGEP * pData = NULL;
  3721. // _bstr_t * pBstr = NULL;
  3722. _variant_t * pDt = NULL;
  3723. _variant_t * pVar = NULL;
  3724. _variant_t vx;
  3725. _bstr_t sCont, sQuery;
  3726. _bstr_t sPath;
  3727. _bstr_t sSam;
  3728. _bstr_t sType;
  3729. _bstr_t sName;
  3730. DWORD dwMaj, dwMin, dwSP;
  3731. // IIManageDBPtr pDb(__uuidof(IManageDB));
  3732. IVarSetPtr pVs(__uuidof(VarSet));
  3733. IUnknown * pUnk;
  3734. long lgrpType;
  3735. WCHAR sAcctType[LEN_Path];
  3736. WCHAR mesg[LEN_Path];
  3737. WCHAR sSourcePath[LEN_Path];
  3738. bool bExpanded = true;
  3739. pVs->QueryInterface(IID_IUnknown, (void **) &pUnk);
  3740. MCSDCTWORKEROBJECTSLib::IAccessCheckerPtr pAccess(__uuidof(MCSDCTWORKEROBJECTSLib::AccessChecker));
  3741. // Change from a tree to a sorted list
  3742. if ( acctlist->IsTree() ) acctlist->ToSorted();
  3743. // Check the domain type for the source domain.
  3744. hr = pAccess->raw_GetOsVersion(pOptions->srcComp, &dwMaj, &dwMin, &dwSP);
  3745. if (FAILED(hr)) return FALSE;
  3746. if ( dwMaj < 5 )
  3747. {
  3748. while ( bExpanded )
  3749. {
  3750. bExpanded = false;
  3751. pAcct = (TAcctReplNode *)acctlist->Head();
  3752. while (pAcct)
  3753. {
  3754. if ( pOptions->pStatus )
  3755. {
  3756. LONG status = 0;
  3757. HRESULT hr = pOptions->pStatus->get_Status(&status);
  3758. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  3759. {
  3760. if ( !bAbortMessageWritten )
  3761. {
  3762. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  3763. bAbortMessageWritten = true;
  3764. }
  3765. break;
  3766. }
  3767. }
  3768. // If we have already expanded the account then we dont need to process it again.
  3769. if ( pAcct->bExpanded )
  3770. {
  3771. pAcct = (TAcctReplNode *) pAcct->Next();
  3772. continue;
  3773. }
  3774. //Set the flag to say that we expanded something.
  3775. bExpanded = true;
  3776. pAcct->bExpanded = true;
  3777. if ( UStrICmp(pAcct->GetType(), L"group") || UStrICmp(pAcct->GetType(), L"lgroup") )
  3778. {
  3779. // Build the column array
  3780. cols = SafeArrayCreate(VT_BSTR, 1, &bd);
  3781. SafeArrayAccessData(cols, (void HUGEP **) &pData);
  3782. for ( int i = 0; i < nElt; i++)
  3783. pData[i] = SysAllocString(sCols1[i]);
  3784. SafeArrayUnaccessData(cols);
  3785. // Build the NT4 recognizable container name
  3786. sCont = _bstr_t(pAcct->GetName()) + L",CN=GROUPS";
  3787. sQuery = L""; // ignored.
  3788. // Query the information
  3789. hr = pQuery->raw_SetQuery(sCont, pOptions->srcDomain, sQuery, ADS_SCOPE_SUBTREE, TRUE);
  3790. if (FAILED(hr)) return FALSE;
  3791. hr = pQuery->raw_SetColumns(cols);
  3792. if (FAILED(hr)) return FALSE;
  3793. hr = pQuery->raw_Execute(&pEnum);
  3794. if (FAILED(hr)) return FALSE;
  3795. while (pEnum->Next(1, &var, &dwf) == S_OK)
  3796. {
  3797. if ( pOptions->pStatus )
  3798. {
  3799. LONG status = 0;
  3800. HRESULT hr = pOptions->pStatus->get_Status(&status);
  3801. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  3802. {
  3803. if ( !bAbortMessageWritten )
  3804. {
  3805. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  3806. bAbortMessageWritten = true;
  3807. }
  3808. break;
  3809. }
  3810. }
  3811. vals = var.parray;
  3812. // Get the first column which is the name of the object.
  3813. SafeArrayAccessData(vals, (void HUGEP**) &pDt);
  3814. sPath = pDt[0];
  3815. SafeArrayUnaccessData(vals);
  3816. // Enumerator returns empty strings which we need to ignore.
  3817. if ( sPath.length() > 0 )
  3818. {
  3819. // Look if we have migrated the group
  3820. if ( pOptions->flags & F_COPY_MIGRATED_ACCT )
  3821. // We want to copy it again even if it was already copied.
  3822. hr = S_FALSE;
  3823. else
  3824. hr = pOptions->pDb->raw_GetAMigratedObject(sPath, pOptions->srcDomain, pOptions->tgtDomain, &pUnk);
  3825. if ( hr != S_OK )
  3826. {
  3827. if ( !IsBuiltinAccount(pOptions, (WCHAR*)sPath) )
  3828. {
  3829. // We don't care about the objects that we have migrated because they will be picked up automatically
  3830. // Find the type of this account.
  3831. if ( GetNt4Type(pOptions->srcComp, (WCHAR*) sPath, sAcctType) )
  3832. {
  3833. // Expand the containers and the membership
  3834. wsprintf(mesg, GET_STRING(IDS_EXPANDING_ADDING_SS) , pAcct->GetName(), (WCHAR*) sPath);
  3835. Progress(mesg);
  3836. TAcctReplNode * pNode = new TAcctReplNode();
  3837. if (!pNode)
  3838. return FALSE;
  3839. pNode->SetName((WCHAR*)sPath);
  3840. pNode->SetTargetName((WCHAR*)sPath);
  3841. pNode->SetSourceSam((WCHAR*)sPath);
  3842. WCHAR tgtName[LEN_Path];
  3843. wcscpy(tgtName, (WCHAR*) sPath);
  3844. TruncateSam(tgtName, pNode, pOptions, acctlist);
  3845. pNode->SetTargetSam(tgtName);
  3846. pNode->SetType(sAcctType);
  3847. if ( !UStrICmp(sAcctType,L"group") )
  3848. {
  3849. // in NT4, only global groups can be members of other groups
  3850. pNode->SetGroupType(2);
  3851. }
  3852. //Get the source domain sid from the user
  3853. pNode->SetSourceSid(pAcct->GetSourceSid());
  3854. AddPrefixSuffix(pNode, pOptions);
  3855. // build a source WinNT path
  3856. wsprintf(sSourcePath, L"WinNT://%s/%s", pOptions->srcDomain, (WCHAR*)sPath);
  3857. pNode->SetSourcePath(sSourcePath);
  3858. if (! acctlist->InsertIfNew(pNode) )
  3859. delete pNode;
  3860. }
  3861. else
  3862. {
  3863. wsprintf(mesg,GET_STRING(IDS_EXPANDING_IGNORING_SS), pAcct->GetName(), (WCHAR*) sPath);
  3864. Progress(mesg);
  3865. }
  3866. }
  3867. else
  3868. {
  3869. err.MsgWrite(ErrW, DCT_MSG_IGNORING_BUILTIN_S, (WCHAR*)sPath);
  3870. Mark("warnings", pAcct->GetType());
  3871. }
  3872. }
  3873. else
  3874. {
  3875. wsprintf(mesg, GET_STRING(IDS_EXPANDING_IGNORING_SS), pAcct->GetName(), (WCHAR*) sPath);
  3876. Progress(mesg);
  3877. }
  3878. }
  3879. }
  3880. pEnum->Release();
  3881. VariantInit(&var);
  3882. }
  3883. pAcct = (TAcctReplNode *) pAcct->Next();
  3884. }
  3885. }
  3886. pUnk->Release();
  3887. return TRUE;
  3888. }
  3889. // If we are here that means that we are dealing with Win2k
  3890. while ( bExpanded )
  3891. {
  3892. bExpanded = false;
  3893. // Go through the list of accounts and expand them one at a time
  3894. pAcct = (TAcctReplNode *)acctlist->Head();
  3895. while (pAcct)
  3896. {
  3897. // If we have already expanded the account then we dont need to process it again.
  3898. if ( pAcct->bExpanded )
  3899. {
  3900. pAcct = (TAcctReplNode *) pAcct->Next();
  3901. continue;
  3902. }
  3903. //Set the flag to say that we expanded something.
  3904. bExpanded = true;
  3905. pAcct->bExpanded = true;
  3906. if ( pOptions->pStatus )
  3907. {
  3908. LONG status = 0;
  3909. HRESULT hr = pOptions->pStatus->get_Status(&status);
  3910. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  3911. {
  3912. if ( !bAbortMessageWritten )
  3913. {
  3914. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  3915. bAbortMessageWritten = true;
  3916. }
  3917. break;
  3918. }
  3919. }
  3920. DWORD scope = 0;
  3921. sCont = pAcct->GetSourcePath();
  3922. sQuery = L"(objectClass=*)";
  3923. if ( wcslen(pAcct->GetSourceSam()) == 0 )
  3924. {
  3925. scope = ADS_SCOPE_SUBTREE;
  3926. // Build the column array
  3927. cols = SafeArrayCreate(VT_BSTR, 1, &bd);
  3928. SafeArrayAccessData(cols, (void HUGEP **) &pData);
  3929. for ( int i = 0; i < nElt; i++)
  3930. pData[i] = SysAllocString(sCols1[i]);
  3931. SafeArrayUnaccessData(cols);
  3932. }
  3933. else
  3934. {
  3935. scope = ADS_SCOPE_BASE;
  3936. // Build the column array
  3937. cols = SafeArrayCreate(VT_BSTR, 1, &bd);
  3938. SafeArrayAccessData(cols, (void HUGEP **) &pData);
  3939. for ( int i = 0; i < nElt; i++)
  3940. pData[i] = SysAllocString(sCols[i]);
  3941. SafeArrayUnaccessData(cols);
  3942. }
  3943. hr = pQuery->raw_SetQuery(sCont, pOptions->srcDomain, sQuery, scope, TRUE);
  3944. if (FAILED(hr)) return FALSE;
  3945. hr = pQuery->raw_SetColumns(cols);
  3946. if (FAILED(hr)) return FALSE;
  3947. hr = pQuery->raw_Execute(&pEnum);
  3948. if (FAILED(hr)) return FALSE;
  3949. while (pEnum->Next(1, &var, &dwf) == S_OK)
  3950. {
  3951. if ( pOptions->pStatus )
  3952. {
  3953. LONG status = 0;
  3954. HRESULT hr = pOptions->pStatus->get_Status(&status);
  3955. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  3956. {
  3957. if ( !bAbortMessageWritten )
  3958. {
  3959. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  3960. bAbortMessageWritten = true;
  3961. }
  3962. break;
  3963. }
  3964. }
  3965. vals = var.parray;
  3966. // Get the VARIANT Array out
  3967. SafeArrayAccessData(vals, (void HUGEP**) &pDt);
  3968. vx = pDt[0];
  3969. SafeArrayUnaccessData(vals);
  3970. if ( vx.vt == VT_BSTR )
  3971. {
  3972. // We got back a BSTR which could be the value that we are looking for
  3973. sPath = V_BSTR(&vx);
  3974. // Enumerator returns empty strings which we need to ignore.
  3975. if ( sPath.length() > 0 )
  3976. {
  3977. if ( GetSamFromPath(sPath, sSam, sType, sName,lgrpType, pOptions) && CompareDCPath((WCHAR*)sPath, pAcct->GetSourcePath()))
  3978. {
  3979. if ( pOptions->flags & F_COPY_MIGRATED_ACCT )
  3980. hr = S_FALSE;
  3981. else
  3982. hr = pOptions->pDb->raw_GetAMigratedObject(sSam, pOptions->srcDomain, pOptions->tgtDomain, &pUnk);
  3983. if ( hr != S_OK )
  3984. {
  3985. // We don't care about the objects that we have migrated because they will be picked up automatically
  3986. if ( _wcsicmp((WCHAR*) sType, L"computer") != 0 )
  3987. {
  3988. TAcctReplNode * pNode = new TAcctReplNode();
  3989. if (!pNode)
  3990. return FALSE;
  3991. pNode->SetSourceSam((WCHAR*)sSam);
  3992. pNode->SetTargetSam((WCHAR*)sSam);
  3993. pNode->SetName((WCHAR*)sName);
  3994. pNode->SetTargetName((WCHAR*)sName);
  3995. pNode->SetType((WCHAR*)sType);
  3996. pNode->SetSourcePath((WCHAR*)sPath);
  3997. pNode->SetGroupType(lgrpType);
  3998. //Get the source domain sid from the user
  3999. pNode->SetSourceSid(pAcct->GetSourceSid());
  4000. AddPrefixSuffix(pNode, pOptions);
  4001. if ( ! acctlist->InsertIfNew(pNode) )
  4002. delete pNode;
  4003. wsprintf(mesg, GET_STRING(IDS_EXPANDING_ADDING_SS), pAcct->GetName(), (WCHAR*) sSam);
  4004. Progress(mesg);
  4005. }
  4006. else
  4007. {
  4008. wsprintf(mesg, GET_STRING(IDS_EXPANDING_IGNORING_SS), pAcct->GetName(), (WCHAR*) sSam);
  4009. Progress(mesg);
  4010. }
  4011. }
  4012. else
  4013. {
  4014. wsprintf(mesg, GET_STRING(IDS_EXPANDING_IGNORING_SS), pAcct->GetName(), (WCHAR*) sSam);
  4015. Progress(mesg);
  4016. }
  4017. }
  4018. }
  4019. // continue;
  4020. }
  4021. // if (! ( vx.vt & VT_ARRAY ) )
  4022. // continue;
  4023. if ( vx.vt & VT_ARRAY )
  4024. // We must have got an Array of multivalued properties
  4025. multiVals = vx.parray;
  4026. else
  4027. {
  4028. // We need to also process the accounts that have this group as its primary group.
  4029. SAFEARRAYBOUND bd = { 0, 0 };
  4030. multiVals = SafeArrayCreate(VT_VARIANT, 1, &bd);
  4031. }
  4032. AddPrimaryGroupMembers(pOptions, multiVals, const_cast<WCHAR*>(pAcct->GetTargetSam()));
  4033. // Access the BSTR elements of this variant array
  4034. SafeArrayAccessData(multiVals, (void HUGEP **) &pVar);
  4035. for ( DWORD dw = 0; dw < multiVals->rgsabound->cElements; dw++ )
  4036. {
  4037. if ( pOptions->pStatus )
  4038. {
  4039. LONG status = 0;
  4040. HRESULT hr = pOptions->pStatus->get_Status(&status);
  4041. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  4042. {
  4043. if ( !bAbortMessageWritten )
  4044. {
  4045. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  4046. bAbortMessageWritten = true;
  4047. }
  4048. break;
  4049. }
  4050. }
  4051. _bstr_t sDN = _bstr_t(pVar[dw]);
  4052. sDN = PadDN(sDN);
  4053. sPath = _bstr_t(L"LDAP://") + _bstr_t(pOptions->srcDomain) + _bstr_t(L"/") + sDN;
  4054. if ( GetSamFromPath(sPath, sSam, sType, sName, lgrpType, pOptions) && CompareDCPath((WCHAR*)sPath, pAcct->GetSourcePath()))
  4055. {
  4056. if ( pOptions->flags & F_COPY_MIGRATED_ACCT )
  4057. hr = S_FALSE;
  4058. else
  4059. hr = pOptions->pDb->raw_GetAMigratedObject(sSam, pOptions->srcDomain, pOptions->tgtDomain, &pUnk);
  4060. if ( hr != S_OK )
  4061. {
  4062. // We don't care about the objects that we have migrated because they will be picked up automatically
  4063. if ( _wcsicmp((WCHAR*) sType, L"computer") != 0 )
  4064. {
  4065. TAcctReplNode * pNode = new TAcctReplNode();
  4066. if (!pNode)
  4067. return FALSE;
  4068. pNode->SetSourceSam((WCHAR*)sSam);
  4069. pNode->SetTargetSam((WCHAR*)sSam);
  4070. pNode->SetName((WCHAR*)sName);
  4071. pNode->SetTargetName((WCHAR*)sName);
  4072. pNode->SetType((WCHAR*)sType);
  4073. pNode->SetSourcePath((WCHAR*)sPath);
  4074. pNode->SetGroupType(lgrpType);
  4075. //Get the source domain sid from the user
  4076. pNode->SetSourceSid(pAcct->GetSourceSid());
  4077. AddPrefixSuffix(pNode, pOptions);
  4078. if (! acctlist->InsertIfNew(pNode) )
  4079. delete pNode;
  4080. wsprintf(mesg, GET_STRING(IDS_EXPANDING_ADDING_SS), pAcct->GetName(), (WCHAR*) sSam);
  4081. Progress(mesg);
  4082. }
  4083. else
  4084. {
  4085. wsprintf(mesg, GET_STRING(IDS_EXPANDING_IGNORING_SS), pAcct->GetName(), (WCHAR*) sSam);
  4086. Progress(mesg);
  4087. }
  4088. }
  4089. else
  4090. {
  4091. wsprintf(mesg, GET_STRING(IDS_EXPANDING_IGNORING_SS), pAcct->GetName(), (WCHAR*) sSam);
  4092. Progress(mesg);
  4093. }
  4094. }
  4095. }
  4096. SafeArrayUnaccessData(multiVals);
  4097. }
  4098. pEnum->Release();
  4099. VariantInit(&var);
  4100. pAcct = (TAcctReplNode*)pAcct->Next();
  4101. }
  4102. }
  4103. pUnk->Release();
  4104. return TRUE;
  4105. }
  4106. //--------------------------------------------------------------------------
  4107. // IsContainer : Checks if the account in question is a container type
  4108. // if it is then it returns a IADsContainer * to it.
  4109. //--------------------------------------------------------------------------
  4110. BOOL CAcctRepl::IsContainer(TAcctReplNode *pNode, IADsContainer **ppCont)
  4111. {
  4112. HRESULT hr;
  4113. hr = ADsGetObject(const_cast<WCHAR*>(pNode->GetSourcePath()), IID_IADsContainer, (void**)ppCont);
  4114. return SUCCEEDED(hr);
  4115. }
  4116. BOOL CAcctRepl::GetSamFromPath(_bstr_t sPath, _bstr_t &sSam, _bstr_t &sType, _bstr_t &sName, long& grpType, Options * pOptions)
  4117. {
  4118. HRESULT hr;
  4119. IADs * pAds = NULL;
  4120. _variant_t var;
  4121. BSTR sClass;
  4122. BOOL bIsCritical = FALSE;
  4123. BOOL rc = TRUE;
  4124. sSam = L"";
  4125. // Get the object so we can ask the questions from it.
  4126. hr = ADsGetObject((WCHAR*)sPath, IID_IADs, (void**)&pAds);
  4127. if ( FAILED(hr) ) return FALSE;
  4128. if ( SUCCEEDED(hr))
  4129. {
  4130. hr = pAds->Get(L"isCriticalSystemObject", &var);
  4131. if ( SUCCEEDED(hr) )
  4132. {
  4133. // This will only succeed for the Win2k objects.
  4134. bIsCritical = V_BOOL(&var) == -1 ? TRUE : FALSE;
  4135. }
  4136. else
  4137. {
  4138. // This must be a NT4 account. We need to get the SID and check if
  4139. // it's RID belongs to the BUILTIN rids.
  4140. hr = pAds->Get(L"objectSID", &var);
  4141. if ( SUCCEEDED(hr) )
  4142. {
  4143. SAFEARRAY * pArray = V_ARRAY(&var);
  4144. PSID pSid;
  4145. hr = SafeArrayAccessData(pArray, (void**)&pSid);
  4146. if ( SUCCEEDED(hr) )
  4147. {
  4148. DWORD * dwCnt = (DWORD *) GetSidSubAuthorityCount(pSid);
  4149. DWORD * rid = (DWORD *) GetSidSubAuthority(pSid, (*dwCnt)-1);
  4150. bIsCritical = BuiltinRid(*rid);
  4151. if ( bIsCritical )
  4152. {
  4153. BSTR sName;
  4154. hr = pAds->get_Name(&sName);
  4155. bIsCritical = CheckBuiltInWithNTApi(pSid, (WCHAR*)sName, pOptions);
  4156. }
  4157. hr = SafeArrayUnaccessData(pArray);
  4158. }
  4159. }
  4160. }
  4161. }
  4162. // Get the class from the object. If it is a container/ou class then it will not have a SAM name so put the CN= or OU= into the list
  4163. hr = pAds->get_Class(&sClass);
  4164. if ( FAILED(hr) ) rc = FALSE;
  4165. if ( rc )
  4166. {
  4167. sType = _bstr_t(sClass);
  4168. if (UStrICmp((WCHAR*) sType, L"organizationalUnit") == 0)
  4169. {
  4170. hr = pAds->get_Name(&sClass);
  4171. sName = _bstr_t(L"OU=") + _bstr_t(sClass);
  4172. sSam = L"";
  4173. if ( FAILED(hr) ) rc = FALSE;
  4174. }
  4175. else if (UStrICmp((WCHAR*) sType, L"container") == 0)
  4176. {
  4177. hr = pAds->get_Name(&sClass);
  4178. sName = _bstr_t(L"CN=") + _bstr_t(sClass);
  4179. sSam = L"";
  4180. if ( FAILED(hr) ) rc = FALSE;
  4181. }
  4182. else
  4183. {
  4184. hr = pAds->get_Name(&sClass);
  4185. sName = _bstr_t(sClass);
  4186. //if the name includes a '/', then we have to get the escaped version from the path
  4187. //due to a bug in W2K.
  4188. if (wcschr((WCHAR*)sName, L'/'))
  4189. {
  4190. _bstr_t sCNName = GetCNFromPath(sPath);
  4191. if (sCNName.length() != 0)
  4192. sName = sCNName;
  4193. }
  4194. hr = pAds->Get(L"sAMAccountName", &var);
  4195. if ( FAILED(hr)) rc = FALSE;
  4196. sSam = var;
  4197. if ( UStrICmp((WCHAR*) sType, L"group") == 0)
  4198. {
  4199. // we need to get and set the group type
  4200. pAds->Get(L"groupType", &var);
  4201. if ( SUCCEEDED(hr))
  4202. grpType = V_INT(&var);
  4203. }
  4204. }
  4205. if ( bIsCritical )
  4206. {
  4207. // Builtin account so we are going to ignore this account.
  4208. //Don't log this message in IntraForest because we do mess with it
  4209. // Also if it is a Domain Users group we add the migrated objects to it by default.
  4210. if ( !pOptions->bSameForest && _wcsicmp((WCHAR*) sSam, pOptions->sDomUsers))
  4211. {
  4212. err.MsgWrite(ErrW, DCT_MSG_IGNORING_BUILTIN_S, (WCHAR*)sPath);
  4213. Mark(L"warnings", (WCHAR*) sType);
  4214. }
  4215. rc = FALSE;
  4216. }
  4217. }
  4218. if (pAds) pAds->Release();
  4219. return rc;
  4220. }
  4221. //-----------------------------------------------------------------------------
  4222. // ExpandMembership : This method expands the account list to encorporate the
  4223. // groups that contain the members in the account list.
  4224. //-----------------------------------------------------------------------------
  4225. BOOL CAcctRepl::ExpandMembership(
  4226. TNodeListSortable *acctlist, //in- Accounts being processed
  4227. Options *pOptions, //in- Options specified by the user
  4228. TNodeListSortable *pNewAccts, //out-The newly Added accounts.
  4229. ProgressFn *progress, //in- Show status
  4230. BOOL bGrpsOnly //in- Expand for groups only
  4231. )
  4232. {
  4233. TAcctReplNode * pAcct;
  4234. HRESULT hr = S_OK;
  4235. _variant_t var;
  4236. WCHAR sGrpPath[LEN_Path];
  4237. MCSDCTWORKEROBJECTSLib::IAccessCheckerPtr pAccess(__uuidof(MCSDCTWORKEROBJECTSLib::AccessChecker));
  4238. DWORD dwMaj, dwMin, dwSP;
  4239. IVarSetPtr pVs(__uuidof(VarSet));
  4240. IUnknown * pUnk = NULL;
  4241. PSID pSid = NULL;
  4242. SID_NAME_USE use;
  4243. DWORD dwNameLen = LEN_Path;
  4244. DWORD dwDomName = LEN_Path;
  4245. WCHAR sDomUsers[LEN_Path], sDomain[LEN_Path];
  4246. BOOL rc = FALSE;
  4247. long lgrpType;
  4248. WCHAR mesg[LEN_Path];
  4249. pVs->QueryInterface(IID_IUnknown, (void**) &pUnk);
  4250. // Change from a tree to a sorted list
  4251. if ( acctlist->IsTree() ) acctlist->ToSorted();
  4252. // Get the Domain Users group name
  4253. pSid = GetWellKnownSid(DOMAIN_USERS, pOptions,FALSE);
  4254. if ( pSid )
  4255. {
  4256. // since we have the well known SID now we can get its name
  4257. if ( ! LookupAccountSid(pOptions->srcComp, pSid, sDomUsers, &dwNameLen, sDomain, &dwDomName, &use) )
  4258. hr = HRESULT_FROM_WIN32(GetLastError());
  4259. else
  4260. wcscpy(pOptions->sDomUsers, sDomUsers);
  4261. FreeSid(pSid);
  4262. }
  4263. // Check the domain type for the source domain.
  4264. if ( SUCCEEDED(hr) )
  4265. hr = pAccess->raw_GetOsVersion(pOptions->srcComp, &dwMaj, &dwMin, &dwSP);
  4266. if ( SUCCEEDED(hr))
  4267. {
  4268. if ( dwMaj < 5 )
  4269. {
  4270. // NT4 objects we need to use NT API to get the groups that this account is a member of.
  4271. LPGROUP_USERS_INFO_0 pBuf = NULL;
  4272. DWORD dwLevel = 0;
  4273. DWORD dwPrefMaxLen = 0xFFFFFFFF;
  4274. DWORD dwEntriesRead = 0;
  4275. DWORD dwTotalEntries = 0;
  4276. NET_API_STATUS nStatus;
  4277. WCHAR sGrpName[LEN_Path];
  4278. WCHAR sNewGrpName[LEN_Path];
  4279. WCHAR sType[LEN_Path];
  4280. BOOL bBuiltin;
  4281. for ( pAcct = (TAcctReplNode*)acctlist->Head(); pAcct; pAcct = (TAcctReplNode*)pAcct->Next())
  4282. {
  4283. if ( pOptions->pStatus )
  4284. {
  4285. LONG status = 0;
  4286. HRESULT hr = pOptions->pStatus->get_Status(&status);
  4287. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  4288. {
  4289. if ( !bAbortMessageWritten )
  4290. {
  4291. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  4292. bAbortMessageWritten = true;
  4293. }
  4294. break;
  4295. }
  4296. }
  4297. //if user
  4298. if (!_wcsicmp(pAcct->GetType(), L"user"))
  4299. {
  4300. //User object
  4301. nStatus = NetUserGetGroups(pOptions->srcComp, pAcct->GetName(), 0, (LPBYTE*)&pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries );
  4302. if (nStatus == NERR_Success)
  4303. {
  4304. for ( DWORD i = 0; i < dwEntriesRead; i++ )
  4305. {
  4306. if ( pOptions->pStatus )
  4307. {
  4308. LONG status = 0;
  4309. HRESULT hr = pOptions->pStatus->get_Status(&status);
  4310. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  4311. {
  4312. if ( !bAbortMessageWritten )
  4313. {
  4314. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  4315. bAbortMessageWritten = true;
  4316. }
  4317. break;
  4318. }
  4319. }
  4320. //see if this group was not migrated due to a conflict, if so then
  4321. //we need to fix up this membership
  4322. bool bInclude = true;
  4323. Lookup p;
  4324. p.pName = sGrpName;
  4325. p.pType = sType;
  4326. TAcctReplNode * pFindNode = (TAcctReplNode *) acctlist->Find(&TNodeFindAccountName, &p);
  4327. if (pFindNode && (pFindNode->WasCreated() || pFindNode->WasReplaced()) && (bGrpsOnly))
  4328. bInclude = false;
  4329. bBuiltin = IsBuiltinAccount(pOptions, pBuf[i].grui0_name);
  4330. // Ignore the Domain users group.
  4331. if ( (_wcsicmp(pBuf[i].grui0_name, sDomUsers) != 0) && !bBuiltin && bInclude)
  4332. {
  4333. wsprintf(mesg, GET_STRING(IDS_EXPANDING_GROUP_ADDING_SS), pAcct->GetName(), pBuf[i].grui0_name);
  4334. Progress(mesg);
  4335. // This is the global group type by default
  4336. wcscpy(sType, L"group");
  4337. // Get the name of the group and add it to the list if it does not already exist in the list.
  4338. wcscpy(sGrpName, pBuf[i].grui0_name);
  4339. TAcctReplNode * pNode = new TAcctReplNode();
  4340. if (!pNode)
  4341. return FALSE;
  4342. // Source name stays as is
  4343. pNode->SetName(sGrpName);
  4344. pNode->SetSourceSam(sGrpName);
  4345. pNode->SetType(sType);
  4346. pNode->SetGroupType(2);
  4347. pNode->SetTargetName(sGrpName);
  4348. //Get the source domain sid from the user
  4349. pNode->SetSourceSid(pAcct->GetSourceSid());
  4350. // Look if we have migrated the group
  4351. hr = pOptions->pDb->raw_GetAMigratedObject(sGrpName, pOptions->srcDomain, pOptions->tgtDomain, &pUnk);
  4352. if ( hr == S_OK )
  4353. {
  4354. var = pVs->get(L"MigratedObjects.SourceAdsPath");
  4355. pNode->SetSourcePath(var.bstrVal);
  4356. //Get the target name and assign that to the node
  4357. var = pVs->get(L"MigratedObjects.TargetSamName");
  4358. wcscpy(sNewGrpName, (WCHAR*)V_BSTR(&var));
  4359. pNode->SetTargetSam(sNewGrpName);
  4360. // Get the path too
  4361. var = pVs->get(L"MigratedObjects.TargetAdsPath");
  4362. wcscpy(sGrpPath, (WCHAR*)V_BSTR(&var));
  4363. pNode->SetTargetPath(sGrpPath);
  4364. // Get the type too
  4365. var = pVs->get(L"MigratedObjects.Type");
  4366. wcscpy(sType, (WCHAR*)V_BSTR(&var));
  4367. pNode->SetType(sType);
  4368. //if they dont want to copy migrated objects, or they do but it was .
  4369. if (!(pOptions->flags & F_COPY_MIGRATED_ACCT))
  4370. {
  4371. pNode->operations = 0;
  4372. pNode->operations |= OPS_Process_Members;
  4373. // Since the account has already been created we should go ahead and mark it created
  4374. // so that the processing of group membership can continue.
  4375. pNode->MarkCreated();
  4376. }
  4377. //else if already migrated, mark already there so that we fix group membership whether we migrate the group or not
  4378. else if (bInclude)
  4379. {
  4380. if (pOptions->flags & F_REPLACE)
  4381. pNode->operations |= OPS_Process_Members;
  4382. else
  4383. pNode->operations = OPS_Create_Account | OPS_Process_Members;
  4384. pNode->sMemberName = pAcct->GetSourceSam();
  4385. pNode->sMemberType = pAcct->GetType();
  4386. pNode->MarkAlreadyThere();
  4387. }
  4388. if ( !pOptions->expandMemberOf )
  4389. {
  4390. // We need to add the account to the list with the member field set so that we can add the
  4391. // member to the migrated group
  4392. pNode->sMemberName = pAcct->GetSourceSam();
  4393. pNode->sMemberType = pAcct->GetType();
  4394. pNewAccts->Insert((TNode *) pNode);
  4395. }
  4396. }
  4397. else
  4398. {
  4399. // account has not been previously copied so we will set it up
  4400. if ( pOptions->expandMemberOf )
  4401. {
  4402. TruncateSam(sGrpName, pNode, pOptions, acctlist);
  4403. pNode->SetTargetSam(sGrpName);
  4404. FillPathInfo(pNode,pOptions);
  4405. AddPrefixSuffix(pNode, pOptions);
  4406. }
  4407. else
  4408. {
  4409. delete pNode;
  4410. }
  4411. }
  4412. if ( pOptions->expandMemberOf )
  4413. {
  4414. if ( ! pNewAccts->InsertIfNew((TNode*) pNode) )
  4415. delete pNode;
  4416. }
  4417. }
  4418. if (bBuiltin)
  4419. {
  4420. // BUILTIN account error message
  4421. err.MsgWrite(ErrW, DCT_MSG_IGNORING_BUILTIN_S, pBuf[i].grui0_name);
  4422. Mark(L"warnings", pAcct->GetType());
  4423. }
  4424. }//end for each group
  4425. }//if got groups
  4426. if (pBuf != NULL)
  4427. NetApiBufferFree(pBuf);
  4428. // Process local groups
  4429. pBuf = NULL;
  4430. dwLevel = 0;
  4431. dwPrefMaxLen = 0xFFFFFFFF;
  4432. dwEntriesRead = 0;
  4433. dwTotalEntries = 0;
  4434. DWORD dwFlags = 0 ;
  4435. nStatus = NetUserGetLocalGroups(pOptions->srcComp, pAcct->GetName(), 0, dwFlags, (LPBYTE*)&pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries );
  4436. if (nStatus == NERR_Success)
  4437. {
  4438. for ( DWORD i = 0; i < dwEntriesRead; i++ )
  4439. {
  4440. if ( pOptions->pStatus )
  4441. {
  4442. LONG status = 0;
  4443. HRESULT hr = pOptions->pStatus->get_Status(&status);
  4444. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  4445. {
  4446. if ( !bAbortMessageWritten )
  4447. {
  4448. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  4449. bAbortMessageWritten = true;
  4450. }
  4451. break;
  4452. }
  4453. }
  4454. //see if this group was not migrated due to a conflict, if so then
  4455. //we need to fix up this membership
  4456. bool bInclude = true;
  4457. Lookup p;
  4458. p.pName = sGrpName;
  4459. p.pType = sType;
  4460. TAcctReplNode * pFindNode = (TAcctReplNode *) acctlist->Find(&TNodeFindAccountName, &p);
  4461. if (pFindNode && (pFindNode->WasCreated() || pFindNode->WasReplaced()) && (bGrpsOnly))
  4462. bInclude = false;
  4463. if (!IsBuiltinAccount(pOptions, pBuf[i].grui0_name))
  4464. {
  4465. wcscpy(sType, L"group");
  4466. // Get the name of the group and add it to the list if it does not already exist in the list.
  4467. wcscpy(sGrpName, pBuf[i].grui0_name);
  4468. wsprintf(mesg, GET_STRING(IDS_EXPANDING_GROUP_ADDING_SS), pAcct->GetName(), (WCHAR*) sGrpName);
  4469. Progress(mesg);
  4470. TAcctReplNode * pNode = new TAcctReplNode();
  4471. if (!pNode)
  4472. return FALSE;
  4473. pNode->SetName(sGrpName);
  4474. pNode->SetSourceSam(sGrpName);
  4475. pNode->SetType(sType);
  4476. pNode->SetGroupType(4);
  4477. pNode->SetTargetName(sGrpName);
  4478. //Get the source domain sid from the user
  4479. pNode->SetSourceSid(pAcct->GetSourceSid());
  4480. // Look if we have migrated the group
  4481. hr = pOptions->pDb->raw_GetAMigratedObject(sGrpName, pOptions->srcDomain, pOptions->tgtDomain, &pUnk);
  4482. if ( hr == S_OK )
  4483. {
  4484. var = pVs->get(L"MigratedObjects.SourceAdsPath");
  4485. pNode->SetSourcePath(var.bstrVal);
  4486. //Get the target name and assign that to the node
  4487. var = pVs->get(L"MigratedObjects.TargetSamName");
  4488. wcscpy(sNewGrpName, (WCHAR*)V_BSTR(&var));
  4489. // Get the path too
  4490. var = pVs->get(L"MigratedObjects.TargetAdsPath");
  4491. wcscpy(sGrpPath, (WCHAR*)V_BSTR(&var));
  4492. pNode->SetTargetPath(sGrpPath);
  4493. // Get the type too
  4494. var = pVs->get(L"MigratedObjects.Type");
  4495. wcscpy(sType, (WCHAR*)V_BSTR(&var));
  4496. //if they dont want to copy migrated objects, or they do but it was .
  4497. if (!(pOptions->flags & F_COPY_MIGRATED_ACCT))
  4498. {
  4499. pNode->operations = 0;
  4500. pNode->operations |= OPS_Process_Members;
  4501. // Since the account has already been created we should go ahead and mark it created
  4502. // so that the processing of group membership can continue.
  4503. pNode->MarkCreated();
  4504. }
  4505. //else if already migrated, mark already there so that we fix group membership whether we migrate the group or not
  4506. else if (bInclude)
  4507. {
  4508. if (pOptions->flags & F_REPLACE)
  4509. pNode->operations |= OPS_Process_Members;
  4510. else
  4511. pNode->operations = OPS_Create_Account | OPS_Process_Members;
  4512. pNode->sMemberName = pAcct->GetSourceSam();
  4513. pNode->sMemberType = pAcct->GetType();
  4514. pNode->MarkAlreadyThere();
  4515. }
  4516. pNode->SetType(sType);
  4517. pNode->SetGroupType(4);
  4518. pNode->SetTargetName(sGrpName);
  4519. pNode->SetTargetSam(sNewGrpName);
  4520. if ( !pOptions->expandMemberOf )
  4521. {
  4522. // We need to add the account to the list with the member field set so that we can add the
  4523. // member to the migrated group
  4524. pNode->sMemberName = pAcct->GetSourceSam();
  4525. pNode->sMemberType = pAcct->GetType();
  4526. pNewAccts->Insert((TNode *) pNode);
  4527. }
  4528. }//if migrated
  4529. else
  4530. {
  4531. // account has not been previously copied so we will set it up
  4532. if ( pOptions->expandMemberOf )
  4533. {
  4534. TruncateSam(sGrpName, pNode, pOptions, acctlist);
  4535. pNode->SetTargetSam(sGrpName);
  4536. FillPathInfo(pNode,pOptions);
  4537. AddPrefixSuffix(pNode, pOptions);
  4538. }
  4539. else
  4540. {
  4541. delete pNode;
  4542. }
  4543. }
  4544. if ( pOptions->expandMemberOf )
  4545. {
  4546. if ( ! pNewAccts->InsertIfNew((TNode*) pNode) )
  4547. {
  4548. delete pNode;
  4549. }
  4550. }
  4551. }//end if not built-in
  4552. else
  4553. {
  4554. // BUILTIN account error message
  4555. err.MsgWrite(ErrW, DCT_MSG_IGNORING_BUILTIN_S, pBuf[i].grui0_name);
  4556. Mark(L"warnings", pAcct->GetType());
  4557. }
  4558. }//for each local group
  4559. }//if any local groups
  4560. if (pBuf != NULL)
  4561. NetApiBufferFree(pBuf);
  4562. }//end if user and should expand
  4563. //if group, expand membership of previously migrated groups
  4564. if (!_wcsicmp(pAcct->GetType(), L"group"))
  4565. {
  4566. long numGroups = 0, ndx = 0;
  4567. //fill a varset with all migrated groups
  4568. hr = pOptions->pDb->raw_GetMigratedObjectByType(-1, _bstr_t(L""), _bstr_t(L"group"), &pUnk);
  4569. if ( SUCCEEDED(hr) )
  4570. {
  4571. //get the num of objects in the varset
  4572. numGroups = pVs->get(L"MigratedObjects");
  4573. //for each group, find local groups and check for account as member
  4574. for (ndx = 0; ndx < numGroups; ndx++)
  4575. {
  4576. _bstr_t tgtAdsPath = L"";
  4577. WCHAR text[MAX_PATH];
  4578. IADsGroup * pGrp = NULL;
  4579. VARIANT_BOOL bIsMem = VARIANT_FALSE;
  4580. _variant_t var;
  4581. //check for abort
  4582. if ( pOptions->pStatus )
  4583. {
  4584. LONG status = 0;
  4585. HRESULT hr = pOptions->pStatus->get_Status(&status);
  4586. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  4587. {
  4588. if ( !bAbortMessageWritten )
  4589. {
  4590. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  4591. bAbortMessageWritten = true;
  4592. }
  4593. break;
  4594. }
  4595. }
  4596. //get this group's target ADSPath
  4597. swprintf(text,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_TargetAdsPath));
  4598. tgtAdsPath = pVs->get(text);
  4599. if (!tgtAdsPath.length())
  4600. break;
  4601. //connect to the target group
  4602. hr = ADsGetObject(tgtAdsPath, IID_IADsGroup, (void**)&pGrp);
  4603. if (FAILED(hr))
  4604. continue;
  4605. //get this group's type
  4606. hr = pGrp->Get(L"groupType", &var);
  4607. //if this is a local group, see if this account is a member
  4608. if ((SUCCEEDED(hr)) && (var.lVal & 4))
  4609. {
  4610. //get the source object's sid from the migrate objects table
  4611. //(source AdsPath will not work)
  4612. WCHAR strSid[MAX_PATH];
  4613. WCHAR strRid[MAX_PATH];
  4614. DWORD lenStrSid = DIM(strSid);
  4615. GetTextualSid(pAcct->GetSourceSid(), strSid, &lenStrSid);
  4616. _bstr_t sSrcDmSid = strSid;
  4617. _ltow((long)(pAcct->GetSourceRid()), strRid, 10);
  4618. _bstr_t sSrcRid = strRid;
  4619. if ((!sSrcDmSid.length()) || (!sSrcRid.length()))
  4620. continue;
  4621. //build an LDAP path to the src object in the group
  4622. _bstr_t sSrcSid = sSrcDmSid + _bstr_t(L"-") + sSrcRid;
  4623. _bstr_t sSrcLDAPPath = L"LDAP://";
  4624. sSrcLDAPPath += _bstr_t(pOptions->tgtComp + 2);
  4625. sSrcLDAPPath += L"/CN=";
  4626. sSrcLDAPPath += sSrcSid;
  4627. sSrcLDAPPath += L",CN=ForeignSecurityPrincipals,";
  4628. sSrcLDAPPath += pOptions->tgtNamingContext;
  4629. //got the source LDAP path, now see if that account is in the group
  4630. hr = pGrp->IsMember(sSrcLDAPPath, &bIsMem);
  4631. //if it is a member, then add this groups to the list
  4632. if (SUCCEEDED(hr) && bIsMem)
  4633. {
  4634. _bstr_t sTemp;
  4635. //create a new node to add to the list
  4636. swprintf(text,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_SourceSamName));
  4637. sTemp = pVs->get(text);
  4638. wsprintf(mesg, GET_STRING(IDS_EXPANDING_GROUP_ADDING_SS), pAcct->GetName(), (WCHAR*)sTemp);
  4639. Progress(mesg);
  4640. TAcctReplNode * pNode = new TAcctReplNode();
  4641. if (!pNode)
  4642. return FALSE;
  4643. pNode->SetName(sTemp);
  4644. pNode->SetSourceSam(sTemp);
  4645. pNode->SetTargetName(sTemp);
  4646. pNode->SetGroupType(4);
  4647. pNode->SetTargetPath(tgtAdsPath);
  4648. swprintf(text,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_TargetSamName));
  4649. sTemp = pVs->get(text);
  4650. pNode->SetTargetSam(sTemp);
  4651. swprintf(text,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_SourceDomainSid));
  4652. sTemp = pVs->get(text);
  4653. pNode->SetSourceSid(SidFromString((WCHAR*)sTemp));
  4654. swprintf(text,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_SourceAdsPath));
  4655. sTemp = pVs->get(text);
  4656. pNode->SetSourcePath(sTemp);
  4657. swprintf(text,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_Type));
  4658. sTemp = pVs->get(text);
  4659. pNode->SetType(sTemp);
  4660. if ( !(pOptions->flags & F_COPY_MIGRATED_ACCT))
  4661. {
  4662. // Since the account already exists we can tell it just to update group memberships
  4663. pNode->operations = 0;
  4664. pNode->operations |= OPS_Process_Members;
  4665. // Since the account has already been created we should go ahead and mark it created
  4666. // so that the processing of group membership can continue.
  4667. pNode->MarkCreated();
  4668. }
  4669. // We need to add the account to the list with the member field set so that we can add the
  4670. // member to the migrated group
  4671. pNode->sMemberName = pAcct->GetSourceSam();
  4672. pNode->sMemberType = pAcct->GetType();
  4673. pNewAccts->Insert((TNode *) pNode);
  4674. }//end if local group has as member
  4675. }//end if local group
  4676. if (pGrp)
  4677. pGrp->Release();
  4678. }//end for each group
  4679. }//end if got migrated groups
  4680. }//end if group
  4681. }//for each account in the list
  4682. }//end if NT 4.0 objects
  4683. else
  4684. {
  4685. // Win2k objects so we need to go to active directory and query the memberOf field of each of these objects and update the
  4686. // list.
  4687. IEnumVARIANT * pEnum;
  4688. INetObjEnumeratorPtr pQuery(__uuidof(NetObjEnumerator));
  4689. LPWSTR sCols[] = { L"memberOf" };
  4690. int nCols = DIM(sCols);
  4691. SAFEARRAY * psaCols;
  4692. SAFEARRAYBOUND bd = { nCols, 0 };
  4693. BSTR HUGEP * pData;
  4694. WCHAR sQuery[LEN_Path];
  4695. _variant_t HUGEP * pDt, * pVar;
  4696. _variant_t vx;
  4697. _variant_t varMain;
  4698. DWORD dwf = 0;
  4699. for ( pAcct = (TAcctReplNode*)acctlist->Head(); pAcct; pAcct = (TAcctReplNode*)pAcct->Next())
  4700. {
  4701. if ( pOptions->pStatus )
  4702. {
  4703. LONG status = 0;
  4704. HRESULT hr = pOptions->pStatus->get_Status(&status);
  4705. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  4706. {
  4707. if ( !bAbortMessageWritten )
  4708. {
  4709. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  4710. bAbortMessageWritten = true;
  4711. }
  4712. break;
  4713. }
  4714. }
  4715. // Get the Accounts Primary group. This is not in the memberOf property for some reason.(Per Richard Ault in Firstwave NewsGroup)
  4716. IADs * pAds;
  4717. _variant_t varRid;
  4718. _bstr_t sPath;
  4719. _bstr_t sSam;
  4720. _bstr_t sType;
  4721. _bstr_t sName;
  4722. hr = ADsGetObject(const_cast<WCHAR*>(pAcct->GetSourcePath()), IID_IADs, (void**)&pAds);
  4723. if ( SUCCEEDED(hr))
  4724. {
  4725. hr = pAds->Get(L"primaryGroupID", &varRid);
  4726. pAds->Release();
  4727. }
  4728. if ( SUCCEEDED(hr) )
  4729. {
  4730. WCHAR sAcctName[LEN_Path];
  4731. WCHAR sDomain[LEN_Path];
  4732. DWORD cbName = LEN_Path;
  4733. DWORD cbDomain = LEN_Path;
  4734. SID_NAME_USE sidUse;
  4735. // Get the SID from the RID
  4736. PSID sid = GetWellKnownSid(varRid.lVal, pOptions);
  4737. // Lookup the sAMAccountNAme from the SID
  4738. if ( LookupAccountSid(pOptions->srcComp, sid, sAcctName, &cbName, sDomain, &cbDomain, &sidUse) )
  4739. {
  4740. //see if this group was not migrated due to a conflict, if so then
  4741. //we need to fix up this membership
  4742. bool bInclude = true;
  4743. Lookup p;
  4744. p.pName = (WCHAR*)sSam;
  4745. p.pType = (WCHAR*)sType;
  4746. TAcctReplNode * pFindNode = (TAcctReplNode *) acctlist->Find(&TNodeFindAccountName, &p);
  4747. if (pFindNode && (pFindNode->WasCreated() || pFindNode->WasReplaced()) && (bGrpsOnly))
  4748. bInclude = false;
  4749. // We have the SAM Account name for the Primary group so lets Fill the node and add it to the list.
  4750. // Ignore in case of the Domain Users group.
  4751. if ( varRid.lVal != DOMAIN_GROUP_RID_USERS)
  4752. {
  4753. TAcctReplNode * pNode = new TAcctReplNode();
  4754. if (!pNode)
  4755. return FALSE;
  4756. pNode->SetName((WCHAR*)sAcctName);
  4757. pNode->SetTargetName((WCHAR*) sAcctName);
  4758. pNode->SetSourceSam((WCHAR*) sAcctName);
  4759. pNode->SetTargetSam((WCHAR*) sAcctName);
  4760. pNode->SetType(L"group");
  4761. //Get the source domain sid from the user
  4762. pNode->SetSourceSid(pAcct->GetSourceSid());
  4763. AddPrefixSuffix(pNode, pOptions);
  4764. FillPathInfo(pNode, pOptions);
  4765. // See if the object is migrated
  4766. hr = pOptions->pDb->raw_GetAMigratedObject((WCHAR*)sAcctName, pOptions->srcDomain, pOptions->tgtDomain, &pUnk);
  4767. if ( hr == S_OK )
  4768. {
  4769. if ((!(pOptions->expandMemberOf) || ((pOptions->expandMemberOf) && ((!(pOptions->flags & F_COPY_MIGRATED_ACCT)) || (bInclude)))) ||
  4770. (!_wcsicmp(pAcct->GetType(), L"group")))
  4771. {
  4772. // Get the target name
  4773. var = pVs->get(L"MigratedObjects.TargetSamName");
  4774. sSam = V_BSTR(&var);
  4775. pNode->SetTargetSam((WCHAR*) sSam);
  4776. // Also Get the Ads path
  4777. var = pVs->get(L"MigratedObjects.TargetAdsPath");
  4778. sPath = V_BSTR(&var);
  4779. pNode->SetTargetPath((WCHAR*)sPath);
  4780. // Since the account is already copied we only want it to update its Group memberships
  4781. if (!(pOptions->flags & F_COPY_MIGRATED_ACCT))
  4782. {
  4783. pNode->operations = 0;
  4784. pNode->operations |= OPS_Process_Members;
  4785. // Since the account has already been created we should go ahead and mark it created
  4786. // so that the processing of group membership can continue.
  4787. pNode->MarkCreated();
  4788. }
  4789. else if (bInclude)//else if already migrated, mark already there so that we fix group membership whether we migrate the group or not
  4790. {
  4791. if (pOptions->flags & F_REPLACE)
  4792. pNode->operations |= OPS_Process_Members;
  4793. else
  4794. pNode->operations = OPS_Create_Account | OPS_Process_Members;
  4795. pNode->MarkAlreadyThere();
  4796. }
  4797. if ((!pOptions->expandMemberOf) || (!_wcsicmp(pAcct->GetType(), L"group")) || (bInclude))
  4798. {
  4799. // We need to add the account to the list with the member field set so that we can add the
  4800. // member to the migrated group
  4801. pNode->sMemberName = pAcct->GetSourceSam();
  4802. pNode->sMemberType = pAcct->GetType();
  4803. pNewAccts->Insert((TNode *) pNode);
  4804. }
  4805. }
  4806. }
  4807. else if ( !pOptions->expandMemberOf )
  4808. {
  4809. delete pNode;
  4810. }
  4811. if (( pOptions->expandMemberOf ) && (_wcsicmp(pAcct->GetType(), L"group")))
  4812. {
  4813. if ( ! pNewAccts->InsertIfNew(pNode) )
  4814. delete pNode;
  4815. }
  4816. }
  4817. }
  4818. if ( sid )
  4819. FreeSid(sid);
  4820. }
  4821. // Build query stuff
  4822. if (!_wcsicmp(pAcct->GetType(), L"user"))
  4823. wsprintf(sQuery, L"(&(sAMAccountName=%s)(objectCategory=Person)(objectClass=user))", pAcct->GetSourceSam());
  4824. else
  4825. wsprintf(sQuery, L"(&(sAMAccountName=%s)(objectCategory=Group))", pAcct->GetSourceSam());
  4826. psaCols = SafeArrayCreate(VT_BSTR, 1, &bd);
  4827. SafeArrayAccessData(psaCols, (void HUGEP **)&pData);
  4828. for ( int i = 0; i < nCols; i++ )
  4829. pData[i] = SysAllocString(sCols[i]);
  4830. SafeArrayUnaccessData(psaCols);
  4831. // Tell the object to run the query and report back to us
  4832. hr = pQuery->raw_SetQuery(const_cast<WCHAR*>(pAcct->GetSourcePath()), pOptions->srcDomain, sQuery, ADS_SCOPE_BASE, TRUE);
  4833. if (FAILED(hr)) return FALSE;
  4834. hr = pQuery->raw_SetColumns(psaCols);
  4835. if (FAILED(hr)) return FALSE;
  4836. hr = pQuery->raw_Execute(&pEnum);
  4837. if (FAILED(hr)) return FALSE;
  4838. while (pEnum->Next(1, &varMain, &dwf) == S_OK)
  4839. {
  4840. if ( pOptions->pStatus )
  4841. {
  4842. LONG status = 0;
  4843. HRESULT hr = pOptions->pStatus->get_Status(&status);
  4844. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  4845. {
  4846. if ( !bAbortMessageWritten )
  4847. {
  4848. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  4849. bAbortMessageWritten = true;
  4850. }
  4851. break;
  4852. }
  4853. }
  4854. SAFEARRAY * vals = V_ARRAY(&varMain);
  4855. // Get the VARIANT Array out
  4856. SafeArrayAccessData(vals, (void HUGEP**) &pDt);
  4857. vx = pDt[0];
  4858. SafeArrayUnaccessData(vals);
  4859. if ( vx.vt == VT_BSTR )
  4860. {
  4861. _bstr_t sDN = _bstr_t(_bstr_t(vx));
  4862. if (wcslen((WCHAR*)sDN) == 0)
  4863. continue;
  4864. sDN = PadDN(sDN);
  4865. sPath = _bstr_t(L"LDAP://") + _bstr_t(pOptions->srcDomainDns) + _bstr_t(L"/") + sDN;
  4866. if ( GetSamFromPath(sPath, sSam, sType, sName, lgrpType, pOptions) && CompareDCPath((WCHAR*)sPath, pAcct->GetSourcePath()))
  4867. {
  4868. //see if this group was not migrated due to a conflict, if so then
  4869. //we need to fix up this membership
  4870. bool bInclude = true;
  4871. Lookup p;
  4872. p.pName = (WCHAR*)sSam;
  4873. p.pType = (WCHAR*)sType;
  4874. TAcctReplNode * pFindNode = (TAcctReplNode *) acctlist->Find(&TNodeFindAccountName, &p);
  4875. if (pFindNode && (pFindNode->WasCreated() || pFindNode->WasReplaced()) && (bGrpsOnly))
  4876. bInclude = false;
  4877. // Ignore the Domain users group and group already being migrated
  4878. if ((_wcsicmp(sSam, sDomUsers) != 0) && (bInclude))
  4879. {
  4880. wsprintf(mesg, GET_STRING(IDS_EXPANDING_GROUP_ADDING_SS), pAcct->GetName(), (WCHAR*) sSam);
  4881. Progress(mesg);
  4882. TAcctReplNode * pNode = new TAcctReplNode();
  4883. if (!pNode)
  4884. return FALSE;
  4885. pNode->SetName((WCHAR*)sName);
  4886. pNode->SetTargetName((WCHAR*) sName);
  4887. pNode->SetType((WCHAR*)sType);
  4888. pNode->SetSourcePath((WCHAR*)sPath);
  4889. pNode->SetSourceSam((WCHAR*) sSam);
  4890. pNode->SetTargetSam((WCHAR*)sSam);
  4891. //Get the source domain sid from the user
  4892. pNode->SetSourceSid(pAcct->GetSourceSid());
  4893. AddPrefixSuffix(pNode, pOptions);
  4894. pNode->SetGroupType(lgrpType);
  4895. // See if the object is migrated
  4896. hr = pOptions->pDb->raw_GetAMigratedObject((WCHAR*)sSam, pOptions->srcDomain, pOptions->tgtDomain, &pUnk);
  4897. if ( hr == S_OK )
  4898. {
  4899. if ((!(pOptions->expandMemberOf) || ((pOptions->expandMemberOf) && ((!(pOptions->flags & F_COPY_MIGRATED_ACCT)) || (bInclude)))) ||
  4900. (!_wcsicmp(pAcct->GetType(), L"group")))
  4901. {
  4902. // Get the target name
  4903. var = pVs->get(L"MigratedObjects.TargetSamName");
  4904. sSam = V_BSTR(&var);
  4905. pNode->SetTargetSam((WCHAR*) sSam);
  4906. // Also Get the Ads path
  4907. var = pVs->get(L"MigratedObjects.TargetAdsPath");
  4908. sPath = V_BSTR(&var);
  4909. pNode->SetTargetPath((WCHAR*)sPath);
  4910. // Since the account is already copied we only want it to update its Group memberships
  4911. if (!(pOptions->flags & F_COPY_MIGRATED_ACCT))
  4912. {
  4913. pNode->operations = 0;
  4914. pNode->operations |= OPS_Process_Members;
  4915. // Since the account has already been created we should go ahead and mark it created
  4916. // so that the processing of group membership can continue.
  4917. pNode->MarkCreated();
  4918. }
  4919. else if (bInclude)//else if already migrated, mark already there so that we fix group membership whether we migrate the group or not
  4920. {
  4921. if (pOptions->flags & F_REPLACE)
  4922. pNode->operations |= OPS_Process_Members;
  4923. else
  4924. pNode->operations = OPS_Create_Account | OPS_Process_Members;
  4925. pNode->MarkAlreadyThere();
  4926. }
  4927. if ((!pOptions->expandMemberOf) || (!_wcsicmp(pAcct->GetType(), L"group")) || (bInclude))
  4928. {
  4929. // We need to add the account to the list with the member field set so that we can add the
  4930. // member to the migrated group
  4931. pNode->sMemberName = pAcct->GetSourceSam();
  4932. pNode->sMemberType = pAcct->GetType();
  4933. pNewAccts->Insert((TNode *) pNode);
  4934. }
  4935. }
  4936. }
  4937. else if ( ! pOptions->expandMemberOf )
  4938. {
  4939. // if the user doesn't want to copy the member-ofs, we just add them to update their memberships
  4940. delete pNode;
  4941. }
  4942. if (( pOptions->expandMemberOf ) && (_wcsicmp(pAcct->GetType(), L"group")))
  4943. {
  4944. if (! pNewAccts->InsertIfNew(pNode) )
  4945. delete pNode;
  4946. }
  4947. }
  4948. }
  4949. }
  4950. else if ( vx.vt & VT_ARRAY )
  4951. {
  4952. // We must have got an Array of multivalued properties
  4953. // Access the BSTR elements of this variant array
  4954. SAFEARRAY * multiVals = vx.parray;
  4955. SafeArrayAccessData(multiVals, (void HUGEP **) &pVar);
  4956. for ( DWORD dw = 0; dw < multiVals->rgsabound->cElements; dw++ )
  4957. {
  4958. if ( pOptions->pStatus )
  4959. {
  4960. LONG status = 0;
  4961. HRESULT hr = pOptions->pStatus->get_Status(&status);
  4962. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  4963. {
  4964. if ( !bAbortMessageWritten )
  4965. {
  4966. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  4967. bAbortMessageWritten = true;
  4968. }
  4969. break;
  4970. }
  4971. }
  4972. WCHAR sTemp[LEN_Path];
  4973. _bstr_t sDN = _bstr_t(V_BSTR(&pVar[dw]));
  4974. sDN = PadDN(sDN);
  4975. wsprintf(sTemp, L"LDAP://%s/%s", pOptions->srcDomainDns, (WCHAR*)sDN);
  4976. sPath = sTemp;
  4977. if ( GetSamFromPath(sPath, sSam, sType, sName,lgrpType, pOptions) && CompareDCPath((WCHAR*)sPath, pAcct->GetSourcePath()))
  4978. {
  4979. //see if this group was not migrated due to a conflict, if so then
  4980. //we need to fix up this membership
  4981. bool bInclude = true;
  4982. Lookup p;
  4983. p.pName = (WCHAR*)sSam;
  4984. p.pType = (WCHAR*)sType;
  4985. TAcctReplNode * pFindNode = (TAcctReplNode *) acctlist->Find(&TNodeFindAccountName, &p);
  4986. if (pFindNode && (pFindNode->WasCreated() || pFindNode->WasReplaced()) && (bGrpsOnly))
  4987. bInclude = false;
  4988. // Ignore the Domain users group and group already being migrated
  4989. if ((_wcsicmp(sSam, sDomUsers) != 0) && (bInclude))
  4990. {
  4991. wsprintf(mesg, GET_STRING(IDS_EXPANDING_GROUP_ADDING_SS), pAcct->GetName(), (WCHAR*) sSam);
  4992. Progress(mesg);
  4993. TAcctReplNode * pNode = new TAcctReplNode();
  4994. if (!pNode)
  4995. return FALSE;
  4996. pNode->SetName((WCHAR*)sName);
  4997. pNode->SetTargetName((WCHAR*) sName);
  4998. pNode->SetType((WCHAR*)sType);
  4999. pNode->SetSourcePath((WCHAR*)sPath);
  5000. pNode->SetSourceSam((WCHAR*) sSam);
  5001. pNode->SetTargetSam((WCHAR*) sSam);
  5002. //Get the source domain sid from the user
  5003. pNode->SetSourceSid(pAcct->GetSourceSid());
  5004. AddPrefixSuffix(pNode, pOptions);
  5005. pNode->SetGroupType(lgrpType);
  5006. // See if the object is migrated
  5007. hr = pOptions->pDb->raw_GetAMigratedObject((WCHAR*)sSam, pOptions->srcDomain, pOptions->tgtDomain, &pUnk);
  5008. if ( hr == S_OK )
  5009. {
  5010. if ((!(pOptions->expandMemberOf) || ((pOptions->expandMemberOf) && ((!(pOptions->flags & F_COPY_MIGRATED_ACCT)) || (bInclude)))) ||
  5011. (!_wcsicmp(pAcct->GetType(), L"group")))
  5012. {
  5013. // Get the target name
  5014. var = pVs->get(L"MigratedObjects.TargetSamName");
  5015. sSam = V_BSTR(&var);
  5016. pNode->SetTargetSam((WCHAR*) sSam);
  5017. // Also Get the Ads path
  5018. var = pVs->get(L"MigratedObjects.TargetAdsPath");
  5019. sPath = V_BSTR(&var);
  5020. pNode->SetTargetPath((WCHAR*)sPath);
  5021. // Since the account is already copied we only want it to update its Group memberships
  5022. if (!(pOptions->flags & F_COPY_MIGRATED_ACCT))
  5023. {
  5024. pNode->operations = 0;
  5025. pNode->operations |= OPS_Process_Members;
  5026. // Since the account has already been created we should go ahead and mark it created
  5027. // so that the processing of group membership can continue.
  5028. pNode->MarkCreated();
  5029. }
  5030. else if (bInclude)//else if already migrated, mark already there so that we fix group membership whether we migrate the group or not
  5031. {
  5032. if (pOptions->flags & F_REPLACE)
  5033. pNode->operations |= OPS_Process_Members;
  5034. else
  5035. pNode->operations = OPS_Create_Account | OPS_Process_Members;
  5036. pNode->MarkAlreadyThere();
  5037. }
  5038. if ((!pOptions->expandMemberOf) || (!_wcsicmp(pAcct->GetType(), L"group")) || (bInclude))
  5039. {
  5040. // We need to add the account to the list with the member field set so that we can add the
  5041. // member to the migrated group
  5042. pNode->sMemberName = pAcct->GetSourceSam();
  5043. pNode->sMemberType = pAcct->GetType();
  5044. pNewAccts->Insert((TNode *) pNode);
  5045. pNode = NULL;
  5046. }
  5047. }
  5048. }
  5049. else if ( ! pOptions->expandMemberOf )
  5050. {
  5051. // if the user doesn't want to copy the member-ofs, we just add them to update their memberships
  5052. delete pNode;
  5053. pNode = NULL;
  5054. }
  5055. if (pNode)
  5056. {
  5057. if (( pOptions->expandMemberOf ) && (_wcsicmp(pAcct->GetType(), L"group")))
  5058. {
  5059. if (! pNewAccts->InsertIfNew(pNode) )
  5060. delete pNode;
  5061. }
  5062. else
  5063. {
  5064. delete pNode;
  5065. }
  5066. }
  5067. }
  5068. }
  5069. }
  5070. SafeArrayUnaccessData(multiVals);
  5071. }
  5072. }
  5073. pEnum->Release();
  5074. VariantInit(&vx);
  5075. VariantInit(&varMain);
  5076. SafeArrayDestroy(psaCols);
  5077. }
  5078. }
  5079. rc = TRUE;
  5080. }
  5081. if ( pUnk ) pUnk->Release();
  5082. return rc;
  5083. }
  5084. HRESULT CAcctRepl::BuildSidPath(
  5085. WCHAR const * sPath, //in- path returned by the enumerator.
  5086. WCHAR * sSidPath, //out-path to the LDAP://<SID=###> object
  5087. WCHAR * sSam, //out-Sam name of the object
  5088. WCHAR * sDomain, //out-Domain name where this object resides.
  5089. Options * pOptions, //in- Options
  5090. PSID * ppSid //out- pointer to the binary SID
  5091. )
  5092. {
  5093. HRESULT hr = S_OK;
  5094. IADs * pAds = NULL;
  5095. DWORD cbName = LEN_Path, cbDomain = LEN_Path;
  5096. PSID sid = (PSID) new BYTE[100];
  5097. CLdapConnection c;
  5098. SID_NAME_USE use;
  5099. _variant_t var;
  5100. if (!sid)
  5101. return HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  5102. // Get the object and get the objectSID
  5103. hr = ADsGetObject(const_cast<WCHAR*>(sPath), IID_IADs, (void**) &pAds);
  5104. if ( SUCCEEDED(hr) )
  5105. hr = pAds->Get(L"objectSid", &var);
  5106. if ( SUCCEEDED(hr) )
  5107. {
  5108. // Make sure the SID we got was in string format
  5109. VariantSidToString(var);
  5110. UStrCpy(sSidPath,L"LDAP://<SID=");
  5111. UStrCpy(sSidPath + UStrLen(sSidPath),var.bstrVal);
  5112. UStrCpy(sSidPath + UStrLen(sSidPath),L">");
  5113. }
  5114. if (c.StringToBytes(var.bstrVal, (BYTE*)sid))
  5115. {
  5116. if (!LookupAccountSid(pOptions->srcComp, sid, sSam, &cbName, sDomain, &cbDomain, &use))
  5117. hr = HRESULT_FROM_WIN32(GetLastError());
  5118. }
  5119. else
  5120. hr = HRESULT_FROM_WIN32(GetLastError());
  5121. if ( SUCCEEDED(hr) )
  5122. {
  5123. (*ppSid) = sid;
  5124. }
  5125. else
  5126. {
  5127. delete [] sid;
  5128. (*ppSid) = NULL;
  5129. }
  5130. return hr;
  5131. }
  5132. BOOL
  5133. CAcctRepl::CanMoveInMixedMode(TAcctReplNode *pAcct,TNodeListSortable * acctlist, Options * pOptions)
  5134. {
  5135. HRESULT hr = S_OK;
  5136. BOOL ret = TRUE;
  5137. IADsGroup * pGroup = NULL;
  5138. IADsMembers * pMembers = NULL;
  5139. IEnumVARIANT * pEnum = NULL;
  5140. IDispatch * pDisp = NULL;
  5141. IADs * pAds = NULL;
  5142. _bstr_t sSam;
  5143. _variant_t vSam;
  5144. BSTR sClass;
  5145. IVarSetPtr pVs(__uuidof(VarSet));
  5146. IUnknown * pUnk = NULL;
  5147. pVs->QueryInterface(IID_IUnknown, (void**)&pUnk);
  5148. // in case of a global group we need to check if we have/are migrating all the members. If we
  5149. // are then we can move it and if not then we need to use the parallel group theory.
  5150. if ( pAcct->GetGroupType() & 2 )
  5151. {
  5152. // This is a global group. What we need to do now is to see if we have/will migrate all its members.
  5153. // First enumerate the members.
  5154. hr = ADsGetObject(const_cast<WCHAR*>(pAcct->GetSourcePath()), IID_IADsGroup, (void**)&pGroup);
  5155. if ( SUCCEEDED(hr) )
  5156. hr = pGroup->Members(&pMembers);
  5157. if (SUCCEEDED(hr))
  5158. hr = pMembers->get__NewEnum((IUnknown**)&pEnum);
  5159. if ( SUCCEEDED(hr) )
  5160. {
  5161. _variant_t var;
  5162. DWORD fetch = 0;
  5163. while ( pEnum->Next(1, &var, &fetch) == S_OK )
  5164. {
  5165. // Get the sAMAccount name from the object so we can do the lookups
  5166. pDisp = V_DISPATCH(&var);
  5167. hr = pDisp->QueryInterface(IID_IADs, (void**)&pAds);
  5168. if (SUCCEEDED(hr))
  5169. hr = pAds->Get(L"sAMAccountName", &vSam);
  5170. if (SUCCEEDED(hr))
  5171. hr = pAds->get_Class(&sClass);
  5172. if ( SUCCEEDED(hr))
  5173. {
  5174. sSam = vSam;
  5175. // To see if we will migrate all its members check the account list.
  5176. Lookup lup;
  5177. lup.pName = (WCHAR*) sSam;
  5178. lup.pType = (WCHAR*) sClass;
  5179. TAcctReplNode * pNode = (TAcctReplNode*)acctlist->Find(&TNodeFindAccountName, &lup);
  5180. if ( !pNode )
  5181. {
  5182. // we are not copying this in this pirticular instance but we might have copied it
  5183. // in previous instances so we need to check the migrated objects table.
  5184. hr = pOptions->pDb->raw_GetAMigratedObject(sSam, pOptions->srcDomain, pOptions->tgtDomain, (IUnknown**) &pUnk);
  5185. if ( hr != S_OK )
  5186. {
  5187. // This member has never been copied and it is not in the account list this time so we need to copy this group
  5188. ret = FALSE;
  5189. err.MsgWrite(0,DCT_MSG_CANNOT_MOVE_GG_FROM_MIXED_MODE_SS,pAcct->GetSourceSam(),(WCHAR*)sSam);
  5190. break;
  5191. }
  5192. }
  5193. }
  5194. }
  5195. if ( pEnum ) pEnum->Release();
  5196. if ( pAds ) pAds->Release();
  5197. if ( pGroup ) pGroup->Release();
  5198. if ( pMembers ) pMembers->Release();
  5199. }
  5200. }
  5201. else
  5202. // For a local group we always return false because we can not truely move a local group
  5203. ret = TRUE;
  5204. // Local groups can be moved, if all of their members are removed first
  5205. return ret;
  5206. }
  5207. HRESULT
  5208. CAcctRepl::CheckClosedSetGroups(
  5209. Options * pOptions, // in - options for the migration
  5210. TNodeListSortable * pAcctList, // in - list of accounts to migrate
  5211. ProgressFn * progress, // in - progress function to display progress messages
  5212. IStatusObj * pStatus // in - status object to support cancellation
  5213. )
  5214. {
  5215. HRESULT hr = S_OK;
  5216. TNodeListEnum e;
  5217. TAcctReplNode * pAcct;
  5218. if ( pAcctList->IsTree() )
  5219. pAcctList->ToSorted();
  5220. for ( pAcct = (TAcctReplNode*)e.OpenFirst(pAcctList) ; pAcct ; pAcct = (TAcctReplNode*)e.Next() )
  5221. {
  5222. if ( (pAcct->operations & OPS_Create_Account ) == 0 )
  5223. continue;
  5224. if ( !UStrICmp(pAcct->GetType(),L"user") )
  5225. {
  5226. // users, we will always move
  5227. err.MsgWrite(0,DCT_MSG_USER_WILL_BE_MOVED_S,pAcct->GetName());
  5228. pAcct->operations = OPS_Move_Object | OPS_Call_Extensions;
  5229. }
  5230. else if (! UStrICmp(pAcct->GetType(),L"group") )
  5231. {
  5232. if ( CanMoveInMixedMode(pAcct,pAcctList,pOptions) )
  5233. {
  5234. pAcct->operations = OPS_Move_Object | OPS_Call_Extensions;
  5235. err.MsgWrite(0,DCT_MSG_GROUP_WILL_BE_MOVED_S,pAcct->GetName());
  5236. }
  5237. }
  5238. else
  5239. {
  5240. err.MsgWrite(0,DCT_MSG_CANT_MOVE_UNKNOWN_TYPE_SS,pAcct->GetName(), pAcct->GetType());
  5241. }
  5242. }
  5243. e.Close();
  5244. pAcctList->SortedToTree();
  5245. return hr;
  5246. }
  5247. void LoadNecessaryFunctions()
  5248. {
  5249. HMODULE hPro = LoadLibrary(L"advapi32.dll");
  5250. if ( hPro )
  5251. ConvertStringSidToSid = (TConvertStringSidToSid)GetProcAddress(hPro, "ConvertStringSidToSidW");
  5252. else
  5253. {
  5254. err.SysMsgWrite(ErrE, GetLastError(), DCT_MSG_LOAD_LIBRARY_FAILED_SD, L"advapi32.dll");
  5255. Mark(L"errors", L"generic");
  5256. }
  5257. }
  5258. //---------------------------------------------------------------------------------------------------------
  5259. // MoveObj2k - This function moves objects within a forest.
  5260. //---------------------------------------------------------------------------------------------------------
  5261. int CAcctRepl::MoveObj2K(
  5262. Options * pOptions, //in -Options that we recieved from the user
  5263. TNodeListSortable * acctlist, //in -AcctList of accounts to be copied.
  5264. ProgressFn * progress, //in -Progress Function to display messages
  5265. IStatusObj * pStatus // in -status object to support cancellation
  5266. )
  5267. {
  5268. MCSDCTWORKEROBJECTSLib::IAccessCheckerPtr pAccess(__uuidof(MCSDCTWORKEROBJECTSLib::AccessChecker));
  5269. IObjPropBuilderPtr pClass(__uuidof(ObjPropBuilder));
  5270. TNodeListSortable pMemberOf, pMember;
  5271. LoadNecessaryFunctions();
  5272. FillNamingContext(pOptions);
  5273. // Make sure we are connecting to the DC that has RID Pool Allocator FSMO role.
  5274. GetRidPoolAllocator(pOptions);
  5275. // Since we are in the same forest we need to turn off the AddSidHistory functionality.
  5276. // because it is always going to fail.
  5277. pOptions->flags &= ~F_AddSidHistory;
  5278. BOOL bSrcNative = false;
  5279. BOOL bTgtNative = false;
  5280. HRESULT hr = S_OK;
  5281. _variant_t var;
  5282. _bstr_t sTargetDomain = pOptions->tgtDomain;
  5283. pAccess->raw_IsNativeMode(pOptions->srcDomain, (long*)&bSrcNative);
  5284. pAccess->raw_IsNativeMode(pOptions->tgtDomain, (long*)&bTgtNative);
  5285. IMoverPtr pMover(__uuidof(Mover));
  5286. TNodeTreeEnum e;
  5287. // build the source and target DSA names
  5288. WCHAR sourceDSA[LEN_Path];
  5289. WCHAR targetDSA[LEN_Path];
  5290. WCHAR sSubPath[LEN_Path];
  5291. WCHAR sAdsPath[LEN_Path];
  5292. DWORD nPathLen = LEN_Path;
  5293. TAcctReplNode * pAcct = NULL;
  5294. UStrCpy(sourceDSA,pOptions->srcComp);
  5295. UStrCpy(sourceDSA + UStrLen(sourceDSA),L".");
  5296. UStrCpy(sourceDSA + UStrLen(sourceDSA),pOptions->srcDomainDns);
  5297. UStrCpy(targetDSA,pOptions->tgtComp);
  5298. UStrCpy(targetDSA + UStrLen(targetDSA),L".");
  5299. UStrCpy(targetDSA + UStrLen(targetDSA),pOptions->tgtDomainDns);
  5300. err.LogClose();
  5301. // In this call the fourth parameter is the log file name. We are piggy backing this value
  5302. // so that we will not have to change the interface for the IMover object.
  5303. hr = pMover->raw_Connect(sourceDSA, targetDSA, pOptions->authDomain,
  5304. pOptions->authUser, pOptions->authPassword, pOptions->logFile, L"", L"");
  5305. err.LogOpen(pOptions->logFile, 1);
  5306. if ( SUCCEEDED(hr) )
  5307. {
  5308. // make sure the target OU Path is in the proper format
  5309. wcscpy(sSubPath, pOptions->tgtOUPath);
  5310. if ( !wcsncmp(L"LDAP://", sSubPath, 7) )
  5311. StuffComputerNameinLdapPath(sAdsPath, nPathLen, sSubPath, pOptions);
  5312. else
  5313. MakeFullyQualifiedAdsPath(sAdsPath, nPathLen, sSubPath, pOptions->tgtComp, pOptions->tgtNamingContext);
  5314. // make sure the account list is in the proper format
  5315. if (acctlist->IsTree()) acctlist->ToSorted();
  5316. acctlist->CompareSet(&TNodeCompareAccountType);
  5317. // sort the account list by Source Type\Source Name
  5318. if ( acctlist->IsTree() ) acctlist->ToSorted();
  5319. acctlist->CompareSet(&TNodeCompareAccountType);
  5320. acctlist->SortedToScrambledTree();
  5321. acctlist->Sort(&TNodeCompareAccountType);
  5322. acctlist->Balance();
  5323. pMemberOf.CompareSet(&TNodeCompareMember);
  5324. pMember.CompareSet(&TNodeCompareMember);
  5325. /* The account list is sorted in descending order by type, then in ascending order by object name
  5326. this means that the user accounts will be moved first.
  5327. Here are the steps we will perform for native mode MoveObject.
  5328. 1. For each object to be copied, Remove (and record) the group memberships
  5329. 2. If the object is a group, convert it to universal (to avoid having to remove any members that are not
  5330. being migrated.
  5331. 3. Move the object.
  5332. 4. For each migrated group that was converted to a universal group, change it back to its original
  5333. type, if possible.
  5334. 5. Restore the group memberships for all objects.
  5335. Here are the steps we will perform for mixed mode MoveObject
  5336. 1. If closed set is not achieved, copy the groups, rather than moving them
  5337. 2. For each object to be copied, Remove (and record) the group memberships
  5338. 3. If the object is a group, remove all of its members
  5339. 4. Move the object.
  5340. 5. For each migrated group try to add all of its members back
  5341. 6. Restore the group memberships for all objects.
  5342. */
  5343. if ( ! bSrcNative )
  5344. {
  5345. CheckClosedSetGroups(pOptions,acctlist,progress,pStatus);
  5346. // this will copy any groups that cannot be moved from the source domain
  5347. // if groups are copied in this fashion, SIDHistory cannot be used, and reACLing must be performed
  5348. CopyObj2K(pOptions,acctlist,progress,pStatus);
  5349. }
  5350. // This is the start of the Move loop
  5351. try {
  5352. for ( pAcct = (TAcctReplNode *)e.OpenFirst(acctlist);
  5353. pAcct;
  5354. pAcct = (TAcctReplNode *)e.Next() )
  5355. {
  5356. if ( m_pExt )
  5357. {
  5358. if ( pAcct->operations & OPS_Call_Extensions )
  5359. {
  5360. m_pExt->Process(pAcct,sTargetDomain,pOptions,TRUE);
  5361. }
  5362. }
  5363. // Do we need to abort ?
  5364. if ( pStatus )
  5365. {
  5366. LONG status = 0;
  5367. HRESULT hr = pStatus->get_Status(&status);
  5368. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  5369. {
  5370. if ( !bAbortMessageWritten )
  5371. {
  5372. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  5373. bAbortMessageWritten = true;
  5374. }
  5375. break;
  5376. }
  5377. }
  5378. // in the mixed-mode case, skip any accounts that we've already copied
  5379. if ( ! bSrcNative && ((pAcct->operations & OPS_Move_Object)==0 ) )
  5380. continue;
  5381. if ( bSrcNative &&
  5382. ( (pAcct->operations & OPS_Create_Account)==0 )
  5383. )
  5384. continue;
  5385. //if the UPN name conflicted, then the UPNUpdate extension set the hr to
  5386. //ERROR_OBJECT_ALREADY_EXISTS. If so, set flag for "no change" mode
  5387. if (pAcct->GetHr() == ERROR_OBJECT_ALREADY_EXISTS)
  5388. {
  5389. pAcct->bUPNConflicted = TRUE;
  5390. pAcct->SetHr(S_OK);
  5391. }
  5392. Mark(L"processed", pAcct->GetType());
  5393. WCHAR mesg[LEN_Path] = L"";
  5394. if ( progress )
  5395. progress(mesg);
  5396. if ( _wcsicmp(pAcct->GetType(), L"group") == 0 || _wcsicmp(pAcct->GetType(), L"lgroup") == 0 )
  5397. {
  5398. // First, record the group type, so we can change it back later if needed
  5399. IADsGroup * pGroup = NULL;
  5400. VARIANT var;
  5401. VariantInit(&var);
  5402. // get the group type
  5403. hr = ADsGetObject( const_cast<WCHAR*>(pAcct->GetSourcePath()), IID_IADsGroup, (void**) &pGroup);
  5404. if (SUCCEEDED(hr) )
  5405. {
  5406. hr = pGroup->Get(L"groupType", &var);
  5407. pGroup->Release();
  5408. }
  5409. if ( SUCCEEDED(hr) )
  5410. {
  5411. pAcct->SetGroupType(var.lVal);
  5412. }
  5413. else
  5414. {
  5415. pAcct->SetGroupType(0);
  5416. }
  5417. // make sure it is native and group is a global group
  5418. if ( bSrcNative && bTgtNative )
  5419. {
  5420. if ( pAcct->GetGroupType() & 2)
  5421. {
  5422. // We are going to convert the group type to universal groups so we can easily move them
  5423. WCHAR mesg[LEN_Path];
  5424. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_CHANGE_GROUP_TYPE_S), pAcct->GetName());
  5425. Progress(mesg);
  5426. // Convert global groups to universal, so we can move them without de-populating
  5427. if ( ! pOptions->nochange )
  5428. {
  5429. WCHAR sPath[LEN_Path];
  5430. DWORD nPathLen = LEN_Path;
  5431. StuffComputerNameinLdapPath(sPath, nPathLen, const_cast<WCHAR*>(pAcct->GetSourcePath()), pOptions, FALSE);
  5432. hr = pClass->raw_ChangeGroupType(sPath, 8);
  5433. }
  5434. else
  5435. {
  5436. hr = S_OK;
  5437. }
  5438. if (FAILED(hr))
  5439. {
  5440. err.SysMsgWrite(ErrE,hr,DCT_MSG_FAILED_TO_CONVERT_GROUP_TO_UNIVERSAL_SD, pAcct->GetSourceSam(), hr);
  5441. pAcct->MarkError();
  5442. Mark(L"errors", pAcct->GetType());
  5443. continue; // skip any further processing of this group.
  5444. }
  5445. }
  5446. else if ( ! ( pAcct->GetGroupType() & 8 ) ) // don't need to depopulate universal groups
  5447. {
  5448. // For local groups we are going to depopulate the group and move it and then repopulate it.
  5449. // In mixed mode, there are no universal groups, so we must depopulate all of the groups
  5450. // before we can move them out to the new domain. We will RecordAndRemove members of all Group type
  5451. // move them to the target domain and then change their type to Universal and then add all of its
  5452. // members back to it.
  5453. WCHAR mesg[LEN_Path];
  5454. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RECORD_REMOVE_MEMBER_S), pAcct->GetName());
  5455. Progress(mesg);
  5456. RecordAndRemoveMember(pOptions, pAcct, &pMember);
  5457. }
  5458. }
  5459. else
  5460. {
  5461. // for mixed mode source domain, we must depopulate all of the groups
  5462. WCHAR mesg[LEN_Path];
  5463. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RECORD_REMOVE_MEMBER_S), pAcct->GetName());
  5464. if ( progress )
  5465. progress(mesg);
  5466. RecordAndRemoveMember(pOptions, pAcct, &pMember);
  5467. }
  5468. }
  5469. // We need to remove this object from any global groups so that it can be moved.
  5470. if ( ! pOptions->nochange )
  5471. {
  5472. WCHAR mesg[LEN_Path];
  5473. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RECORD_REMOVE_MEMBEROF_S), pAcct->GetName());
  5474. Progress(mesg);
  5475. RecordAndRemoveMemberOf( pOptions, pAcct, &pMemberOf );
  5476. }
  5477. BOOL bObjectExists = DoesTargetObjectAlreadyExist(pAcct, pOptions);
  5478. if ( bObjectExists )
  5479. {
  5480. // The object exists, see if we need to rename
  5481. if ( wcslen(pOptions->prefix) > 0 )
  5482. {
  5483. // Add a prefix to the account name
  5484. WCHAR tgt[LEN_Path];
  5485. WCHAR pref[LEN_Path], suf[LEN_Path];
  5486. WCHAR sTempSam[LEN_Path];
  5487. _variant_t varStr;
  5488. // find the '=' sign
  5489. wcscpy(tgt, pAcct->GetTargetName());
  5490. for ( DWORD z = 0; z < wcslen(tgt); z++ )
  5491. {
  5492. if ( tgt[z] == L'=' ) break;
  5493. }
  5494. if ( z < wcslen(tgt) )
  5495. {
  5496. // Get the prefix part ex.CN=
  5497. wcsncpy(pref, tgt, z+1);
  5498. pref[z+1] = 0;
  5499. wcscpy(suf, tgt+z+1);
  5500. }
  5501. // Build the target string with the Prefix
  5502. wsprintf(tgt, L"%s%s%s", pref, pOptions->prefix, suf);
  5503. pAcct->SetTargetName(tgt);
  5504. // truncate to allow prefix/suffix to fit in 20 characters.
  5505. int resLen = wcslen(pOptions->prefix) + wcslen(pAcct->GetTargetSam());
  5506. if ( !_wcsicmp(pAcct->GetType(), L"computer") )
  5507. {
  5508. // Computer name can be only 15 characters long + $
  5509. if ( resLen > 16 )
  5510. {
  5511. WCHAR sTruncatedSam[LEN_Path];
  5512. wcscpy(sTruncatedSam, pAcct->GetTargetSam());
  5513. if ( wcslen( pOptions->globalSuffix ) )
  5514. {
  5515. // We must remove the global suffix if we had one.
  5516. sTruncatedSam[wcslen(sTruncatedSam) - wcslen(pOptions->globalSuffix)] = L'\0';
  5517. }
  5518. int truncate = 16 - wcslen(pOptions->prefix) - wcslen(pOptions->globalSuffix);
  5519. if ( truncate < 1 ) truncate = 1;
  5520. wcsncpy(sTempSam, sTruncatedSam, truncate - 1);
  5521. sTempSam[truncate - 1] = L'\0';
  5522. wcscat(sTempSam, pOptions->globalSuffix);
  5523. wcscat(sTempSam, L"$");
  5524. }
  5525. else
  5526. wcscpy(sTempSam, pAcct->GetTargetSam());
  5527. // Add the prefix
  5528. wsprintf(tgt, L"%s%s", pOptions->prefix,sTempSam);
  5529. }
  5530. else if ( !_wcsicmp(pAcct->GetType(), L"group") )
  5531. {
  5532. if ( resLen > 64 )
  5533. {
  5534. int truncate = 64 - wcslen(pOptions->prefix);
  5535. if ( truncate < 0 ) truncate = 0;
  5536. wcsncpy(sTempSam, pAcct->GetTargetSam(), truncate);
  5537. sTempSam[truncate] = L'\0';
  5538. }
  5539. else
  5540. wcscpy(sTempSam, pAcct->GetTargetSam());
  5541. // Add the prefix
  5542. wsprintf(tgt, L"%s%s", pOptions->prefix,sTempSam);
  5543. }
  5544. else
  5545. {
  5546. if ( resLen > 20 )
  5547. {
  5548. WCHAR sTruncatedSam[LEN_Path];
  5549. wcscpy(sTruncatedSam, pAcct->GetTargetSam());
  5550. if ( wcslen( pOptions->globalSuffix ) )
  5551. {
  5552. // We must remove the global suffix if we had one.
  5553. sTruncatedSam[wcslen(sTruncatedSam) - wcslen(pOptions->globalSuffix)] = L'\0';
  5554. }
  5555. int truncate = 20 - wcslen(pOptions->prefix) - wcslen(pOptions->globalSuffix);
  5556. if ( truncate < 0 ) truncate = 0;
  5557. wcsncpy(sTempSam, sTruncatedSam, truncate);
  5558. sTempSam[truncate] = L'\0';
  5559. wcscat(sTempSam, pOptions->globalSuffix);
  5560. }
  5561. else
  5562. wcscpy(sTempSam, pAcct->GetTargetSam());
  5563. // Add the prefix
  5564. wsprintf(tgt, L"%s%s", pOptions->prefix,sTempSam);
  5565. }
  5566. StripSamName(tgt);
  5567. // TruncateSam(tgt,pAcct,pOptions,acctlist);
  5568. pAcct->SetTargetSam(tgt);
  5569. if ( DoesTargetObjectAlreadyExist(pAcct, pOptions) )
  5570. {
  5571. // Double collision lets log a message and forget about this account
  5572. pAcct->MarkAlreadyThere();
  5573. err.MsgWrite(ErrE, DCT_MSG_PREF_ACCOUNT_EXISTS_S, pAcct->GetTargetSam());
  5574. Mark(L"errors",pAcct->GetType());
  5575. continue;
  5576. }
  5577. }
  5578. else if ( wcslen(pOptions->suffix) > 0 )
  5579. {
  5580. // Add a suffix to the account name
  5581. WCHAR tgt[LEN_Path];
  5582. WCHAR sTempSam[LEN_Path];
  5583. wsprintf(tgt, L"%s%s", pAcct->GetTargetName(), pOptions->suffix);
  5584. pAcct->SetTargetName(tgt);
  5585. //Update the sam account name
  5586. // truncate to allow prefix/suffix to fit in valid length
  5587. int resLen = wcslen(pOptions->suffix) + wcslen(pAcct->GetTargetSam());
  5588. if ( !_wcsicmp(pAcct->GetType(), L"computer") )
  5589. {
  5590. // Computer name can be only 15 characters long + $
  5591. if ( resLen > 16 )
  5592. {
  5593. WCHAR sTruncatedSam[LEN_Path];
  5594. wcscpy(sTruncatedSam, pAcct->GetTargetSam());
  5595. if ( wcslen( pOptions->globalSuffix ) )
  5596. {
  5597. // We must remove the global suffix if we had one.
  5598. sTruncatedSam[wcslen(sTruncatedSam) - wcslen(pOptions->globalSuffix)] = L'\0';
  5599. }
  5600. int truncate = 16 - wcslen(pOptions->suffix) - wcslen(pOptions->globalSuffix);
  5601. if ( truncate < 1 ) truncate = 1;
  5602. wcsncpy(sTempSam, sTruncatedSam, truncate - 1);
  5603. sTempSam[truncate - 1] = L'\0';
  5604. wcscat(sTempSam, pOptions->globalSuffix);
  5605. wcscat(sTempSam, L"$");
  5606. }
  5607. else
  5608. wcscpy(sTempSam, pAcct->GetTargetSam());
  5609. // Add the suffix taking into account the $ sign
  5610. if ( sTempSam[wcslen(sTempSam) - 1] == L'$' )
  5611. sTempSam[wcslen(sTempSam) - 1] = L'\0';
  5612. wsprintf(tgt, L"%s%s$", sTempSam, pOptions->suffix);
  5613. }
  5614. else if ( !_wcsicmp(pAcct->GetType(), L"group") )
  5615. {
  5616. if ( resLen > 64 )
  5617. {
  5618. int truncate = 64 - wcslen(pOptions->suffix);
  5619. if ( truncate < 0 ) truncate = 0;
  5620. wcsncpy(sTempSam, pAcct->GetTargetSam(), truncate);
  5621. sTempSam[truncate] = L'\0';
  5622. }
  5623. else
  5624. wcscpy(sTempSam, pAcct->GetTargetSam());
  5625. // Add the suffix.
  5626. wsprintf(tgt, L"%s%s", sTempSam, pOptions->suffix);
  5627. }
  5628. else
  5629. {
  5630. if ( resLen > 20 )
  5631. {
  5632. WCHAR sTruncatedSam[LEN_Path];
  5633. wcscpy(sTruncatedSam, pAcct->GetTargetSam());
  5634. if ( wcslen( pOptions->globalSuffix ) )
  5635. {
  5636. // We must remove the global suffix if we had one.
  5637. sTruncatedSam[wcslen(sTruncatedSam) - wcslen(pOptions->globalSuffix)] = L'\0';
  5638. }
  5639. int truncate = 20 - wcslen(pOptions->suffix) - wcslen(pOptions->globalSuffix);
  5640. if ( truncate < 0 ) truncate = 0;
  5641. wcsncpy(sTempSam, sTruncatedSam, truncate);
  5642. sTempSam[truncate] = L'\0';
  5643. wcscat(sTempSam, pOptions->globalSuffix);
  5644. }
  5645. else
  5646. wcscpy(sTempSam, pAcct->GetTargetSam());
  5647. // Add the suffix.
  5648. wsprintf(tgt, L"%s%s", sTempSam, pOptions->suffix);
  5649. }
  5650. StripSamName(tgt);
  5651. // TruncateSam(tgt,pAcct,pOptions,acctlist);
  5652. pAcct->SetTargetSam(tgt);
  5653. if ( DoesTargetObjectAlreadyExist(pAcct, pOptions) )
  5654. {
  5655. // Double collision lets log a message and forget about this account
  5656. pAcct->MarkAlreadyThere();
  5657. err.MsgWrite(ErrE, DCT_MSG_PREF_ACCOUNT_EXISTS_S, pAcct->GetTargetSam());
  5658. Mark(L"errors",pAcct->GetType());
  5659. continue;
  5660. }
  5661. }
  5662. else
  5663. {
  5664. // if the skip existing option is specified, and the object exists in the target domain,
  5665. // we just skip it
  5666. err.MsgWrite(0, DCT_MSG_ACCOUNT_EXISTS_S, pAcct->GetTargetSam());
  5667. continue;
  5668. }
  5669. }
  5670. // If a prefix/suffix is added to the target sam name then we need to rename the account.
  5671. // on the source domain and then move it to the target domain.
  5672. if ( bObjectExists || (_wcsicmp(pAcct->GetSourceSam(), pAcct->GetTargetSam()) && !pOptions->bUndo ))
  5673. {
  5674. // we need to rename the account to the target SAM name before we try to move it
  5675. // Get an ADs pointer to the account
  5676. IADs * pADs = NULL;
  5677. WCHAR sPaths[LEN_Path];
  5678. DWORD nPathLen = LEN_Path;
  5679. StuffComputerNameinLdapPath(sPaths, nPathLen, const_cast<WCHAR*>(pAcct->GetSourcePath()), pOptions, FALSE);
  5680. hr = ADsGetObject(sPaths,IID_IADs,(void**)&pADs);
  5681. if ( SUCCEEDED(hr) )
  5682. {
  5683. hr = pADs->Put(SysAllocString(L"sAMAccountName"),_variant_t(pAcct->GetTargetSam()));
  5684. if ( SUCCEEDED(hr) && !pOptions->nochange )
  5685. {
  5686. hr = pADs->SetInfo();
  5687. if ( SUCCEEDED(hr) )
  5688. err.MsgWrite(0,DCT_MSG_ACCOUNT_RENAMED_SS,pAcct->GetSourceSam(),pAcct->GetTargetSam());
  5689. }
  5690. if ( FAILED(hr) )
  5691. {
  5692. err.SysMsgWrite(ErrE,hr,DCT_MSG_RENAME_FAILED_SSD,pAcct->GetSourceSam(),pAcct->GetTargetSam(), hr);
  5693. Mark(L"errors",pAcct->GetType());
  5694. }
  5695. pADs->Release();
  5696. }
  5697. }
  5698. WCHAR sName[MAX_PATH];
  5699. DWORD cbDomain = MAX_PATH, cbSid = MAX_PATH;
  5700. PSID pSrcSid = new BYTE[MAX_PATH];
  5701. WCHAR sDomain[MAX_PATH];
  5702. SID_NAME_USE use;
  5703. if (!pSrcSid)
  5704. return ERROR_NOT_ENOUGH_MEMORY;
  5705. // Get the source account's rid
  5706. wsprintf(sName, L"%s\\%s", pOptions->srcDomain, pAcct->GetSourceSam());
  5707. if (LookupAccountName(pOptions->srcComp, sName, pSrcSid, &cbSid, sDomain, &cbDomain, &use))
  5708. {
  5709. pAcct->SetSourceSid(pSrcSid);
  5710. }
  5711. // Now we move it
  5712. hr = MoveObject( pAcct, pOptions, pMover );
  5713. // don't bother with this in nochange mode
  5714. if ( pOptions->nochange )
  5715. {
  5716. // we haven't modified the accounts in any way, so nothing else needs to be done for nochange mode
  5717. continue;
  5718. }
  5719. // Now, we have attempted to move the object - we need to put back the memberships
  5720. // UNDO --
  5721. if ( _wcsicmp(pAcct->GetSourceSam(), pAcct->GetTargetSam()) && pAcct->WasReplaced() && pOptions->bUndo )
  5722. {
  5723. // Since we undid a prior migration that renamed the account we need
  5724. // to rename the account back to its original name.
  5725. // Get an ADs pointer to the account
  5726. IADs * pADs = NULL;
  5727. WCHAR sPaths[LEN_Path];
  5728. DWORD nPathLen = LEN_Path;
  5729. StuffComputerNameinLdapPath(sPaths, nPathLen, const_cast<WCHAR*>(pAcct->GetTargetPath()), pOptions, TRUE);
  5730. hr = ADsGetObject(sPaths,IID_IADs,(void**)&pADs);
  5731. if ( SUCCEEDED(hr) )
  5732. {
  5733. hr = pADs->Put(SysAllocString(L"sAMAccountName"),_variant_t(pAcct->GetTargetSam()));
  5734. if ( SUCCEEDED(hr) && !pOptions->nochange )
  5735. {
  5736. hr = pADs->SetInfo();
  5737. if ( SUCCEEDED(hr) )
  5738. err.MsgWrite(0,DCT_MSG_ACCOUNT_RENAMED_SS,pAcct->GetSourceSam(),pAcct->GetTargetSam());
  5739. }
  5740. if ( FAILED(hr) )
  5741. {
  5742. err.SysMsgWrite(ErrE,hr,DCT_MSG_RENAME_FAILED_SSD,pAcct->GetSourceSam(),pAcct->GetTargetSam(), hr);
  5743. Mark(L"errors",pAcct->GetType());
  5744. }
  5745. pADs->Release();
  5746. }
  5747. }
  5748. // -- UNDO
  5749. // FAILED Move ----
  5750. if ( (bObjectExists || _wcsicmp(pAcct->GetSourceSam(), pAcct->GetTargetSam())) && ! pAcct->WasReplaced() )
  5751. {
  5752. // if we changed the SAM account name, and the move still failed, we need to change it back now
  5753. IADs * pADs = NULL;
  5754. WCHAR sPaths[LEN_Path];
  5755. DWORD nPathLen = LEN_Path;
  5756. StuffComputerNameinLdapPath(sPaths, nPathLen, const_cast<WCHAR*>(pAcct->GetSourcePath()), pOptions, FALSE);
  5757. hr = ADsGetObject(sPaths,IID_IADs,(void**)&pADs);
  5758. if ( SUCCEEDED(hr) )
  5759. {
  5760. hr = pADs->Put(SysAllocString(L"sAMAccountName"),_variant_t(pAcct->GetSourceSam()));
  5761. if ( SUCCEEDED(hr) )
  5762. {
  5763. hr = pADs->SetInfo();
  5764. if ( SUCCEEDED(hr) )
  5765. err.MsgWrite(0,DCT_MSG_ACCOUNT_RENAMED_SS,pAcct->GetTargetSam(),pAcct->GetSourceSam());
  5766. }
  5767. if ( FAILED(hr) )
  5768. {
  5769. err.SysMsgWrite(ErrE,hr,DCT_MSG_RENAME_FAILED_SSD,pAcct->GetTargetSam(),pAcct->GetSourceSam(), hr);
  5770. Mark(L"errors",pAcct->GetType());
  5771. }
  5772. pADs->Release();
  5773. }
  5774. }// --- Failed Move
  5775. } // end of Move-Loop
  5776. e.Close();
  5777. }
  5778. catch ( ... )
  5779. {
  5780. err.MsgWrite(ErrE,DCT_MSG_MOVE_EXCEPTION);
  5781. Mark(L"errors", L"generic");
  5782. }
  5783. try { // if we've moved any of the members, update the member records to use the target names
  5784. WCHAR mesg[LEN_Path];
  5785. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_UPDATE_MEMBER_LIST_S));
  5786. Progress(mesg);
  5787. UpdateMemberList(&pMember,acctlist);
  5788. UpdateMemberList(&pMemberOf,acctlist);
  5789. }
  5790. catch (... )
  5791. {
  5792. err.MsgWrite(ErrE,DCT_MSG_RESET_MEMBER_EXCEPTION);
  5793. Mark(L"errors", L"generic");
  5794. }
  5795. for ( pAcct = (TAcctReplNode *)e.OpenFirst(acctlist);
  5796. pAcct;
  5797. pAcct = (TAcctReplNode *)e.Next() )
  5798. {
  5799. if ( m_pExt && !pOptions->nochange )
  5800. {
  5801. if ( pAcct->WasReplaced() && (pAcct->operations & OPS_Call_Extensions) )
  5802. {
  5803. m_pExt->Process(pAcct,sTargetDomain,pOptions,FALSE);
  5804. }
  5805. }
  5806. //translate the roaming profile if requested
  5807. if ( pOptions->flags & F_TranslateProfiles && (_wcsicmp(pAcct->GetType(), L"user") == 0))
  5808. {
  5809. WCHAR mesg[LEN_Path];
  5810. wsprintf(mesg, GET_STRING(IDS_TRANSLATE_ROAMING_PROFILE_S), pAcct->GetName());
  5811. if ( progress )
  5812. progress(mesg);
  5813. WCHAR tgtProfilePath[MAX_PATH];
  5814. GetBkupRstrPriv((WCHAR*)NULL);
  5815. GetPrivilege((WCHAR*)NULL,SE_SECURITY_NAME);
  5816. if ( wcslen(pAcct->GetSourceProfile()) > 0 )
  5817. {
  5818. DWORD ret = TranslateRemoteProfile(pAcct->GetSourceProfile(),
  5819. tgtProfilePath,
  5820. pAcct->GetSourceSam(),
  5821. pAcct->GetTargetSam(),
  5822. pOptions->srcDomain,
  5823. pOptions->tgtDomain,
  5824. pOptions->pDb,
  5825. pOptions->lActionID,
  5826. pAcct->GetSourceSid(),
  5827. pOptions->nochange);
  5828. }
  5829. }
  5830. }
  5831. e.Close();
  5832. for ( pAcct = (TAcctReplNode *)e.OpenFirst(acctlist);
  5833. pAcct;
  5834. pAcct = (TAcctReplNode *)e.Next() )
  5835. {
  5836. try
  5837. {
  5838. if (bSrcNative && bTgtNative)
  5839. {
  5840. if ( _wcsicmp(pAcct->GetType(), L"group") == 0 || _wcsicmp(pAcct->GetType(), L"lgroup") == 0 )
  5841. {
  5842. WCHAR mesg[LEN_Path];
  5843. wsprintf(mesg, GET_STRING(IDS_UPDATING_GROUP_MEMBERSHIPS_S), pAcct->GetName());
  5844. if ( progress )
  5845. progress(mesg);
  5846. if ( pAcct->GetGroupType() & 4 )
  5847. {
  5848. WCHAR mesg[LEN_Path];
  5849. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RESET_GROUP_MEMBERS_S), pAcct->GetName());
  5850. Progress(mesg);
  5851. ResetGroupsMembers(pOptions, pAcct, &pMember, pOptions->pDb);
  5852. }
  5853. else
  5854. {
  5855. // we need to update the members of these Universal/Global groups to
  5856. // point members to the target domain if those members have been migrated
  5857. // in previous runs.
  5858. ResetMembersForUnivGlobGroups(pOptions, pAcct);
  5859. }
  5860. }
  5861. }
  5862. else
  5863. {
  5864. if ( _wcsicmp(pAcct->GetType(), L"group") == 0 || _wcsicmp(pAcct->GetType(), L"lgroup") == 0 )
  5865. {
  5866. WCHAR mesg[LEN_Path];
  5867. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RESET_GROUP_MEMBERS_S), pAcct->GetName());
  5868. if ( progress )
  5869. progress(mesg);
  5870. ResetGroupsMembers(pOptions, pAcct, &pMember, pOptions->pDb);
  5871. }
  5872. }
  5873. }
  5874. catch (... )
  5875. {
  5876. err.MsgWrite(ErrE,DCT_MSG_GROUP_MEMBERSHIPS_EXCEPTION);
  5877. Mark(L"errors", pAcct->GetType());
  5878. }
  5879. }
  5880. bool bChangedAny = true; // Have to go through it atleast once.
  5881. while ( bChangedAny )
  5882. {
  5883. bChangedAny = false;
  5884. for ( pAcct = (TAcctReplNode *)e.OpenFirst(acctlist);
  5885. pAcct;
  5886. pAcct = (TAcctReplNode *)e.Next() )
  5887. {
  5888. if ( pOptions->nochange )
  5889. continue;
  5890. if ( bSrcNative && bTgtNative )
  5891. {
  5892. // We have changed the migrated global groups to universal groups
  5893. // now we need to change them back to their original types, if possible
  5894. if ( _wcsicmp(pAcct->GetType(), L"group") == 0 || _wcsicmp(pAcct->GetType(), L"lgroup") == 0 )
  5895. {
  5896. if ( pAcct->GetGroupType() & 2 )
  5897. {
  5898. if ( pAcct->bChangedType )
  5899. continue;
  5900. // attempt to change it back to its original type
  5901. if ( pAcct->WasReplaced() )
  5902. {
  5903. // the account was moved, use the target name
  5904. hr = pClass->raw_ChangeGroupType(const_cast<WCHAR*>(pAcct->GetTargetPath()), pAcct->GetGroupType());
  5905. }
  5906. else
  5907. {
  5908. // we failed to move the account, use the source name
  5909. hr = pClass->raw_ChangeGroupType(const_cast<WCHAR*>(pAcct->GetSourcePath()), pAcct->GetGroupType());
  5910. }
  5911. pAcct->SetHr(hr);
  5912. if ( SUCCEEDED(hr) )
  5913. {
  5914. pAcct->bChangedType = true;
  5915. bChangedAny = true;
  5916. }
  5917. }
  5918. }
  5919. }
  5920. else
  5921. {
  5922. // for mixed->native mode migration we can change the group type and add all the members back
  5923. if ( _wcsicmp(pAcct->GetType(), L"group") == 0 || _wcsicmp(pAcct->GetType(), L"lgroup") == 0 )
  5924. {
  5925. if ( !(pAcct->GetGroupType() & 4) && !pAcct->bChangedType )
  5926. {
  5927. if ( pAcct->WasReplaced() )
  5928. {
  5929. hr = pClass->raw_ChangeGroupType(const_cast<WCHAR*>(pAcct->GetTargetPath()), pAcct->GetGroupType());
  5930. }
  5931. else
  5932. {
  5933. hr = pClass->raw_ChangeGroupType(const_cast<WCHAR*>(pAcct->GetSourcePath()), pAcct->GetGroupType());
  5934. }
  5935. pAcct->SetHr(hr);
  5936. if ( SUCCEEDED(hr) )
  5937. {
  5938. pAcct->bChangedType = true;
  5939. bChangedAny = true;
  5940. }
  5941. }
  5942. } // if group
  5943. } // Native/Mixed
  5944. } //for
  5945. }
  5946. // Log a message for all the groups that we were not able to change back to original type
  5947. for ( pAcct = (TAcctReplNode *)e.OpenFirst(acctlist);
  5948. pAcct;
  5949. pAcct = (TAcctReplNode *)e.Next() )
  5950. {
  5951. if ( pOptions->nochange )
  5952. continue;
  5953. if ( bSrcNative && bTgtNative )
  5954. {
  5955. // We have changed the migrated global groups to universal groups
  5956. // now we need to change them back to their original types, if possible
  5957. if ( _wcsicmp(pAcct->GetType(), L"group") == 0 || _wcsicmp(pAcct->GetType(), L"lgroup") == 0 )
  5958. {
  5959. if ( pAcct->GetGroupType() & 2 )
  5960. {
  5961. if (FAILED(pAcct->GetHr()))
  5962. {
  5963. err.SysMsgWrite(ErrE,hr,DCT_MSG_GROUP_CHANGETYPE_FAILED_SD, pAcct->GetTargetPath(), hr);
  5964. Mark(L"errors", pAcct->GetType());
  5965. }
  5966. }
  5967. }
  5968. }
  5969. else
  5970. {
  5971. // for mixed->native mode migration we can change the group type and add all the members back
  5972. if ( _wcsicmp(pAcct->GetType(), L"group") == 0 || _wcsicmp(pAcct->GetType(), L"lgroup") == 0 )
  5973. {
  5974. if ( !(pAcct->GetGroupType() & 4) )
  5975. {
  5976. if (FAILED(pAcct->GetHr()))
  5977. {
  5978. err.SysMsgWrite(ErrE,hr,DCT_MSG_GROUP_CHANGETYPE_FAILED_SD, pAcct->GetTargetPath(), hr);
  5979. Mark(L"errors", pAcct->GetType());
  5980. }
  5981. }
  5982. } // if group
  5983. } // Native/Mixed
  5984. } //for
  5985. WCHAR mesg[LEN_Path];
  5986. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RESET_MEMBERSHIP_S));
  5987. Progress(mesg);
  5988. ResetObjectsMembership( pOptions,&pMemberOf, pOptions->pDb );
  5989. }
  5990. else
  5991. {
  5992. // Connection failed.
  5993. err.SysMsgWrite(ErrE,hr,DCT_MSG_MOVEOBJECT_CONNECT_FAILED_D,hr);
  5994. Mark(L"errors", ((TAcctReplNode*)acctlist->Head())->GetType());
  5995. }
  5996. if ( progress )
  5997. progress(L"");
  5998. pMover->Close();
  5999. return 0;
  6000. }
  6001. //---------------------------------------------------------------------------------------------------------
  6002. // MoveObject - This method does the actual move on the object calling the Mover object.
  6003. //---------------------------------------------------------------------------------------------------------
  6004. HRESULT CAcctRepl::MoveObject(
  6005. TAcctReplNode * pAcct,
  6006. Options * pOptions,
  6007. IMoverPtr pMover
  6008. )
  6009. {
  6010. HRESULT hr = S_OK;
  6011. WCHAR sourcePath[LEN_Path];
  6012. WCHAR targetPath[LEN_Path];
  6013. DWORD nPathLen = LEN_Path;
  6014. WCHAR * pRelativeTgtOUPath = NULL;
  6015. safecopy(sourcePath,pAcct->GetSourcePath());
  6016. WCHAR mesg[LEN_Path];
  6017. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_MOVING_S), pAcct->GetName());
  6018. Progress(mesg);
  6019. if ( ! pOptions->bUndo )
  6020. {
  6021. MakeFullyQualifiedAdsPath(targetPath, nPathLen, pOptions->tgtOUPath, pOptions->tgtDomain, pOptions->tgtNamingContext);
  6022. }
  6023. else
  6024. {
  6025. swprintf(targetPath,L"LDAP://%ls/%ls",pOptions->tgtDomain,pOptions->tgtOUPath);
  6026. }
  6027. //make sourcePath and targetPath all lowercase to avoid a W2K bug in ntdsa.dll
  6028. _wcslwr(targetPath);
  6029. _wcslwr(sourcePath);
  6030. //due to lowercase force above, we have to replace "ldap://" with "LDAP://" in
  6031. //order for subsequent ADsGetObjects calls to succeed
  6032. if ( !_wcsnicmp(L"LDAP://", targetPath, 7) )
  6033. {
  6034. WCHAR aNewPath[LEN_Path] = L"LDAP";
  6035. UStrCpy(aNewPath+UStrLen(aNewPath), targetPath+UStrLen(aNewPath));
  6036. wcscpy(targetPath, aNewPath);
  6037. }
  6038. if ( !_wcsnicmp(L"LDAP://", sourcePath, 7) )
  6039. {
  6040. WCHAR aNewPath[LEN_Path] = L"LDAP";
  6041. UStrCpy(aNewPath+UStrLen(aNewPath), sourcePath+UStrLen(aNewPath));
  6042. wcscpy(sourcePath, aNewPath);
  6043. }
  6044. WCHAR sTargetRDN[LEN_Path];
  6045. wcscpy(sTargetRDN, pAcct->GetTargetName());
  6046. WCHAR * pTemp = NULL;
  6047. pTemp = wcsstr(sTargetRDN, L"CN=");
  6048. if ( pTemp != sTargetRDN )
  6049. {
  6050. wsprintf(sTargetRDN, L"CN=%s", pAcct->GetTargetName());
  6051. pAcct->SetTargetName(sTargetRDN);
  6052. }
  6053. if ( ! pOptions->nochange )
  6054. {
  6055. hr = pMover->raw_MoveObject(sourcePath,sTargetRDN,targetPath);
  6056. //if the Move operation failed due to a W2K bug for CNs which
  6057. //include a '/', un-escape the '/' and try again
  6058. if ((hr == E_INVALIDARG) && (wcschr(sTargetRDN, L'/')))
  6059. {
  6060. _bstr_t strName = GetUnEscapedNameWithFwdSlash(_bstr_t(sTargetRDN)); //remove any escape characters added
  6061. hr = pMover->raw_MoveObject(sourcePath,(WCHAR*)strName,targetPath);
  6062. }
  6063. }
  6064. else
  6065. {
  6066. hr = pMover->raw_CheckMove(sourcePath,sTargetRDN,targetPath);
  6067. //if the Check Move operation failed due to a W2K bug for CNs which
  6068. //include a '/', un-escape the '/' and try again
  6069. if ((hr == E_INVALIDARG) && (wcschr(sTargetRDN, L'/')))
  6070. {
  6071. _bstr_t strName = GetUnEscapedNameWithFwdSlash(_bstr_t(sTargetRDN)); //remove any escape characters added
  6072. hr = pMover->raw_CheckMove(sourcePath,(WCHAR*)strName,targetPath);
  6073. }
  6074. if ( HRESULT_CODE(hr) == ERROR_DS_CANT_MOVE_ACCOUNT_GROUP
  6075. || HRESULT_CODE(hr) == ERROR_DS_CANT_MOVE_RESOURCE_GROUP
  6076. || HRESULT_CODE(hr) == ERROR_DS_CANT_WITH_ACCT_GROUP_MEMBERSHPS
  6077. || HRESULT_CODE(hr) == ERROR_USER_EXISTS )
  6078. {
  6079. hr = 0;
  6080. }
  6081. }
  6082. if ( SUCCEEDED(hr) )
  6083. {
  6084. WCHAR path[LEN_Path];
  6085. DWORD nPathLen = LEN_Path;
  6086. pAcct->MarkReplaced();
  6087. Mark(L"created", pAcct->GetType());
  6088. // set the target path
  6089. UStrCpy(path,pAcct->GetTargetName());
  6090. if ( *pOptions->tgtOUPath )
  6091. {
  6092. wcscat(path, L",");
  6093. wcscat(path, pOptions->tgtOUPath);
  6094. }
  6095. pRelativeTgtOUPath = wcschr(targetPath + wcslen(L"LDAP://") + 2, L'/');
  6096. if ( pRelativeTgtOUPath )
  6097. {
  6098. *pRelativeTgtOUPath = 0;
  6099. swprintf(path,L"%ls/%ls,%ls",targetPath,pAcct->GetTargetName(),pRelativeTgtOUPath+1);
  6100. }
  6101. else
  6102. {
  6103. MakeFullyQualifiedAdsPath(path, nPathLen, pOptions->tgtOUPath, pOptions->tgtComp, pOptions->tgtNamingContext);
  6104. }
  6105. pAcct->SetTargetPath(path);
  6106. err.MsgWrite(0,DCT_MSG_OBJECT_MOVED_SS,pAcct->GetSourcePath(),pAcct->GetTargetPath());
  6107. }
  6108. else
  6109. {
  6110. pAcct->MarkError();
  6111. Mark(L"errors", pAcct->GetType());
  6112. if ( hr == 8524 )
  6113. {
  6114. err.MsgWrite(ErrE,DCT_MSG_MOVEOBJECT_FAILED_S8524,pAcct->GetName(),hr);
  6115. }
  6116. else
  6117. {
  6118. err.SysMsgWrite(ErrE,hr,DCT_MSG_MOVEOBJECT_FAILED_SD,pAcct->GetName(),hr);
  6119. }
  6120. }
  6121. return hr;
  6122. }
  6123. //---------------------------------------------------------------------------------------------------------
  6124. // RecordAndRemoveMemberOf : This method removes all values in the memberOf property and then records these
  6125. // memberships. These memberships are later updated.
  6126. //---------------------------------------------------------------------------------------------------------
  6127. HRESULT CAcctRepl::RecordAndRemoveMemberOf (
  6128. Options * pOptions, //in- Options specified by the user
  6129. TAcctReplNode * pAcct, //in- Account being migrated.
  6130. TNodeListSortable * pMember //out-List containing the MemberOf values.
  6131. )
  6132. {
  6133. // First Enumerate all the objects in the member of property
  6134. INetObjEnumeratorPtr pQuery(__uuidof(NetObjEnumerator));
  6135. IEnumVARIANT * pEnum;
  6136. LPWSTR sCols[] = { L"memberOf" };
  6137. SAFEARRAY * pSa;
  6138. BSTR * pData;
  6139. SAFEARRAYBOUND bd = { 1, 0 };
  6140. // long ind = 0;
  6141. IADs * pAds;
  6142. _bstr_t sObjDN;
  6143. _bstr_t sGrpName;
  6144. _variant_t var;
  6145. _variant_t * pDt;
  6146. _variant_t vx;
  6147. DWORD ulFetch;
  6148. _bstr_t sDN;
  6149. WCHAR sPath[LEN_Path];
  6150. IADsGroup * pGroup;
  6151. _variant_t * pVar;
  6152. if ( pMember->IsTree() ) pMember->ToSorted();
  6153. WCHAR sPathSource[LEN_Path];
  6154. DWORD nPathLen = LEN_Path;
  6155. StuffComputerNameinLdapPath(sPathSource, nPathLen, const_cast<WCHAR*>(pAcct->GetSourcePath()), pOptions, FALSE);
  6156. err.MsgWrite(0,DCT_STRIPPING_GROUP_MEMBERSHIPS_SS,pAcct->GetName(),sPathSource);
  6157. // Get this users distinguished name.
  6158. HRESULT hr = ADsGetObject(sPathSource, IID_IADs, (void**) &pAds);
  6159. if ( FAILED(hr) )
  6160. {
  6161. err.SysMsgWrite(ErrE, hr, DCT_MSG_SOURCE_ACCOUNT_NOT_FOUND_SSD, pAcct->GetName(), pOptions->srcDomain, hr);
  6162. Mark(L"errors", pAcct->GetType());
  6163. return hr;
  6164. }
  6165. hr = pAds->Get(L"distinguishedName", &var);
  6166. pAds->Release();
  6167. if ( FAILED(hr))
  6168. return hr;
  6169. sObjDN = V_BSTR(&var);
  6170. // Set up the column array
  6171. pSa = SafeArrayCreate(VT_BSTR, 1, &bd);
  6172. SafeArrayAccessData(pSa, (void HUGEP **) &pData);
  6173. pData[0] = SysAllocString(sCols[0]);
  6174. SafeArrayUnaccessData(pSa);
  6175. // hr = pQuery->raw_SetQuery(const_cast<WCHAR*>(pAcct->GetSourcePath()), pOptions->srcDomain, L"(objectClass=*)", ADS_SCOPE_BASE, TRUE);
  6176. hr = pQuery->raw_SetQuery(sPathSource, pOptions->srcDomain, L"(objectClass=*)", ADS_SCOPE_BASE, TRUE);
  6177. hr = pQuery->raw_SetColumns(pSa);
  6178. hr = pQuery->raw_Execute(&pEnum);
  6179. while ( pEnum->Next(1, &var, &ulFetch) == S_OK )
  6180. {
  6181. SAFEARRAY * vals = var.parray;
  6182. // Get the VARIANT Array out
  6183. SafeArrayAccessData(vals, (void HUGEP**) &pDt);
  6184. vx = pDt[0];
  6185. SafeArrayUnaccessData(vals);
  6186. // Single value in the property. Good enough for me though
  6187. if ( vx.vt == VT_BSTR )
  6188. {
  6189. sDN = V_BSTR(&vx);
  6190. sDN = PadDN(sDN);
  6191. if ( sDN.length() > 0 )
  6192. {
  6193. WCHAR mesg[LEN_Path];
  6194. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RECORD_REMOVE_MEMBEROF_SS), pAcct->GetName(), (WCHAR*) sDN);
  6195. Progress(mesg);
  6196. SimpleADsPathFromDN(pOptions, sDN, sPath);
  6197. WCHAR sSourcePath[LEN_Path];
  6198. WCHAR sPaths[LEN_Path];
  6199. DWORD nPathLen = LEN_Path;
  6200. wcscpy(sSourcePath, (WCHAR*) sPath);
  6201. if ( !wcsncmp(L"LDAP://", sSourcePath, 7) )
  6202. StuffComputerNameinLdapPath(sPaths, nPathLen, sSourcePath, pOptions, FALSE);
  6203. // Get the IADsGroup pointer to each of the objects in member of and remove this object from the group
  6204. hr = ADsGetObject(sPaths, IID_IADsGroup, (void**) &pGroup);
  6205. if ( FAILED(hr) )
  6206. continue;
  6207. pGroup->Get(L"sAMAccountName", &var);
  6208. sGrpName = V_BSTR(&var);
  6209. hr = pGroup->Get(L"groupType",&var);
  6210. if ( SUCCEEDED(hr) )
  6211. {
  6212. if ( var.lVal & 2 )
  6213. {
  6214. // this is a global group
  6215. if ( !pOptions->nochange )
  6216. hr = pGroup->Remove(sPathSource);
  6217. else
  6218. hr = S_OK;
  6219. if ( SUCCEEDED(hr) )
  6220. {
  6221. // err.MsgWrite(0,DCT_MSG_REMOVED_MEMBER_FROM_GROUP_SS,sPath2,(WCHAR*)sGrpName);
  6222. err.MsgWrite(0,DCT_MSG_REMOVED_MEMBER_FROM_GROUP_SS,sPathSource,(WCHAR*)sPaths);
  6223. }
  6224. else
  6225. {
  6226. err.SysMsgWrite(ErrE,hr,DCT_MSG_REMOVE_MEMBER_FAILED_SSD,sPathSource,sPaths,hr);
  6227. Mark(L"errors", pAcct->GetType());
  6228. }
  6229. }
  6230. else
  6231. {
  6232. err.MsgWrite(0,DCT_MSG_NOT_REMOVING_MEMBER_FROM_GROUP_SS,sPathSource,sPaths);
  6233. pGroup->Release();
  6234. continue;
  6235. }
  6236. }
  6237. pGroup->Release();
  6238. if (FAILED(hr))
  6239. continue;
  6240. // Record this path into the list
  6241. TRecordNode * pNode = new TRecordNode();
  6242. if (!pNode)
  6243. return HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  6244. pNode->SetMember((WCHAR*)sPath);
  6245. pNode->SetMemberSam((WCHAR*)sGrpName);
  6246. pNode->SetDN((WCHAR*)sDN);
  6247. pNode->SetARNode(pAcct);
  6248. if (! pMember->InsertIfNew((TNode*) pNode) )
  6249. delete pNode;
  6250. }
  6251. }
  6252. else if ( vx.vt & VT_ARRAY )
  6253. {
  6254. // We must have got an Array of multivalued properties
  6255. // Access the BSTR elements of this variant array
  6256. SAFEARRAY * multiVals = vx.parray;
  6257. SafeArrayAccessData(multiVals, (void HUGEP **) &pVar);
  6258. for ( DWORD dw = 0; dw < multiVals->rgsabound->cElements; dw++ )
  6259. {
  6260. sDN = _bstr_t(pVar[dw]);
  6261. sDN = PadDN(sDN);
  6262. SimpleADsPathFromDN(pOptions, sDN, sPath);
  6263. WCHAR mesg[LEN_Path];
  6264. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RECORD_REMOVE_MEMBEROF_SS), pAcct->GetName(), (WCHAR*) sDN);
  6265. Progress(mesg);
  6266. WCHAR sSourcePath[LEN_Path];
  6267. WCHAR sPaths[LEN_Path];
  6268. DWORD nPathLen = LEN_Path;
  6269. wcscpy(sSourcePath, (WCHAR*) sPath);
  6270. if ( !wcsncmp(L"LDAP://", sSourcePath, 7) )
  6271. StuffComputerNameinLdapPath(sPaths, nPathLen, sSourcePath, pOptions, FALSE);
  6272. // Get the IADsGroup pointer to each of the objects in member of and remove this object from the group
  6273. hr = ADsGetObject(sPaths, IID_IADsGroup, (void**) &pGroup);
  6274. if ( FAILED(hr) )
  6275. continue;
  6276. pGroup->Get(L"sAMAccountName", &var);
  6277. sGrpName = V_BSTR(&var);
  6278. hr = pGroup->Get(L"groupType",&var);
  6279. if ( SUCCEEDED(hr) )
  6280. {
  6281. if ( var.lVal & 2 )
  6282. {
  6283. // This is a global group
  6284. if ( !pOptions->nochange )
  6285. hr = pGroup->Remove(sPathSource);
  6286. else
  6287. hr = S_OK;
  6288. if ( SUCCEEDED(hr) )
  6289. {
  6290. err.MsgWrite(0,DCT_MSG_REMOVED_MEMBER_FROM_GROUP_SS,sPathSource,sPaths);
  6291. }
  6292. else
  6293. {
  6294. err.SysMsgWrite(ErrE,hr,DCT_MSG_REMOVE_MEMBER_FAILED_SSD,sPathSource,sPaths);
  6295. Mark(L"errors", pAcct->GetType());
  6296. }
  6297. }
  6298. else
  6299. {
  6300. err.MsgWrite(0,DCT_MSG_NOT_REMOVING_MEMBER_FROM_GROUP_SS,sPathSource,sPaths);
  6301. pGroup->Release();
  6302. continue;
  6303. }
  6304. }
  6305. pGroup->Release();
  6306. if (FAILED(hr))
  6307. continue;
  6308. // Record this path into the list
  6309. TRecordNode * pNode = new TRecordNode();
  6310. if (!pNode)
  6311. return HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  6312. pNode->SetMember(sPath);
  6313. pNode->SetMemberSam((WCHAR*)sGrpName);
  6314. pNode->SetDN((WCHAR*)sDN);
  6315. pNode->SetARNode(pAcct);
  6316. if (! pMember->InsertIfNew((TNode*) pNode) )
  6317. delete pNode;
  6318. }
  6319. SafeArrayUnaccessData(multiVals);
  6320. }
  6321. }
  6322. pEnum->Release();
  6323. VariantInit(&var);
  6324. return S_OK;
  6325. }
  6326. //---------------------------------------------------------------------------------------------------------
  6327. // ResetObjectsMembership : This method restores the memberOf property of the object being migrated. It uses
  6328. // the information that was stored by RecordAndRemoveMemberOf function.
  6329. //---------------------------------------------------------------------------------------------------------
  6330. HRESULT CAcctRepl::ResetObjectsMembership(
  6331. Options * pOptions, //in- Options set by the user.
  6332. TNodeListSortable * pMember, //in- The member list that is used to restore the values
  6333. IIManageDBPtr pDb //in- Database object to lookup migrated accounts.
  6334. )
  6335. {
  6336. IVarSetPtr pVs(__uuidof(VarSet));
  6337. _bstr_t sMember;
  6338. IADs * pAds;
  6339. IUnknown * pUnk;
  6340. _bstr_t sPath;
  6341. _variant_t var;
  6342. _bstr_t sMyDN;
  6343. IADsGroup * pGroup = NULL;
  6344. TAcctReplNode * pAcct = NULL;
  6345. HRESULT hr;
  6346. WCHAR sPaths[LEN_Path];
  6347. DWORD nPathLen = LEN_Path;
  6348. // Sort the member list by the account nodes
  6349. pMember->Sort(&TNodeCompareAcctNode);
  6350. // For all the items in the member list lets add the member to the group.
  6351. // First check in the migrated objects table to see if it has been migrated.
  6352. for ( TRecordNode * pNode = (TRecordNode *)pMember->Head(); pNode; pNode = (TRecordNode *)pNode->Next())
  6353. {
  6354. pVs->QueryInterface(IID_IUnknown, (void**) &pUnk);
  6355. // get the needed information from the account node
  6356. if ( pAcct != pNode->GetARNode() )
  6357. {
  6358. if ( pNode->GetARNode()->WasReplaced() )
  6359. {
  6360. // the account was moved successfully - add the target account to all of its old groups
  6361. StuffComputerNameinLdapPath(sPaths, nPathLen, const_cast<WCHAR*>(pNode->GetARNode()->GetTargetPath()), pOptions);
  6362. hr = ADsGetObject(sPaths, IID_IADs, (void**) &pAds);
  6363. }
  6364. else
  6365. {
  6366. // the move failed, add the source account back to its groups
  6367. StuffComputerNameinLdapPath(sPaths, nPathLen, const_cast<WCHAR*>(pNode->GetARNode()->GetSourcePath()), pOptions, FALSE);
  6368. hr = ADsGetObject(sPaths, IID_IADs, (void**) &pAds);
  6369. }
  6370. if ( SUCCEEDED(hr) )
  6371. {
  6372. pAds->Get(L"distinguishedName", &var);
  6373. pAds->Release();
  6374. sMyDN = V_BSTR(&var);
  6375. }
  6376. else
  6377. {
  6378. continue;
  6379. }
  6380. pAcct = pNode->GetARNode();
  6381. if ( pAcct->WasReplaced() )
  6382. {
  6383. err.MsgWrite(0,DCT_READDING_GROUP_MEMBERS_SS,pAcct->GetTargetName(),sPaths);
  6384. }
  6385. else
  6386. {
  6387. err.MsgWrite(0,DCT_READDING_GROUP_MEMBERS_SS,pAcct->GetName(),sPaths);
  6388. }
  6389. }
  6390. sMember = pNode->GetMemberSam();
  6391. if ( pAcct->WasReplaced() )
  6392. {
  6393. pVs->Clear();
  6394. hr = pDb->raw_GetAMigratedObject((WCHAR*)sMember,pOptions->srcDomain, pOptions->tgtDomain, &pUnk);
  6395. pUnk->Release();
  6396. if ( hr == S_OK )
  6397. // Since we have already migrated this object lets use the target objects information.
  6398. sPath = pVs->get(L"MigratedObjects.TargetAdsPath");
  6399. else
  6400. // Other wise use the source objects path to add.
  6401. sPath = pNode->GetMember();
  6402. }
  6403. else
  6404. {
  6405. sPath = pNode->GetMember();
  6406. }
  6407. // We have a path to the object lets get the group interface and add this object as a member
  6408. WCHAR sPath2[LEN_Path];
  6409. DWORD nPathLen = LEN_Path;
  6410. if ( SUCCEEDED(hr) )
  6411. {
  6412. StuffComputerNameinLdapPath(sPath2, nPathLen, (WCHAR*) sPath, pOptions, TRUE);
  6413. hr = ADsGetObject(sPath2, IID_IADsGroup, (void**) &pGroup);
  6414. }
  6415. if ( SUCCEEDED(hr) )
  6416. {
  6417. if ( pAcct->WasReplaced() )
  6418. {
  6419. if ( ! pOptions->nochange )
  6420. hr = pGroup->Add(sPaths);
  6421. else
  6422. hr = 0;
  6423. if ( SUCCEEDED(hr) )
  6424. {
  6425. err.MsgWrite(0,DCT_MSG_READDED_MEMBER_SS,pAcct->GetTargetPath(),sPath2);
  6426. }
  6427. else
  6428. {
  6429. //hr = BetterHR(hr);
  6430. if ( HRESULT_CODE(hr) == ERROR_DS_UNWILLING_TO_PERFORM )
  6431. {
  6432. err.MsgWrite(0,DCT_MSG_READD_MEMBER_FAILED_CONSTRAINTS_SS,pAcct->GetTargetPath(),sPath2);
  6433. }
  6434. else
  6435. {
  6436. err.SysMsgWrite(ErrE,hr,DCT_MSG_READD_TARGET_MEMBER_FAILED_SSD,pAcct->GetTargetPath(),(WCHAR*)sPath2,hr);
  6437. }
  6438. Mark(L"errors", pAcct->GetType());
  6439. }
  6440. }
  6441. else
  6442. {
  6443. WCHAR mesg[LEN_Path];
  6444. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RESET_OBJECT_MEMBERSHIP_SS), (WCHAR*) sPath2, pAcct->GetTargetName());
  6445. Progress(mesg);
  6446. if ( ! pOptions->nochange )
  6447. hr = pGroup->Add(sPaths);
  6448. else
  6449. hr = 0;
  6450. if ( SUCCEEDED(hr) )
  6451. {
  6452. err.MsgWrite(0,DCT_MSG_READDED_MEMBER_SS,pAcct->GetSourcePath(),(WCHAR*)sPath2);
  6453. }
  6454. else
  6455. {
  6456. //hr = BetterHR(hr);
  6457. if ( HRESULT_CODE(hr) == ERROR_DS_UNWILLING_TO_PERFORM )
  6458. {
  6459. err.MsgWrite(0,DCT_MSG_READD_MEMBER_FAILED_CONSTRAINTS_SS,pAcct->GetTargetPath(),(WCHAR*)sPath2);
  6460. }
  6461. else
  6462. {
  6463. err.SysMsgWrite(ErrE,hr,DCT_MSG_READD_SOURCE_MEMBER_FAILED_SSD,pAcct->GetSourcePath(),(WCHAR*)sPath2,hr);
  6464. }
  6465. Mark(L"errors", pAcct->GetType());
  6466. }
  6467. }
  6468. }
  6469. else
  6470. {
  6471. // the member could not be added to the group
  6472. hr = BetterHR(hr);
  6473. err.SysMsgWrite(ErrW,hr,DCT_MSG_FAILED_TO_GET_OBJECT_SD,(WCHAR*)sPath2,hr);
  6474. Mark(L"warnings", pAcct->GetType());
  6475. }
  6476. if ( pGroup )
  6477. {
  6478. pGroup->Release();
  6479. pGroup = NULL;
  6480. }
  6481. }
  6482. return hr;
  6483. }
  6484. //---------------------------------------------------------------------------------------------------------
  6485. // RecordAndRemoveMember : Records and removes the objects in the member property of the object(group) being
  6486. // migrated. The recorded information is later used to restore membership.
  6487. //---------------------------------------------------------------------------------------------------------
  6488. HRESULT CAcctRepl::RecordAndRemoveMember (
  6489. Options * pOptions, //in- Options set by the user.
  6490. TAcctReplNode * pAcct, //in- Account being copied.
  6491. TNodeListSortable * pMember //out-Membership list to be used later to restore membership
  6492. )
  6493. {
  6494. HRESULT hr;
  6495. INetObjEnumeratorPtr pQuery(__uuidof(NetObjEnumerator));
  6496. IEnumVARIANT * pEnum;
  6497. LPWSTR sCols[] = { L"member" };
  6498. SAFEARRAY * pSa;
  6499. SAFEARRAYBOUND bd = { 1, 0 };
  6500. // long ind = 0;
  6501. WCHAR sPath[LEN_Path];
  6502. DWORD nPathLen = LEN_Path;
  6503. _bstr_t sDN;
  6504. IADsGroup * pGroup;
  6505. _variant_t var;
  6506. DWORD ulFetch=0;
  6507. IADs * pAds;
  6508. _bstr_t sGrpName;
  6509. _variant_t * pDt;
  6510. _variant_t vx;
  6511. BSTR HUGEP * pData;
  6512. WCHAR sSourcePath[LEN_Path];
  6513. WCHAR sAdsPath[LEN_Path];
  6514. wcscpy(sSourcePath, pAcct->GetSourcePath());
  6515. if ( !wcsncmp(L"LDAP://", sSourcePath, 7) )
  6516. StuffComputerNameinLdapPath(sAdsPath, nPathLen, sSourcePath, pOptions, FALSE);
  6517. hr = ADsGetObject(sAdsPath, IID_IADsGroup, (void**) &pGroup);
  6518. if ( FAILED(hr) ) return hr;
  6519. pSa = SafeArrayCreate(VT_BSTR, 1, &bd);
  6520. hr = SafeArrayAccessData(pSa, (void HUGEP **)&pData);
  6521. pData[0] = SysAllocString(sCols[0]);
  6522. hr = SafeArrayUnaccessData(pSa);
  6523. hr = pQuery->raw_SetQuery(sAdsPath, pOptions->srcDomain, L"(objectClass=*)", ADS_SCOPE_BASE, TRUE);
  6524. hr = pQuery->raw_SetColumns(pSa);
  6525. hr = pQuery->raw_Execute(&pEnum);
  6526. err.MsgWrite(0,DCT_STRIPPING_GROUP_MEMBERS_SS,pAcct->GetName(),sAdsPath);
  6527. while ( pEnum->Next(1, &var, &ulFetch) == S_OK )
  6528. {
  6529. SAFEARRAY * vals = var.parray;
  6530. // Get the VARIANT Array out
  6531. SafeArrayAccessData(vals, (void HUGEP**) &pDt);
  6532. vx = pDt[0];
  6533. SafeArrayUnaccessData(vals);
  6534. // Single value in the property. Good enough for me though
  6535. if ( vx.vt == VT_BSTR )
  6536. {
  6537. sDN = V_BSTR(&vx);
  6538. sDN = PadDN(sDN);
  6539. if ( sDN.length() )
  6540. {
  6541. ADsPathFromDN(pOptions, sDN, sPath);
  6542. WCHAR mesg[LEN_Path];
  6543. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RECORD_REMOVE_MEMBER_SS), pAcct->GetName(), (WCHAR*) sDN);
  6544. Progress(mesg);
  6545. // Get the IADs pointer to each of the objects in member and remove the object from the group
  6546. hr = ADsGetObject((WCHAR*)sPath, IID_IADs, (void**) &pAds);
  6547. if ( SUCCEEDED(hr) )
  6548. {
  6549. pAds->Get(L"sAMAccountName", &var);
  6550. sGrpName = V_BSTR(&var);
  6551. pAds->Get(L"distinguishedName", &var);
  6552. sDN = V_BSTR(&var);
  6553. }
  6554. if ( !pOptions->nochange )
  6555. hr = pGroup->Remove((WCHAR*) sPath);
  6556. else
  6557. hr = S_OK;
  6558. if (FAILED(hr))
  6559. {
  6560. err.SysMsgWrite(ErrE,hr,DCT_MSG_REMOVE_MEMBER_FAILED_SSD,sAdsPath,(WCHAR*)sPath,hr);
  6561. Mark(L"errors", pAcct->GetType());
  6562. continue;
  6563. }
  6564. else
  6565. {
  6566. err.MsgWrite(0,DCT_MSG_REMOVED_MEMBER_FROM_GROUP_SS,(WCHAR*)sPath,sAdsPath);
  6567. }
  6568. // Record this path into the list
  6569. TRecordNode * pNode = new TRecordNode();
  6570. if (!pNode)
  6571. return HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  6572. pNode->SetMember((WCHAR*)sPath);
  6573. pNode->SetMemberSam((WCHAR*)sGrpName);
  6574. pNode->SetDN((WCHAR*)sDN);
  6575. pNode->SetARNode(pAcct);
  6576. if (! pMember->InsertIfNew((TNode*) pNode) )
  6577. delete pNode;
  6578. }
  6579. }
  6580. else if ( vx.vt & VT_ARRAY )
  6581. {
  6582. // We must have got an Array of multivalued properties
  6583. // Access the BSTR elements of this variant array
  6584. _variant_t * pVar;
  6585. SAFEARRAY * multiVals = vx.parray;
  6586. SafeArrayAccessData(multiVals, (void HUGEP **) &pVar);
  6587. for ( DWORD dw = 0; dw < multiVals->rgsabound->cElements; dw++ )
  6588. {
  6589. sDN = _bstr_t(pVar[dw]);
  6590. _bstr_t sPadDN = PadDN(sDN);
  6591. ADsPathFromDN(pOptions, sPadDN, sPath);
  6592. WCHAR tempPath[LEN_Path];
  6593. wcscpy(tempPath, sPath);
  6594. if ( !wcsncmp(L"LDAP://", tempPath, 7) )
  6595. StuffComputerNameinLdapPath(sPath, nPathLen, tempPath, pOptions, FALSE);
  6596. WCHAR mesg[LEN_Path];
  6597. wsprintf(mesg, (WCHAR*)GET_STRING(DCT_MSG_RECORD_REMOVE_MEMBER_SS), pAcct->GetName(), (WCHAR*) sPadDN);
  6598. Progress(mesg);
  6599. // Get the IADsGroup pointer to each of the objects in member of and remove this object from the group
  6600. hr = ADsGetObject((WCHAR*)sPath, IID_IADs, (void**) &pAds);
  6601. if ( SUCCEEDED(hr) )
  6602. {
  6603. hr = pAds->Get(L"sAMAccountName", &var);
  6604. if ( SUCCEEDED(hr) )
  6605. {
  6606. sGrpName = V_BSTR(&var);
  6607. }
  6608. hr = pAds->Get(L"distinguishedName", &var);
  6609. if ( SUCCEEDED(hr) )
  6610. {
  6611. sDN = V_BSTR(&var);
  6612. }
  6613. if ( !pOptions->nochange )
  6614. hr = pGroup->Remove((WCHAR*)sPath);
  6615. else
  6616. hr = S_OK;
  6617. if ( SUCCEEDED(hr) )
  6618. {
  6619. err.MsgWrite(0,DCT_MSG_REMOVED_MEMBER_FROM_GROUP_SS,(WCHAR*)sPath,sAdsPath);
  6620. }
  6621. else
  6622. {
  6623. err.SysMsgWrite(ErrE,hr,DCT_MSG_REMOVE_MEMBER_FAILED_SSD,sAdsPath,(WCHAR*)sPath,hr);
  6624. Mark(L"errors", pAcct->GetType());
  6625. }
  6626. if ( SUCCEEDED(hr) )
  6627. {
  6628. // Record this path into the list
  6629. TRecordNode * pNode = new TRecordNode();
  6630. if (!pNode)
  6631. return HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  6632. pNode->SetMember((WCHAR*)sPath);
  6633. pNode->SetMemberSam((WCHAR*)sGrpName);
  6634. pNode->SetDN((WCHAR*)sDN);
  6635. pNode->SetARNode(pAcct);
  6636. if ( ! pMember->InsertIfNew((TNode*) pNode) )
  6637. delete pNode;
  6638. }
  6639. }
  6640. else
  6641. {
  6642. // Since we were not able to get this user. it has probably been migrated to another domain.
  6643. // we should use the DN to find where the object is migrated to and then use the migrated object
  6644. // to establish the membership instead.
  6645. // Remove the rogue member
  6646. if ( !pOptions->nochange )
  6647. hr = pGroup->Remove((WCHAR*)sPath);
  6648. else
  6649. hr = S_OK;
  6650. if ( SUCCEEDED(hr) )
  6651. {
  6652. err.MsgWrite(0,DCT_MSG_REMOVED_MEMBER_FROM_GROUP_SS,(WCHAR*)sPath,sAdsPath);
  6653. }
  6654. else
  6655. {
  6656. err.SysMsgWrite(ErrE,hr,DCT_MSG_REMOVE_MEMBER_FAILED_SSD,sAdsPath,(WCHAR*)sPath,hr);
  6657. Mark(L"errors", pAcct->GetType());
  6658. }
  6659. // Check in the DB to see where this object may have been migrated
  6660. IUnknown * pUnk = NULL;
  6661. IVarSetPtr pVsMigObj(__uuidof(VarSet));
  6662. hr = pVsMigObj->QueryInterface(IID_IUnknown, (void**)&pUnk);
  6663. if ( SUCCEEDED(hr) )
  6664. hr = pOptions->pDb->raw_GetMigratedObjectBySourceDN(sPadDN, &pUnk);
  6665. if (pUnk) pUnk->Release();
  6666. if ( hr == S_OK )
  6667. {
  6668. // Record this path into the list
  6669. TRecordNode * pNode = new TRecordNode();
  6670. if (!pNode)
  6671. return HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  6672. WCHAR sKey[500];
  6673. wsprintf(sKey, L"MigratedObjects.%s", GET_STRING(DB_TargetAdsPath));
  6674. pNode->SetMember((WCHAR*)pVsMigObj->get(sKey).bstrVal);
  6675. wsprintf(sKey, L"MigratedObjects.%s", GET_STRING(DB_TargetSamName));
  6676. pNode->SetMemberSam((WCHAR*)pVsMigObj->get(sKey).bstrVal);
  6677. pNode->SetDN((WCHAR*)sDN);
  6678. pNode->SetARNode(pAcct);
  6679. if ( ! pMember->InsertIfNew((TNode*) pNode) )
  6680. delete pNode;
  6681. }
  6682. else
  6683. {
  6684. //Log a message saying we can not find this object and the membership will not be updated on the other side.
  6685. err.MsgWrite(ErrE,DCT_MSG_MEMBER_NOT_FOUND_SS, pAcct->GetName(), (WCHAR*)sDN);
  6686. }
  6687. }
  6688. }
  6689. pAds->Release();
  6690. SafeArrayUnaccessData(multiVals);
  6691. }
  6692. }
  6693. pEnum->Release();
  6694. VariantInit(&var);
  6695. return S_OK;
  6696. }
  6697. void
  6698. CAcctRepl::UpdateMemberList(TNodeListSortable * pMemberList,TNodeListSortable * acctlist)
  6699. {
  6700. // for each moved object in the account list, look it up in the member list
  6701. TNodeTreeEnum e;
  6702. TAcctReplNode * pAcct;
  6703. TRecordNode * pRec;
  6704. // HRESULT hr = S_OK;
  6705. WCHAR dn[LEN_Path];
  6706. WCHAR const * slash;
  6707. pMemberList->Sort(TNodeCompareMemberDN);
  6708. for ( pAcct = (TAcctReplNode *)e.OpenFirst(acctlist) ; pAcct ; pAcct = (TAcctReplNode *)e.Next())
  6709. {
  6710. if ( pAcct->WasReplaced() )
  6711. {
  6712. //err.DbgMsgWrite(0,L"UpdateMemberList:: %ls was replaced",pAcct->GetSourcePath());
  6713. slash = wcschr(pAcct->GetSourcePath()+8,L'/');
  6714. if ( slash )
  6715. {
  6716. safecopy(dn,slash+1);
  6717. // err.DbgMsgWrite(0,L"Searching the member list for %ls",dn);
  6718. // if the account was replaced, find any instances of it in the member list, and update them
  6719. pRec = (TRecordNode *)pMemberList->Find(&TNodeCompareMemberItem,dn);
  6720. while ( pRec )
  6721. {
  6722. // err.DbgMsgWrite(0,L"Found record: Member=%ls, changing it to %ls",pRec->GetMember(),pAcct->GetTargetPath());
  6723. // change the member data to refer to the new location of the account
  6724. pRec->SetMember(pAcct->GetTargetPath());
  6725. pRec->SetMemberSam(pAcct->GetTargetSam());
  6726. pRec->SetMemberMoved();
  6727. pRec = (TRecordNode*)pRec->Next();
  6728. if ( pRec && UStrICmp(pRec->GetDN(),dn) )
  6729. {
  6730. // the next record is for a different node
  6731. pRec = NULL;
  6732. }
  6733. }
  6734. }
  6735. }
  6736. // else
  6737. // err.DbgMsgWrite(0,L"UpdateMemberList:: %ls was not replaced",pAcct->GetSourcePath());
  6738. }
  6739. e.Close();
  6740. // put the list back like it was before
  6741. pMemberList->Sort(TNodeCompareMember);
  6742. }
  6743. void
  6744. CAcctRepl::SimpleADsPathFromDN(
  6745. Options * pOptions,
  6746. WCHAR const * sDN,
  6747. WCHAR * sPath
  6748. )
  6749. {
  6750. WCHAR const * pDcPart = wcsstr(sDN,L",DC=");
  6751. UStrCpy(sPath,L"LDAP://");
  6752. if ( pDcPart )
  6753. {
  6754. WCHAR const * curr; // pointer to DN
  6755. WCHAR * sPathCurr; // pointer to domain name part of the path
  6756. for ( sPathCurr = sPath+UStrLen(sPath), curr = pDcPart + 4; *curr ; sPathCurr++ )
  6757. {
  6758. // replace each occurrence of ,DC= in the DN with '.' in this part of the domain
  6759. if ( !UStrICmp(curr,L",DC=",4) )
  6760. {
  6761. (*sPathCurr) = L'.';
  6762. curr+=4;
  6763. }
  6764. else
  6765. {
  6766. (*sPathCurr) = (*curr);
  6767. curr++;
  6768. }
  6769. }
  6770. // null-terminate the string
  6771. (*sPathCurr) = 0;
  6772. }
  6773. else
  6774. {
  6775. // if we can't figure it out from the path for some reason, default to the source domain
  6776. UStrCpy(sPath+UStrLen(sPath),pOptions->srcDomain);
  6777. }
  6778. UStrCpy(sPath+UStrLen(sPath),L"/");
  6779. UStrCpy(sPath + UStrLen(sPath),sDN);
  6780. }
  6781. BOOL GetSidString(PSID sid, WCHAR* sSid)
  6782. {
  6783. BOOL ret = false;
  6784. SAFEARRAY * pSa = NULL;
  6785. SAFEARRAYBOUND bd;
  6786. HRESULT hr = S_OK;
  6787. LPBYTE pByte = NULL;
  6788. _variant_t var;
  6789. if (IsValidSid(sid))
  6790. {
  6791. DWORD len = GetLengthSid(sid);
  6792. bd.cElements = len;
  6793. bd.lLbound = 0;
  6794. pSa = SafeArrayCreate(VT_UI1, 1, &bd);
  6795. if ( pSa )
  6796. hr = SafeArrayAccessData(pSa, (void**)&pByte);
  6797. if ( SUCCEEDED(hr) )
  6798. {
  6799. for ( DWORD x = 0; x < len; x++)
  6800. pByte[x] = ((LPBYTE)sid)[x];
  6801. hr = SafeArrayUnaccessData(pSa);
  6802. }
  6803. if ( SUCCEEDED(hr) )
  6804. {
  6805. var.vt = VT_UI1 | VT_ARRAY;
  6806. var.parray = pSa;
  6807. VariantSidToString(var);
  6808. wcscpy(sSid, (WCHAR*) var.bstrVal);
  6809. ret = true;
  6810. }
  6811. }
  6812. return ret;
  6813. }
  6814. //---------------------------------------------------------------------------------------------------------
  6815. // ADsPathFromDN : Constructs the AdsPath from distinguished name by looking up the Global Catalog.
  6816. //---------------------------------------------------------------------------------------------------------
  6817. HRESULT CAcctRepl::ADsPathFromDN(
  6818. Options * pOptions, //in -Options as set by the user
  6819. _bstr_t sDN, //in -Distinguished name to be converted
  6820. WCHAR * sPath, //out-The ads path of object referenced by the DN
  6821. bool bWantLDAP //in - Flag telling us if they want LDAP path or GC path.
  6822. )
  6823. {
  6824. HRESULT hr;
  6825. INetObjEnumeratorPtr pQuery(__uuidof(NetObjEnumerator));
  6826. WCHAR sCont[LEN_Path];
  6827. IEnumVARIANT * pEnum;
  6828. WCHAR sQuery[LEN_Path];
  6829. LPWSTR sCols[] = { L"ADsPath" };
  6830. _variant_t var;
  6831. DWORD pFetch = 0;
  6832. BSTR * pDt;
  6833. _variant_t * pvar;
  6834. _variant_t vx;
  6835. SAFEARRAY * pSa;
  6836. SAFEARRAYBOUND bd = { 1, 0 };
  6837. // long ind = 0;
  6838. long rc;
  6839. pSa = SafeArrayCreate(VT_BSTR, 1, &bd);
  6840. SafeArrayAccessData( pSa, (void HUGEP **) &pDt);
  6841. pDt[0] = SysAllocString(sCols[0]);
  6842. SafeArrayUnaccessData(pSa);
  6843. wsprintf(sCont, L"GC://%s", pOptions->srcDomain);
  6844. wsprintf(sQuery, L"(distinguishedName=%s)", (WCHAR*) sDN);
  6845. hr = pQuery->raw_SetQuery(sCont, pOptions->srcDomain, sQuery, ADS_SCOPE_SUBTREE, TRUE);
  6846. if ( FAILED(hr) )
  6847. return hr;
  6848. hr = pQuery->raw_SetColumns(pSa);
  6849. if ( FAILED(hr) )
  6850. return hr;
  6851. hr = pQuery->raw_Execute(&pEnum);
  6852. if ( FAILED(hr) )
  6853. return hr;
  6854. hr = pEnum->Next(1, &var, &pFetch);
  6855. if ( SUCCEEDED(hr) && pFetch > 0 && (var.vt & VT_ARRAY) )
  6856. {
  6857. SAFEARRAY * vals = var.parray;
  6858. // Get the VARIANT Array out
  6859. rc = SafeArrayAccessData(vals, (void HUGEP**) &pvar);
  6860. vx = pvar[0];
  6861. rc = SafeArrayUnaccessData(vals);
  6862. wcscpy(sPath, (WCHAR*)V_BSTR(&vx));
  6863. if (bWantLDAP)
  6864. {
  6865. WCHAR sTemp[LEN_Path];
  6866. wsprintf(sTemp, L"LDAP%s", sPath + 2);
  6867. wcscpy(sPath, sTemp);
  6868. }
  6869. hr = S_OK;
  6870. }
  6871. else
  6872. {
  6873. // This must not be from this forest so we need to use the LDAP://<SID=##> format
  6874. wsprintf(sPath, L"LDAP://%s/%s", pOptions->srcDomain, (WCHAR*) sDN);
  6875. hr = S_OK;
  6876. }
  6877. pEnum->Release();
  6878. VariantInit(&var);
  6879. return hr;
  6880. }
  6881. //---------------------------------------------------------------------------------------------------------
  6882. // FillNamingContext : Gets the naming context for both domains if they are Win2k
  6883. //---------------------------------------------------------------------------------------------------------
  6884. BOOL CAcctRepl::FillNamingContext(
  6885. Options * pOptions //in,out-Options as set by the user
  6886. )
  6887. {
  6888. // Get the defaultNamingContext for the source domain
  6889. IADs * pAds = NULL;
  6890. WCHAR sAdsPath[LEN_Path];
  6891. VARIANT var;
  6892. BOOL rc = TRUE;
  6893. HRESULT hr;
  6894. VariantInit(&var);
  6895. // we should always be able to get the naming context for the target domain,
  6896. // since the target domain will always be Win2K
  6897. if ( ! *pOptions->tgtNamingContext )
  6898. {
  6899. wcscpy(sAdsPath, L"LDAP://");
  6900. wcscat(sAdsPath, pOptions->srcDomain);
  6901. wcscat(sAdsPath, L"/rootDSE");
  6902. hr = ADsGetObject(sAdsPath, IID_IADs, (void**)&pAds);
  6903. if ( FAILED(hr))
  6904. rc = FALSE;
  6905. if ( SUCCEEDED (hr) )
  6906. {
  6907. hr = pAds->Get(L"defaultNamingContext",&var);
  6908. if ( SUCCEEDED( hr) )
  6909. wcscpy(pOptions->srcNamingContext, var.bstrVal);
  6910. VariantClear(&var);
  6911. }
  6912. if ( pAds )
  6913. {
  6914. pAds->Release();
  6915. pAds = NULL;
  6916. }
  6917. wcscpy(sAdsPath, L"LDAP://");
  6918. wcscat(sAdsPath, pOptions->tgtDomain);
  6919. wcscat(sAdsPath, L"/rootDSE");
  6920. hr = ADsGetObject(sAdsPath, IID_IADs, (void**)&pAds);
  6921. if ( FAILED(hr))
  6922. rc = FALSE;
  6923. if ( SUCCEEDED (hr) )
  6924. {
  6925. hr = pAds->Get(L"defaultNamingContext",&var);
  6926. if ( SUCCEEDED( hr) )
  6927. wcscpy(pOptions->tgtNamingContext, var.bstrVal);
  6928. VariantClear(&var);
  6929. }
  6930. if ( pAds )
  6931. pAds->Release();
  6932. }
  6933. return rc;
  6934. }
  6935. //---------------------------------------------------------------------------------------------------------
  6936. // ResetGroupsMembers : This method re-adds the objects in the pMember list to the group account. This
  6937. // resets the group to its original form. ( as before the migration ). It also
  6938. // takes into account the MigratedObjects table which in turn allows to add the target
  6939. // information of newly migrated accounts to the group instead of the source account.
  6940. //---------------------------------------------------------------------------------------------------------
  6941. HRESULT CAcctRepl::ResetGroupsMembers(
  6942. Options * pOptions, //in- Options as set by the user
  6943. TAcctReplNode * pAcct, //in- Account being copied
  6944. TNodeListSortable * pMember, //in- Membership list to restore
  6945. IIManageDBPtr pDb //in- DB object to look up migrated objects.
  6946. )
  6947. {
  6948. // Add all the members back to the group.
  6949. IADsGroup * pGroup;
  6950. HRESULT hr;
  6951. _bstr_t sMember;
  6952. _bstr_t sPath;
  6953. IVarSetPtr pVs(__uuidof(VarSet));
  6954. IUnknown * pUnk;
  6955. DWORD groupType = 0;
  6956. _variant_t var;
  6957. WCHAR sMemPath[LEN_Path];
  6958. WCHAR sPaths[LEN_Path];
  6959. DWORD nPathLen = LEN_Path;
  6960. WCHAR subPath[LEN_Path];
  6961. *sMemPath = L'\0';
  6962. if ( pAcct->WasReplaced() )
  6963. {
  6964. wcscpy(subPath, pAcct->GetTargetPath());
  6965. StuffComputerNameinLdapPath(sPaths, nPathLen, subPath, pOptions, TRUE);
  6966. hr = ADsGetObject(sPaths, IID_IADsGroup, (void**) &pGroup);
  6967. err.MsgWrite(0, DCT_READDING_MEMBERS_TO_GROUP_SS, pAcct->GetTargetName(), sPaths);
  6968. }
  6969. else
  6970. {
  6971. wcscpy(subPath, pAcct->GetSourcePath());
  6972. StuffComputerNameinLdapPath(sPaths, nPathLen, subPath, pOptions, FALSE);
  6973. hr = ADsGetObject(sPaths, IID_IADsGroup, (void**) &pGroup);
  6974. err.MsgWrite(0, DCT_READDING_MEMBERS_TO_GROUP_SS, pAcct->GetName(), sPaths);
  6975. }
  6976. if ( FAILED(hr) ) return hr;
  6977. hr = pGroup->Get(L"groupType", &var);
  6978. if ( SUCCEEDED(hr) )
  6979. {
  6980. groupType = var.lVal;
  6981. }
  6982. for ( TRecordNode * pNode = (TRecordNode*)pMember->Head(); pNode; pNode = (TRecordNode*)pNode->Next())
  6983. {
  6984. if ( pNode->GetARNode() != pAcct )
  6985. continue;
  6986. pVs->QueryInterface(IID_IUnknown, (void**)&pUnk);
  6987. sMember = pNode->GetMemberSam();
  6988. if ( pAcct->WasReplaced() && sMember.length() && !pNode->IsMemberMoved() )
  6989. {
  6990. hr = pDb->raw_GetAMigratedObject(sMember,pOptions->srcDomain, pOptions->tgtDomain, &pUnk);
  6991. }
  6992. else
  6993. {
  6994. hr = S_FALSE; // if we don't have the sam name, don't bother trying to look this one up
  6995. }
  6996. pUnk->Release();
  6997. if ( hr == S_OK )
  6998. // Since we have already migrated this object lets use the target objects information.
  6999. sPath = pVs->get(L"MigratedObjects.TargetAdsPath");
  7000. else
  7001. // Other wise use the source objects path to add.
  7002. sPath = pNode->GetMember();
  7003. if ( groupType & 4 )
  7004. {
  7005. // To add local group members we need to change the LDAP path to the SID type path
  7006. IADs * pAds = NULL;
  7007. hr = ADsGetObject((WCHAR*) sPath, IID_IADs, (void**) &pAds);
  7008. if ( SUCCEEDED(hr) )
  7009. hr = pAds->Get(L"objectSid", &var);
  7010. if ( SUCCEEDED(hr) )
  7011. {
  7012. // Make sure the SID we got was in string format
  7013. VariantSidToString(var);
  7014. UStrCpy(sMemPath,L"LDAP://<SID=");
  7015. UStrCpy(sMemPath + UStrLen(sMemPath),var.bstrVal);
  7016. UStrCpy(sMemPath + UStrLen(sMemPath),L">");
  7017. }
  7018. }
  7019. else
  7020. wcscpy(sMemPath, (WCHAR*) sPath);
  7021. WCHAR mesg[LEN_Path];
  7022. wsprintf(mesg, GET_STRING(DCT_MSG_RESET_GROUP_MEMBERS_SS), pAcct->GetName(), (WCHAR*) sMemPath);
  7023. Progress(mesg);
  7024. if ( !pOptions->nochange )
  7025. hr = pGroup->Add(sMemPath);
  7026. else
  7027. hr = S_OK;
  7028. // Try again with LDAP path if SID path failed.
  7029. if ( FAILED(hr) && ( groupType & 4 ) )
  7030. hr = pGroup->Add((WCHAR*) sPath);
  7031. if ( FAILED(hr) )
  7032. {
  7033. hr = BetterHR(hr);
  7034. err.SysMsgWrite(ErrE, hr, DCT_MSG_FAILED_TO_READD_TO_GROUP_SSD,(WCHAR*)sPath, pAcct->GetName(),hr);
  7035. Mark(L"errors", pAcct->GetType());
  7036. }
  7037. else
  7038. {
  7039. err.MsgWrite(0, DCT_MSG_READD_MEMBER_TO_GROUP_SS, (WCHAR*) sPath, pAcct->GetName());
  7040. }
  7041. }
  7042. pGroup->Release();
  7043. return hr;
  7044. }
  7045. BOOL CAcctRepl::TruncateSam(WCHAR * tgtname, TAcctReplNode * acct, Options * options, TNodeListSortable * acctList)
  7046. {
  7047. // SInce we can not copy accounts with lenght more than 20 characters we will truncate
  7048. // it and then add sequence numbers (0-99) in case there are duplicates.
  7049. // we are also going to take into account the global prefix and suffix length while truncating
  7050. // the account.
  7051. BOOL ret = TRUE;
  7052. int lenPref = wcslen(options->globalPrefix);
  7053. int lenSuff = wcslen(options->globalSuffix);
  7054. int lenOrig = wcslen(tgtname);
  7055. int maxLen = 20;
  7056. if ( !_wcsicmp(acct->GetType(), L"group") )
  7057. maxLen = 255;
  7058. else
  7059. maxLen = 20;
  7060. int lenTruncate = maxLen - ( 2 + lenPref + lenSuff );
  7061. // we can not truncate accounts if prefix and suffix are > 20 characters themselves
  7062. if ( lenPref + lenSuff > (maxLen - 2) ) return FALSE;
  7063. if ( lenPref + lenSuff + lenOrig > maxLen )
  7064. {
  7065. WCHAR sTemp[LEN_Path];
  7066. wcsncpy(sTemp, tgtname, lenTruncate);
  7067. sTemp[lenTruncate] = 0;
  7068. int cnt = 0;
  7069. bool cont = true;
  7070. while (cont)
  7071. {
  7072. wsprintf(tgtname, L"%s%02d", sTemp, cnt);
  7073. if ( CheckifAccountExists(options, tgtname) || acctList->Find(&TNodeFindByNameOnly, tgtname))
  7074. cnt++;
  7075. else
  7076. {
  7077. cont = false;
  7078. // Account is truncated so log a message.
  7079. err.MsgWrite(0, DCT_MSG_TRUNCATED_ACCOUNT_NAME_SS, acct->GetName(), tgtname);
  7080. }
  7081. if (cnt > 99)
  7082. {
  7083. // We only have 2 digits for numbers so any more than this we can not handle.
  7084. err.MsgWrite(ErrW,DCT_MSG_FAILED_TO_TRUNCATE_S, acct->GetTargetName());
  7085. Mark(L"warnings",acct->GetType());
  7086. UStrCpy(tgtname, acct->GetTargetName());
  7087. ret = FALSE;
  7088. break;
  7089. }
  7090. }
  7091. }
  7092. return ret;
  7093. }
  7094. //---------------------------------------------------------------------------------------------------------
  7095. // FillNodeFromPath : We will take the LDAP path that is provided to us and from that fill
  7096. // in all the information that is required in AcctRepl node.
  7097. //---------------------------------------------------------------------------------------------------------
  7098. HRESULT CAcctRepl::FillNodeFromPath(
  7099. TAcctReplNode *pAcct, // in-Account node to fillin
  7100. Options * pOptions, //in - Options set by the users
  7101. TNodeListSortable * acctList
  7102. )
  7103. {
  7104. HRESULT hr = S_OK;
  7105. IADs * pAds = NULL;
  7106. VARIANT var;
  7107. BSTR sText;
  7108. WCHAR text[LEN_Account];
  7109. BOOL bBuiltIn = FALSE;
  7110. WCHAR sSam[LEN_Path];
  7111. // DWORD dwLen = 0;
  7112. VariantInit(&var);
  7113. FillNamingContext(pOptions);
  7114. hr = ADsGetObject(const_cast<WCHAR*>(pAcct->GetSourcePath()), IID_IADs, (void**)&pAds);
  7115. if ( SUCCEEDED(hr) )
  7116. {
  7117. // Check if this is a BuiltIn account.
  7118. hr = pAds->Get(L"isCriticalSystemObject", &var);
  7119. if ( SUCCEEDED(hr) )
  7120. {
  7121. bBuiltIn = V_BOOL(&var) == -1 ? TRUE : FALSE;
  7122. }
  7123. else
  7124. {
  7125. // This must be a NT4 account. We need to get the SID and check if
  7126. // it's RID belongs to the BUILTIN rids.
  7127. hr = pAds->Get(L"objectSID", &var);
  7128. if ( SUCCEEDED(hr) )
  7129. {
  7130. SAFEARRAY * pArray = V_ARRAY(&var);
  7131. PSID pSid;
  7132. hr = SafeArrayAccessData(pArray, (void**)&pSid);
  7133. if ( SUCCEEDED(hr) )
  7134. {
  7135. DWORD * dwCnt = (DWORD *) GetSidSubAuthorityCount(pSid);
  7136. DWORD * rid = (DWORD *) GetSidSubAuthority(pSid, (*dwCnt)-1);
  7137. bBuiltIn = BuiltinRid(*rid);
  7138. if ( bBuiltIn )
  7139. {
  7140. hr = pAds->get_Name(&sText);
  7141. if (SUCCEEDED(hr))
  7142. {
  7143. bBuiltIn = CheckBuiltInWithNTApi(pSid, (WCHAR*) sText, pOptions);
  7144. }
  7145. SysFreeString(sText);
  7146. sText = NULL;
  7147. }
  7148. hr = SafeArrayUnaccessData(pArray);
  7149. }
  7150. VariantClear(&var);
  7151. }
  7152. }
  7153. hr = pAds->get_Class(&sText);
  7154. if ( SUCCEEDED(hr) )
  7155. {
  7156. pAcct->SetType((WCHAR*) sText);
  7157. }
  7158. // check if it is a group. If it is then get the group type and store it in the node.
  7159. if ( _wcsicmp((WCHAR*) sText, L"group") == 0 )
  7160. {
  7161. hr = pAds->Get(L"groupType", &var);
  7162. if ( SUCCEEDED(hr) )
  7163. {
  7164. pAcct->SetGroupType((long) V_INT(&var));
  7165. }
  7166. }
  7167. SysFreeString(sText);
  7168. sText = NULL;
  7169. hr = pAds->get_Name(&sText);
  7170. if (SUCCEEDED(hr))
  7171. {
  7172. safecopy(text,(WCHAR*)sText);
  7173. pAcct->SetTargetName(text);
  7174. pAcct->SetName(text);
  7175. }
  7176. //if the name includes a '/', then we have to get the escaped version from the path
  7177. //due to a bug in W2K.
  7178. if (wcschr((WCHAR*)sText, L'/'))
  7179. {
  7180. _bstr_t sCNName = GetCNFromPath(_bstr_t(pAcct->GetSourcePath()));
  7181. if (sCNName.length() != 0)
  7182. {
  7183. pAcct->SetTargetName((WCHAR*)sCNName);
  7184. pAcct->SetName((WCHAR*)sCNName);
  7185. }
  7186. }
  7187. hr = pAds->Get(L"sAMAccountName", &var);
  7188. if ( SUCCEEDED(hr))
  7189. {
  7190. // Add the prefix or the suffix as it is needed
  7191. wcscpy(sSam, (WCHAR*)V_BSTR(&var));
  7192. pAcct->SetSourceSam(sSam);
  7193. pAcct->SetTargetSam(sSam);
  7194. AddPrefixSuffix(pAcct, pOptions);
  7195. VariantClear(&var);
  7196. }
  7197. else
  7198. {
  7199. pAcct->SetSourceSam((WCHAR*) sText);
  7200. TruncateSam((WCHAR*)sText, pAcct, pOptions, acctList);
  7201. pAcct->SetTargetSam((WCHAR*) sText);
  7202. AddPrefixSuffix(pAcct, pOptions);
  7203. }
  7204. SysFreeString(sText);
  7205. sText = NULL;
  7206. // Don't know why it is different for WinNT to ADSI
  7207. if ( pOptions->srcDomainVer > 4 )
  7208. hr = pAds->Get(L"profilePath", &var);
  7209. else
  7210. hr = pAds->Get(L"profile", &var);
  7211. if ( SUCCEEDED(hr))
  7212. {
  7213. pAcct->SetSourceProfile((WCHAR*) V_BSTR(&var));
  7214. VariantClear(&var);
  7215. }
  7216. if ( bBuiltIn )
  7217. {
  7218. // Builtin account so we are going to ignore this account. ( by setting the operation mask to 0 )
  7219. err.MsgWrite(ErrW, DCT_MSG_IGNORING_BUILTIN_S, pAcct->GetSourceSam());
  7220. Mark(L"warnings", pAcct->GetType());
  7221. pAcct->operations = 0;
  7222. }
  7223. }
  7224. else
  7225. {
  7226. err.SysMsgWrite(ErrE, hr, DCT_MSG_OBJECT_NOT_FOUND_SSD, pAcct->GetSourcePath(), opt.srcDomain, hr);
  7227. Mark(L"errors", pAcct->GetType());
  7228. }
  7229. if ( pAds )
  7230. pAds->Release();
  7231. return hr;
  7232. }
  7233. //---------------------------------------------------------------------------------------------------------
  7234. // GetNt4Type : Given the account name and the domain finds the type of account.
  7235. //---------------------------------------------------------------------------------------------------------
  7236. BOOL CAcctRepl::GetNt4Type(const WCHAR *sComp, const WCHAR *sAcct, WCHAR *sType)
  7237. {
  7238. DWORD rc = 0;
  7239. USER_INFO_0 * buf;
  7240. BOOL ret = FALSE;
  7241. USER_INFO_1 * specialBuf;
  7242. if ( (rc = NetUserGetInfo(sComp, sAcct, 1, (LPBYTE *) &specialBuf)) == NERR_Success )
  7243. {
  7244. if ( specialBuf->usri1_flags & UF_WORKSTATION_TRUST_ACCOUNT
  7245. || specialBuf->usri1_flags & UF_SERVER_TRUST_ACCOUNT
  7246. || specialBuf->usri1_flags & UF_INTERDOMAIN_TRUST_ACCOUNT )
  7247. {
  7248. // this is not really a user (maybe a computer or a trust account) So we will ignore it.
  7249. ret = FALSE;
  7250. }
  7251. else
  7252. {
  7253. wcscpy(sType, L"user");
  7254. ret = TRUE;
  7255. }
  7256. NetApiBufferFree(specialBuf);
  7257. }
  7258. else if ( (rc = NetGroupGetInfo(sComp, sAcct, 0, (LPBYTE *) &buf)) == NERR_Success )
  7259. {
  7260. wcscpy(sType, L"group");
  7261. NetApiBufferFree(buf);
  7262. ret = TRUE;
  7263. }
  7264. else if ( (rc = NetLocalGroupGetInfo(sComp, sAcct, 0, (LPBYTE *) &buf)) == NERR_Success )
  7265. {
  7266. wcscpy(sType, L"group");
  7267. NetApiBufferFree(buf);
  7268. ret = TRUE;
  7269. }
  7270. return ret;
  7271. }
  7272. bool CAcctRepl::GetClosestDC(Options * pOpt, long flags)
  7273. {
  7274. DOMAIN_CONTROLLER_INFO * pSrcDomCtrlInfo = NULL;
  7275. DWORD rc = 0;
  7276. DSGETDCNAME DsGetDcName = NULL;
  7277. HMODULE hPro = LoadLibrary(L"NetApi32.dll");
  7278. if ( hPro )
  7279. DsGetDcName = (DSGETDCNAME)GetProcAddress(hPro, "DsGetDcNameW");
  7280. else
  7281. {
  7282. err.SysMsgWrite(ErrE, rc, DCT_MSG_LOAD_LIBRARY_FAILED_SD, L"NetApi32.dll");
  7283. Mark(L"errors", L"generic");
  7284. }
  7285. if (DsGetDcName)
  7286. {
  7287. rc = DsGetDcName(
  7288. NULL ,// LPCTSTR ComputerName ?
  7289. pOpt->srcDomain ,// LPCTSTR DomainName
  7290. NULL ,// GUID *DomainGuid ?
  7291. NULL ,// LPCTSTR SiteName ?
  7292. flags ,// ULONG Flags ?
  7293. &pSrcDomCtrlInfo // PDOMAIN_CONTROLLER_INFO *DomainControllerInfo
  7294. );
  7295. if ( rc )
  7296. {
  7297. err.SysMsgWrite(ErrE, rc, DCT_MSG_DOMAIN_NOT_FOUND_S, pOpt->srcDomain);
  7298. Mark(L"errors", L"generic");
  7299. }
  7300. else
  7301. {
  7302. wcscpy(pOpt->srcComp, pSrcDomCtrlInfo->DomainControllerName);
  7303. }
  7304. NetApiBufferFree( pSrcDomCtrlInfo );
  7305. rc = DsGetDcName(
  7306. NULL ,// LPCTSTR ComputerName ?
  7307. pOpt->tgtDomain ,// LPCTSTR DomainName
  7308. NULL ,// GUID *DomainGuid ?
  7309. NULL ,// LPCTSTR SiteName ?
  7310. flags ,// ULONG Flags ?
  7311. &pSrcDomCtrlInfo // PDOMAIN_CONTROLLER_INFO *DomainControllerInfo
  7312. );
  7313. if ( rc )
  7314. {
  7315. err.SysMsgWrite(ErrE, rc, DCT_MSG_DOMAIN_NOT_FOUND_S, pOpt->tgtDomain);
  7316. Mark(L"errors", L"generic");
  7317. }
  7318. else
  7319. {
  7320. wcscpy(pOpt->tgtComp, pSrcDomCtrlInfo->DomainControllerName);
  7321. }
  7322. NetApiBufferFree( pSrcDomCtrlInfo );
  7323. }
  7324. if ( hPro )
  7325. FreeLibrary(hPro);
  7326. return ( rc == 0 );
  7327. }
  7328. //------------------------------------------------------------------------------
  7329. // UndoCopy: This function Undoes the copying of the accounts. It currently
  7330. // does the following tasks. Add to it if needed.
  7331. // 1. Deletes the target account if Inter-Forest, but replace source acocunts
  7332. // in local groups for accounts migrated by ADMT.
  7333. // 2. Moves the object back to its original position if Intra-Forest.
  7334. // 3. Calls the Undo function on the Extensions
  7335. //------------------------------------------------------------------------------
  7336. int CAcctRepl::UndoCopy(
  7337. Options * options, // in -options
  7338. TNodeListSortable * acctlist, // in -list of accounts to process
  7339. ProgressFn * progress, // in -window to write progress messages to
  7340. TError & error, // in -window to write error messages to
  7341. IStatusObj * pStatus, // in -status object to support cancellation
  7342. void WindowUpdate (void ) // in - window update function
  7343. )
  7344. {
  7345. BOOL bSameForest = FALSE;
  7346. // sort the account list by Source Type\Source Name
  7347. acctlist->CompareSet(&TNodeCompareAccountType);
  7348. acctlist->SortedToScrambledTree();
  7349. acctlist->Sort(&TNodeCompareAccountType);
  7350. acctlist->Balance();
  7351. long rc;
  7352. // Since these are Win2k domains we need to process it with Win2k code.
  7353. MCSDCTWORKEROBJECTSLib::IAccessCheckerPtr pAccess(__uuidof(MCSDCTWORKEROBJECTSLib::AccessChecker));
  7354. // First of all we need to find out if they are in the same forest.
  7355. HRESULT hr = S_OK;
  7356. if ( BothWin2K(options) )
  7357. {
  7358. hr = pAccess->raw_IsInSameForest(options->srcDomainDns,options->tgtDomainDns, (long*)&bSameForest);
  7359. }
  7360. if ( SUCCEEDED(hr) )
  7361. {
  7362. if ( !bSameForest )
  7363. // Different forest we need to delete the one that we had previously created.
  7364. rc = DeleteObject(options, acctlist, progress, pStatus);
  7365. else
  7366. {
  7367. // Within a forest we can move the object around.
  7368. TNodeListSortable * pList = NULL;
  7369. hr = MakeAcctListFromMigratedObjects(options, options->lUndoActionID, pList,TRUE);
  7370. if ( SUCCEEDED(hr) && pList )
  7371. {
  7372. if ( pList->IsTree() ) pList->ToSorted();
  7373. pList->CompareSet(&TNodeCompareAccountType);
  7374. pList->UnsortedToTree();
  7375. pList->Balance();
  7376. rc = MoveObj2K(options, pList, progress, pStatus);
  7377. }
  7378. else
  7379. {
  7380. err.SysMsgWrite(ErrE,hr,DCT_MSG_FAILED_TO_LOAD_UNDO_LIST_D,hr);
  7381. Mark(L"errors", L"generic");
  7382. }
  7383. }
  7384. if ( progress )
  7385. progress(L"");
  7386. }
  7387. return rc;
  7388. }
  7389. int CAcctRepl::DeleteObject(
  7390. Options * pOptions, //in -Options that we recieved from the user
  7391. TNodeListSortable * acctlist, //in -AcctList of accounts to be copied.
  7392. ProgressFn * progress, //in -Progress Function to display messages
  7393. IStatusObj * pStatus // in -status object to support cancellation
  7394. )
  7395. {
  7396. TNodeListSortable * pList = NULL;
  7397. TNodeTreeEnum tenum;
  7398. TAcctReplNode * acct = NULL, * tNext = NULL;
  7399. HRESULT hr = S_OK;
  7400. DWORD rc = 0;
  7401. WCHAR mesg[LEN_Path];
  7402. IUnknown * pUnk = NULL;
  7403. IVarSetPtr pVs(__uuidof(VarSet));
  7404. _variant_t var;
  7405. hr = MakeAcctListFromMigratedObjects(pOptions, pOptions->lUndoActionID, pList,FALSE);
  7406. if ( SUCCEEDED(hr) && pList )
  7407. {
  7408. if ( pList->IsTree() ) pList->ToSorted();
  7409. pList->SortedToScrambledTree();
  7410. pList->Sort(&TNodeCompareAccountSam);
  7411. pList->Balance();
  7412. /* restore source account of account being deleted in local groups prior to deleting
  7413. the target account */
  7414. wcscpy(mesg, GET_STRING(IDS_LG_MEMBER_FIXUP_UNDO));
  7415. if ( progress )
  7416. progress(mesg);
  7417. ReplaceSourceInLocalGroup(pList, pOptions, pStatus);
  7418. for ( acct = (TAcctReplNode *)tenum.OpenFirst(pList) ; acct ; acct = tNext)
  7419. {
  7420. // Call the extensions for undo
  7421. wsprintf(mesg, GET_STRING(IDS_RUNNING_EXTS_S), acct->GetTargetPath());
  7422. if ( progress )
  7423. progress(mesg);
  7424. Mark(L"processed",acct->GetType());
  7425. // Close the log file if it is open
  7426. WCHAR filename[LEN_Path];
  7427. err.LogClose();
  7428. if (m_pExt)
  7429. m_pExt->Process(acct, pOptions->tgtDomain, pOptions,FALSE);
  7430. safecopy (filename,opt.logFile);
  7431. err.LogOpen(filename,1 /*append*/ );
  7432. if ( acct->GetStatus() & AR_Status_Created )
  7433. {
  7434. wsprintf(mesg, GET_STRING(IDS_DELETING_S), acct->GetTargetPath());
  7435. if ( progress ) progress(mesg);
  7436. if ( ! _wcsicmp(acct->GetType(),L"computer") )
  7437. {
  7438. // do not delete the computer accounts, because if we do,
  7439. // the computer will be immediately locked out of the domain
  7440. tNext = (TAcctReplNode *) tenum.Next();
  7441. pList->Remove(acct);
  7442. delete acct;
  7443. continue;
  7444. }
  7445. // Now delete the account.
  7446. if ( !_wcsicmp(acct->GetType(), L"user") )
  7447. rc = NetUserDel(pOptions->tgtComp, acct->GetTargetSam());
  7448. else
  7449. {
  7450. // Must be a group try both local and global.
  7451. rc = NetGroupDel(pOptions->tgtComp, acct->GetTargetSam());
  7452. if ( rc )
  7453. rc = NetLocalGroupDel(pOptions->tgtComp, acct->GetTargetSam());
  7454. }
  7455. // Log a message
  7456. if ( !rc )
  7457. {
  7458. err.MsgWrite(0, DCT_MSG_ACCOUNT_DELETED_S, (WCHAR*)acct->GetTargetPath());
  7459. Mark(L"created",acct->GetType());
  7460. }
  7461. else
  7462. {
  7463. err.SysMsgWrite(ErrE, rc, DCT_MSG_DELETE_ACCOUNT_FAILED_SD, (WCHAR*)acct->GetTargetPath(), rc);
  7464. Mark(L"errors", acct->GetType());
  7465. }
  7466. }
  7467. else
  7468. {
  7469. err.MsgWrite(ErrW, DCT_MSG_NO_DELETE_WAS_REPLACED_S, acct->GetTargetPath());
  7470. Mark(L"warnings",acct->GetType());
  7471. }
  7472. tNext = (TAcctReplNode *) tenum.Next();
  7473. pList->Remove(acct);
  7474. delete acct;
  7475. }
  7476. tenum.Close();
  7477. delete pList;
  7478. }
  7479. if ( pUnk ) pUnk->Release();
  7480. tenum.Close();
  7481. return rc;
  7482. }
  7483. HRESULT CAcctRepl::MakeAcctListFromMigratedObjects(Options * pOptions, long lUndoActionID, TNodeListSortable *& pAcctList,BOOL bReverseDomains)
  7484. {
  7485. IVarSetPtr pVs(__uuidof(VarSet));
  7486. IUnknown * pUnk = NULL;
  7487. HRESULT hr = S_OK;
  7488. _bstr_t sSName, sTName, sSSam, sTSam, sType, sSUPN, sSDSid;
  7489. long lSRid, lTRid;
  7490. long lStat;
  7491. WCHAR sActionInfo[LEN_Path];
  7492. hr = pVs->QueryInterface(IID_IUnknown, (void**)&pUnk);
  7493. if ( SUCCEEDED(hr) )
  7494. hr = pOptions->pDb->raw_GetMigratedObjects( pOptions->lUndoActionID, &pUnk);
  7495. if ( SUCCEEDED(hr) )
  7496. {
  7497. pAcctList = new TNodeListSortable();
  7498. if (!pAcctList)
  7499. return HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  7500. long lCnt = pVs->get("MigratedObjects");
  7501. for ( long l = 0; l < lCnt; l++)
  7502. {
  7503. wsprintf(sActionInfo, L"MigratedObjects.%d.%s", l, GET_STRING(DB_SourceAdsPath));
  7504. sSName = pVs->get(sActionInfo);
  7505. wsprintf(sActionInfo, L"MigratedObjects.%d.%s", l, GET_STRING(DB_TargetAdsPath));
  7506. sTName = pVs->get(sActionInfo);
  7507. wsprintf(sActionInfo, L"MigratedObjects.%d.%s", l, GET_STRING(DB_status));
  7508. lStat = pVs->get(sActionInfo);
  7509. wsprintf(sActionInfo, L"MigratedObjects.%d.%s", l, GET_STRING(DB_TargetSamName));
  7510. sTSam = pVs->get(sActionInfo);
  7511. wsprintf(sActionInfo, L"MigratedObjects.%d.%s", l, GET_STRING(DB_SourceSamName));
  7512. sSSam = pVs->get(sActionInfo);
  7513. wsprintf(sActionInfo, L"MigratedObjects.%d.%s", l, GET_STRING(DB_Type));
  7514. sType = pVs->get(sActionInfo);
  7515. wsprintf(sActionInfo, L"MigratedObjects.%d.%s", l, GET_STRING(DB_SourceDomainSid));
  7516. sSDSid = pVs->get(sActionInfo);
  7517. wsprintf(sActionInfo, L"MigratedObjects.%d.%s", l, GET_STRING(DB_SourceRid));
  7518. lSRid = pVs->get(sActionInfo);
  7519. wsprintf(sActionInfo, L"MigratedObjects.%d.%s", l, GET_STRING(DB_TargetRid));
  7520. lTRid = pVs->get(sActionInfo);
  7521. TAcctReplNode * pNode = new TAcctReplNode();
  7522. if (!pNode)
  7523. return HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  7524. if ( bReverseDomains )
  7525. {
  7526. pNode->SetSourcePath((WCHAR*) sTName);
  7527. pNode->SetTargetPath((WCHAR*) sSName);
  7528. pNode->SetSourceSam((WCHAR*) sTSam);
  7529. pNode->SetTargetSam((WCHAR*) sSSam);
  7530. //if we are moving the acounts back during an undo, get the source UPN for this account
  7531. GetAccountUPN(pOptions, sSName, sSUPN);
  7532. pNode->SetSourceUPN((WCHAR*) sSUPN);
  7533. }
  7534. else
  7535. {
  7536. pNode->SetSourcePath((WCHAR*) sSName);
  7537. pNode->SetTargetPath((WCHAR*) sTName);
  7538. pNode->SetSourceSam((WCHAR*) sSSam);
  7539. pNode->SetTargetSam((WCHAR*) sTSam);
  7540. }
  7541. pNode->SetType((WCHAR*) sType);
  7542. pNode->SetStatus(lStat);
  7543. pNode->SetSourceSid(SidFromString((WCHAR*)sSDSid));
  7544. pNode->SetSourceRid(lSRid);
  7545. pNode->SetTargetRid(lTRid);
  7546. pAcctList->InsertBottom((TNode*) pNode);
  7547. }
  7548. }
  7549. return hr;
  7550. }
  7551. void CAcctRepl::AddPrefixSuffix( TAcctReplNode * pNode, Options * pOptions )
  7552. {
  7553. DWORD dwLen = 0;
  7554. WCHAR ss[LEN_Path];
  7555. WCHAR tgt[LEN_Path];
  7556. WCHAR pref[LEN_Path];
  7557. WCHAR suf[LEN_Path];
  7558. WCHAR sTemp[LEN_Path];
  7559. WCHAR sTargetSamName[LEN_Path];
  7560. wcscpy(sTargetSamName, pNode->GetTargetSam());
  7561. if ( wcslen(pOptions->globalPrefix) )
  7562. {
  7563. int truncate = 255;
  7564. if ( !_wcsicmp(pNode->GetType(), L"user") )
  7565. {
  7566. truncate = 20 - wcslen(pOptions->globalPrefix);
  7567. }
  7568. else if ( !_wcsicmp(pNode->GetType(), L"computer") )
  7569. {
  7570. truncate = 16 - wcslen(pOptions->globalPrefix);
  7571. }
  7572. // make sure we truncate the account so we dont get account names that are very large.
  7573. sTargetSamName[truncate] = L'\0';
  7574. // Prefix is specified so lets just add that.
  7575. wsprintf(sTemp, L"%s%s", pOptions->globalPrefix, sTargetSamName);
  7576. wcscpy(tgt, pNode->GetTargetName());
  7577. for ( DWORD z = 0; z < wcslen(tgt); z++ )
  7578. {
  7579. if ( tgt[z] == L'=' ) break;
  7580. }
  7581. if ( z < wcslen(tgt) )
  7582. {
  7583. // Get the prefix part ex.CN=
  7584. wcsncpy(pref, tgt, z+1);
  7585. pref[z+1] = 0;
  7586. wcscpy(suf, tgt+z+1);
  7587. }
  7588. else
  7589. {
  7590. wcscpy(pref,L"");
  7591. wcscpy(suf,tgt);
  7592. }
  7593. // Remove the \ if it is escaping the space
  7594. if ( suf[0] == L'\\' && suf[1] == L' ' )
  7595. {
  7596. WCHAR sTemp[LEN_Path];
  7597. wcscpy(sTemp, suf+1);
  7598. wcscpy(suf, sTemp);
  7599. }
  7600. // Build the target string with the Prefix
  7601. wsprintf(tgt, L"%s%s%s", pref, pOptions->globalPrefix, suf);
  7602. }
  7603. else if ( wcslen(pOptions->globalSuffix) )
  7604. {
  7605. int truncate = 255;
  7606. if ( !_wcsicmp(pNode->GetType(), L"user") )
  7607. {
  7608. truncate = 20 - wcslen(pOptions->globalSuffix);
  7609. }
  7610. else if ( !_wcsicmp(pNode->GetType(), L"computer") )
  7611. {
  7612. truncate = 16 - wcslen(pOptions->globalSuffix);
  7613. }
  7614. // make sure we truncate the account so we dont get account names that are very large.
  7615. sTargetSamName[truncate] = L'\0';
  7616. // Suffix is specified.
  7617. if ( !_wcsicmp( pNode->GetType(), L"computer") )
  7618. {
  7619. // We need to make sure we take into account the $ sign in computer sam name.
  7620. dwLen = wcslen(sTargetSamName);
  7621. // Get rid of the $ sign
  7622. wcscpy(ss, sTargetSamName);
  7623. if ( ss[dwLen - 1] == L'$' )
  7624. {
  7625. ss[dwLen - 1] = L'\0';
  7626. }
  7627. wsprintf(sTemp, L"%s%s$", ss, pOptions->globalSuffix);
  7628. }
  7629. else
  7630. {
  7631. //Simply add the suffix to all other accounts.
  7632. wsprintf(sTemp, L"%s%s", sTargetSamName, pOptions->globalSuffix);
  7633. }
  7634. // Remove the trailing space \ escape sequence
  7635. wcscpy(tgt, pNode->GetName());
  7636. for ( int i = wcslen(tgt)-1; i >= 0; i-- )
  7637. {
  7638. if ( tgt[i] != L' ' )
  7639. break;
  7640. }
  7641. if ( tgt[i] == L'\\' )
  7642. {
  7643. WCHAR * pTemp = &tgt[i];
  7644. *pTemp = 0;
  7645. wcscpy(pref, tgt);
  7646. wcscpy(suf, pTemp+1);
  7647. }
  7648. else
  7649. {
  7650. wcscpy(pref, tgt);
  7651. wcscpy(suf, L"");
  7652. }
  7653. wsprintf(tgt, L"%s%s%s", pref, suf, pOptions->globalSuffix);
  7654. }
  7655. else
  7656. {
  7657. wcscpy(sTemp, pNode->GetTargetSam());
  7658. wcscpy(tgt, pNode->GetName());
  7659. }
  7660. pNode->SetTargetName(tgt);
  7661. pNode->SetTargetSam(sTemp);
  7662. }
  7663. void CAcctRepl::BuildTargetPath(WCHAR const * sCN, WCHAR const * tgtOU, WCHAR * stgtPath)
  7664. {
  7665. WCHAR pTemp[LEN_Path];
  7666. wcscpy(pTemp, tgtOU);
  7667. *stgtPath = L'\0';
  7668. // Make sure it is a LDAP path.
  7669. if ( !wcsncmp(L"LDAP://", pTemp, 7) )
  7670. {
  7671. // Get the LDAP://<DOMAIN>/ part.
  7672. WCHAR * p = wcschr(pTemp + 7, L'/');
  7673. // Build the string.
  7674. if (p)
  7675. {
  7676. *p = L'\0';
  7677. wsprintf(stgtPath, L"%s/%s,%s", pTemp, sCN, p+1);
  7678. }
  7679. }
  7680. }
  7681. HRESULT CAcctRepl::BetterHR(HRESULT hr)
  7682. {
  7683. HRESULT temp = hr;
  7684. if ( hr == 0x8007001f || hr == 0x80071392 ) temp = HRESULT_FROM_WIN32(NERR_UserExists);
  7685. else if ( hr == 0x80072030 || hr == 0x80070534 ) temp = HRESULT_FROM_WIN32(NERR_UserNotFound);
  7686. return temp;
  7687. }
  7688. HRESULT CAcctRepl::GetThePrimaryGroupMembers(Options * pOptions, WCHAR * sGroupSam, IEnumVARIANT *& pVar)
  7689. {
  7690. // This function looks for accounts that have the primaryGroupID set to the rid of the
  7691. // group in the argument.
  7692. BSTR pCols = L"aDSPath";
  7693. DWORD rid = 0;
  7694. HRESULT hr;
  7695. if ( GetRidForGroup(pOptions, sGroupSam, rid) )
  7696. hr = QueryPrimaryGroupMembers(pCols, pOptions, rid, pVar);
  7697. else
  7698. hr = HRESULT_FROM_WIN32(GetLastError());
  7699. return hr;
  7700. }
  7701. HRESULT CAcctRepl::AddPrimaryGroupMembers(Options * pOptions, SAFEARRAY * multiVals, WCHAR * sGroupSam)
  7702. {
  7703. // This function will get the accounts with primarygroupID = Group's RID and
  7704. // adds the DN for these Accounts to the safearry in the argument list.
  7705. BSTR pCols = L"distinguishedName";
  7706. DWORD rid = 0, dwFetch = 0;
  7707. IEnumVARIANT * pEnum = NULL;
  7708. HRESULT hr = S_OK;
  7709. _variant_t var;
  7710. _variant_t * var2;
  7711. SAFEARRAYBOUND bd;
  7712. long lb, ub;
  7713. _variant_t * pData = NULL;
  7714. SafeArrayGetLBound(multiVals, 1, &lb);
  7715. SafeArrayGetUBound(multiVals, 1, &ub);
  7716. bd.lLbound = lb;
  7717. bd.cElements = ub - lb + 1;
  7718. if ( GetRidForGroup(pOptions, sGroupSam, rid) )
  7719. {
  7720. hr = QueryPrimaryGroupMembers(pCols, pOptions, rid, pEnum);
  7721. if ( SUCCEEDED(hr) )
  7722. {
  7723. while ( pEnum->Next(1, &var, &dwFetch) == S_OK )
  7724. {
  7725. if (var.vt == (VT_ARRAY|VT_VARIANT))
  7726. {
  7727. SAFEARRAY * pArray = var.parray;
  7728. hr = SafeArrayAccessData(pArray, (void **)&var2);
  7729. if ( SUCCEEDED(hr) )
  7730. {
  7731. // Add one more element to the array.
  7732. bd.cElements++;
  7733. hr = SafeArrayRedim(multiVals, &bd);
  7734. }
  7735. // Fill in the new element with the information in the variant.
  7736. if ( SUCCEEDED(hr) )
  7737. hr = SafeArrayAccessData(multiVals, (void HUGEP**) &pData);
  7738. if ( SUCCEEDED(hr) )
  7739. {
  7740. pData[++ub] = *var2;
  7741. SafeArrayUnaccessData(multiVals);
  7742. }
  7743. if ( SUCCEEDED(hr) )
  7744. SafeArrayUnaccessData(pArray);
  7745. VariantInit(&var);
  7746. }
  7747. else
  7748. // Something really bad happened we should not get here in normal cond
  7749. hr = E_FAIL;
  7750. }
  7751. }
  7752. }
  7753. else
  7754. hr = HRESULT_FROM_WIN32(GetLastError());
  7755. if ( pEnum ) pEnum->Release();
  7756. return hr;
  7757. }
  7758. bool CAcctRepl::GetRidForGroup(Options * pOptions, WCHAR * sGroupSam, DWORD& rid)
  7759. {
  7760. // We lookup the Account name and get its SID. Once we have the SID we extract the RID and return that
  7761. SID_NAME_USE use;
  7762. PSID sid = (PSID) new BYTE[LEN_Path];
  7763. WCHAR dom[LEN_Path];
  7764. DWORD cbsid = LEN_Path, cbDom = LEN_Path;
  7765. bool ret = true;
  7766. if (!sid)
  7767. return false;
  7768. if ( LookupAccountName(pOptions->srcComp, sGroupSam, sid, &cbsid, dom, &cbDom, &use) )
  7769. {
  7770. // we now have the sid so get its sub authority count.
  7771. DWORD * pSubCnt = (DWORD*)GetSidSubAuthorityCount(sid);
  7772. DWORD * pRid = GetSidSubAuthority(sid, (*pSubCnt) -1 );
  7773. rid = *pRid;
  7774. }
  7775. else
  7776. ret = false;
  7777. delete [] sid;
  7778. return ret;
  7779. }
  7780. HRESULT CAcctRepl::QueryPrimaryGroupMembers(BSTR cols, Options * pOptions, DWORD rid, IEnumVARIANT*& pEnum)
  7781. {
  7782. WCHAR sQuery[LEN_Path];
  7783. WCHAR sCont[LEN_Path];
  7784. SAFEARRAY * colNames;
  7785. SAFEARRAYBOUND bd = { 1, 0 };
  7786. INetObjEnumeratorPtr pQuery(__uuidof(NetObjEnumerator));
  7787. BSTR * pData;
  7788. HRESULT hr;
  7789. wsprintf(sQuery, L"(primaryGroupID=%d)", rid);
  7790. wsprintf(sCont, L"LDAP://%s", pOptions->srcDomainDns);
  7791. colNames = SafeArrayCreate(VT_BSTR, 1, &bd);
  7792. hr = SafeArrayAccessData(colNames, (void**)&pData);
  7793. if ( SUCCEEDED(hr) )
  7794. {
  7795. pData[0] = SysAllocString(cols);
  7796. hr = SafeArrayUnaccessData(colNames);
  7797. }
  7798. if ( SUCCEEDED(hr) )
  7799. hr = pQuery->SetQuery(sCont, pOptions->srcDomain, sQuery, ADS_SCOPE_SUBTREE, FALSE);
  7800. if ( SUCCEEDED(hr) )
  7801. hr = pQuery->SetColumns(colNames);
  7802. if ( SUCCEEDED(hr) )
  7803. hr = pQuery->Execute(&pEnum);
  7804. return hr;
  7805. }
  7806. HRESULT CAcctRepl::GetTargetGroupType(WCHAR *sPath, DWORD &grpType)
  7807. {
  7808. // Here we lookup the group type for the object denoted by the path
  7809. IADsGroup * pGrp = NULL;
  7810. HRESULT hr = S_OK;
  7811. _variant_t var;
  7812. hr = ADsGetObject(sPath, IID_IADsGroup, (void**)&pGrp);
  7813. if (SUCCEEDED(hr))
  7814. hr = pGrp->Get(L"groupType", &var);
  7815. if (SUCCEEDED(hr))
  7816. {
  7817. grpType = var.lVal;
  7818. }
  7819. if ( pGrp ) pGrp->Release();
  7820. return hr;
  7821. }
  7822. // CheckBuiltInWithNTApi - This function makes sure that the account really is a
  7823. // builtin account with the NT APIs. In case of NT4 accounts
  7824. // there are certain special accounts that the WinNT provider
  7825. // gives us a SID that is the SYSTEM sid ( example Service ).
  7826. // To make sure that this account exists we use LookupAccountName
  7827. // with domain qualified account name to make sure that the account
  7828. // is really builtin or not.
  7829. BOOL CAcctRepl::CheckBuiltInWithNTApi(PSID pSid, WCHAR *sSam, Options * pOptions)
  7830. {
  7831. BOOL retVal = TRUE;
  7832. WCHAR sName[LEN_Path];
  7833. SID_NAME_USE use;
  7834. DWORD cbDomain = LEN_Path, cbSid = LEN_Path;
  7835. PSID pAccSid = new BYTE[LEN_Path];
  7836. WCHAR sDomain[LEN_Path];
  7837. if (!pAccSid)
  7838. return TRUE;
  7839. wsprintf(sName, L"%s\\%s", pOptions->srcDomain, sSam);
  7840. if ( LookupAccountName(pOptions->srcComp, sName, pAccSid, &cbSid, sDomain, &cbDomain, &use) )
  7841. {
  7842. // We found the account now we need to check the sid with the sid passed in and if they
  7843. // are the same then this is a builtin account otherwise its not.
  7844. retVal = EqualSid(pSid, pAccSid);
  7845. }
  7846. delete [] pAccSid;
  7847. return retVal;
  7848. }
  7849. BOOL CAcctRepl::StuffComputerNameinLdapPath(WCHAR *sAdsPath, DWORD nPathLen, WCHAR *sSubPath, Options *pOptions, BOOL bTarget)
  7850. {
  7851. BOOL ret = FALSE;
  7852. _bstr_t sTemp;
  7853. if ((!sAdsPath) || (!sSubPath))
  7854. return FALSE;
  7855. WCHAR * pTemp = wcschr(sSubPath + 7, L'/'); // Filter out the 'LDAP://<domain-name>/' from the path
  7856. if ( pTemp )
  7857. {
  7858. sTemp = L"LDAP://";
  7859. if ( bTarget )
  7860. sTemp += (pOptions->tgtComp + 2);
  7861. else
  7862. sTemp += (pOptions->srcComp + 2);
  7863. sTemp += L"/";
  7864. sTemp += (pTemp + 1);
  7865. wcsncpy(sAdsPath, sTemp, nPathLen-1);
  7866. // wsprintf(sAdsPath, L"LDAP://%s/%s", pOptions->tgtComp + 2, pTemp + 1); // LDAP path with the computer name.
  7867. // wsprintf(sAdsPath, L"LDAP://%s/%s", pOptions->srcComp + 2, pTemp + 1); // LDAP path with the computer name.
  7868. ret = TRUE;
  7869. }
  7870. return ret;
  7871. }
  7872. BOOL CAcctRepl::DoesTargetObjectAlreadyExist(TAcctReplNode * pAcct, Options * pOptions)
  7873. {
  7874. // Check to see if the target object already exists
  7875. WCHAR sPath[LEN_Path];
  7876. DWORD nPathLen = LEN_Path;
  7877. BOOL bObjectExists = FALSE;
  7878. WCHAR * pRelativeTgtOUPath;
  7879. WCHAR path[LEN_Path] = L"";
  7880. IADs * pAdsTemp = NULL;
  7881. WCHAR sSrcTemp[LEN_Path];
  7882. WCHAR * pTemp = NULL;
  7883. // First, check the target path, to see if an object with the same CN already exists
  7884. if ( ! pOptions->bUndo )
  7885. {
  7886. MakeFullyQualifiedAdsPath(sPath, nPathLen, pOptions->tgtOUPath, pOptions->tgtDomain, pOptions->tgtNamingContext);
  7887. pRelativeTgtOUPath = wcschr(sPath + UStrLen(L"LDAP://") + 2,L'/');
  7888. }
  7889. else
  7890. {
  7891. UStrCpy(sPath,pAcct->GetTargetPath());
  7892. pRelativeTgtOUPath = wcschr(sPath + UStrLen(L"LDAP://") + 2,L'/');
  7893. if (pRelativeTgtOUPath)
  7894. {
  7895. // get the target CN name
  7896. pTemp = pRelativeTgtOUPath + 1;
  7897. (*pRelativeTgtOUPath) = 0;
  7898. do
  7899. {
  7900. pRelativeTgtOUPath = wcschr(pRelativeTgtOUPath+1,L',');
  7901. } while ((pRelativeTgtOUPath) && ( *(pRelativeTgtOUPath-1) == L'\\' ));
  7902. }
  7903. }
  7904. if ( pRelativeTgtOUPath )
  7905. {
  7906. *pRelativeTgtOUPath = 0;
  7907. if ( pOptions->bUndo && pTemp )
  7908. {
  7909. pAcct->SetTargetName(pTemp);
  7910. // get the source CN name for the account
  7911. UStrCpy(sSrcTemp,pAcct->GetSourcePath());
  7912. WCHAR * start = wcschr(sSrcTemp + UStrLen(L"LDAP://")+2,L'/');
  7913. *start = 0;
  7914. start++;
  7915. WCHAR * comma = start-1;
  7916. do
  7917. {
  7918. comma = wcschr(comma+1,L',');
  7919. } while ( *(comma-1) == L'\\' );
  7920. *comma = 0;
  7921. pAcct->SetName(start);
  7922. }
  7923. swprintf(path,L"%ls/%ls,%ls",sPath,pAcct->GetTargetName(),pRelativeTgtOUPath+1);
  7924. if ( pOptions->bUndo )
  7925. {
  7926. UStrCpy(pOptions->tgtOUPath,pRelativeTgtOUPath+1);
  7927. }
  7928. }
  7929. else
  7930. {
  7931. MakeFullyQualifiedAdsPath(path, nPathLen, pOptions->tgtOUPath, pOptions->tgtDomain, pOptions->tgtNamingContext);
  7932. }
  7933. HRESULT hr = ADsGetObject(path,IID_IADs,(void**)&pAdsTemp);
  7934. if ( SUCCEEDED(hr) )
  7935. {
  7936. pAdsTemp->Release();
  7937. bObjectExists = TRUE;
  7938. }
  7939. // Also, check the SAM name to see if it exists on the target
  7940. hr = LookupAccountInTarget(pOptions,const_cast<WCHAR*>(pAcct->GetTargetSam()),sPath);
  7941. if ( SUCCEEDED(hr) )
  7942. {
  7943. bObjectExists = TRUE;
  7944. }
  7945. else
  7946. {
  7947. hr = 0;
  7948. }
  7949. return bObjectExists;
  7950. }
  7951. //-----------------------------------------------------------------------------------------
  7952. // UpdateMemberToGroups This function updates the groups that the accounts are members of.
  7953. // adding this member to all the groups that have been migrated.
  7954. //-----------------------------------------------------------------------------------------
  7955. HRESULT CAcctRepl::UpdateMemberToGroups(TNodeListSortable * acctList, Options *pOptions, BOOL bGrpsOnly)
  7956. {
  7957. TNodeListSortable newList;
  7958. WCHAR mesg[LEN_Path];
  7959. HRESULT hr = S_OK;
  7960. BSTR sTargetName = NULL;
  7961. // Expand the containers and the membership
  7962. wcscpy(mesg, GET_STRING(IDS_EXPANDING_MEMBERSHIP));
  7963. Progress(mesg);
  7964. // Expand the list to include all the groups that the accounts in this list are members of
  7965. newList.CompareSet(&TNodeCompareAccountType);
  7966. if ( !newList.IsTree() ) newList.SortedToTree();
  7967. // Call expand membership function to get a list of all groups that contain as members objects in our account list
  7968. if ( ExpandMembership( acctList, pOptions, &newList, Progress, bGrpsOnly) )
  7969. {
  7970. if ( newList.IsTree() ) newList.ToSorted();
  7971. TNodeListEnum e;
  7972. TAcctReplNode * pNode = NULL;
  7973. for ( pNode = (TAcctReplNode *)e.OpenFirst((TNodeList*)&newList); pNode; pNode = (TAcctReplNode*)e.Next())
  7974. {
  7975. // go through each of the account nodes in the newly added account list. Since
  7976. // we have special fields that contain the member information we can use that
  7977. // Find the account node that corresponds to the member information in this node
  7978. Lookup p;
  7979. p.pName = (WCHAR*) pNode->sMemberName;
  7980. p.pType = (WCHAR*) pNode->sMemberType;
  7981. TAcctReplNode * pNodeMember = (TAcctReplNode *) acctList->Find(&TNodeFindAccountName, &p);
  7982. bool bIgnored = false;
  7983. if (pNodeMember)
  7984. bIgnored = ((!pNodeMember->WasReplaced()) && (pNodeMember->GetStatus() & AR_Status_AlreadyExisted));
  7985. // If we found one ( we should always find one. ) and the member was successfuly
  7986. // added or replaced the member information.
  7987. if ( pNodeMember && ((pNodeMember->WasCreated() || pNodeMember->WasReplaced()) || bIgnored))
  7988. {
  7989. // Get the Group pointer and add the target object to the member.
  7990. IADsGroup * pGroup = NULL;
  7991. hr = ADsGetObject(const_cast<WCHAR*>(pNode->GetTargetPath()), IID_IADsGroup, (void**)&pGroup);
  7992. if ( SUCCEEDED(hr) )
  7993. {
  7994. pGroup->get_Name(&sTargetName);
  7995. if ( pOptions->nochange )
  7996. {
  7997. VARIANT_BOOL bIsMem;
  7998. hr = pGroup->IsMember(const_cast<WCHAR*>(pNodeMember->GetTargetPath()), &bIsMem);
  7999. if ( SUCCEEDED(hr) )
  8000. {
  8001. if ( bIsMem )
  8002. hr = HRESULT_FROM_WIN32(NERR_UserExists);
  8003. }
  8004. }
  8005. else
  8006. {
  8007. //add the new account to the group
  8008. hr = pGroup->Add(const_cast<WCHAR*>(pNodeMember->GetTargetPath()));
  8009. /* if the new account's source account is also in the group, remove it */
  8010. IIManageDBPtr pDB = pOptions->pDb;
  8011. IVarSetPtr pVsTemp(__uuidof(VarSet));
  8012. IUnknown * pUnk;
  8013. //is this account in the migrated objects table
  8014. pVsTemp->QueryInterface(IID_IUnknown, (void**) &pUnk);
  8015. HRESULT hrFind = pDB->raw_GetAMigratedObject(_bstr_t(pNodeMember->GetSourceSam()), pOptions->srcDomain, pOptions->tgtDomain, &pUnk);
  8016. pUnk->Release();
  8017. if (hrFind == S_OK)
  8018. {
  8019. //remove the source account from the group
  8020. RemoveSourceAccountFromGroup(pGroup, pVsTemp, pOptions);
  8021. }
  8022. }
  8023. }
  8024. if ( SUCCEEDED(hr) )
  8025. err.MsgWrite(0, DCT_MSG_ADDED_TO_GROUP_SS, pNodeMember->GetTargetPath(), (WCHAR*)sTargetName);
  8026. else
  8027. {
  8028. _bstr_t sGrpName = sTargetName;
  8029. if (sTargetName == NULL)
  8030. sGrpName = pNode->GetTargetPath();
  8031. hr = BetterHR(hr);
  8032. if ( HRESULT_CODE(hr) == NERR_UserExists )
  8033. {
  8034. err.MsgWrite(0,DCT_MSG_USER_IN_GROUP_SS,pNodeMember->GetTargetPath(), (WCHAR*)sGrpName);
  8035. }
  8036. else if ( HRESULT_CODE(hr) == NERR_UserNotFound )
  8037. {
  8038. err.SysMsgWrite(0, hr, DCT_MSG_MEMBER_NONEXIST_SS, pNodeMember->GetTargetPath(), (WCHAR*)sGrpName, hr);
  8039. }
  8040. else
  8041. {
  8042. // message for the generic failure case
  8043. err.SysMsgWrite(ErrW, hr, DCT_MSG_FAILED_TO_ADD_TO_GROUP_SSD, pNodeMember->GetTargetPath(), (WCHAR*)sGrpName, hr);
  8044. Mark(L"warnings", pNodeMember->GetType());
  8045. }
  8046. }
  8047. }
  8048. }
  8049. // Clean up the list.
  8050. TAcctReplNode * pNext = NULL;
  8051. for ( pNode = (TAcctReplNode *)e.OpenFirst(&newList); pNode; pNode = pNext)
  8052. {
  8053. pNext = (TAcctReplNode *)e.Next();
  8054. newList.Remove(pNode);
  8055. delete pNode;
  8056. }
  8057. }
  8058. return hr;
  8059. }
  8060. // This function enumerates all members of the Universal/Global groups and for each member
  8061. // checks if that member has been migrated. If it is then it removes the source member and
  8062. // adds the target member.
  8063. HRESULT CAcctRepl::ResetMembersForUnivGlobGroups(Options *pOptions, TAcctReplNode *pAcct)
  8064. {
  8065. IADsGroup * pGroup;
  8066. HRESULT hr;
  8067. _bstr_t sMember;
  8068. _bstr_t sTgtMem;
  8069. WCHAR sSrcPath[LEN_Path];
  8070. WCHAR sTgtPath[LEN_Path];
  8071. DWORD nPathLen = LEN_Path;
  8072. IVarSetPtr pVs(__uuidof(VarSet));
  8073. IUnknown * pUnk;
  8074. IADsMembers * pMembers = NULL;
  8075. IEnumVARIANT * pEnum = NULL;
  8076. _variant_t var;
  8077. if ( pAcct->WasReplaced() )
  8078. {
  8079. WCHAR subPath[LEN_Path];
  8080. WCHAR sPaths[LEN_Path];
  8081. wcscpy(subPath, pAcct->GetTargetPath());
  8082. StuffComputerNameinLdapPath(sPaths, nPathLen, subPath, pOptions, TRUE);
  8083. hr = ADsGetObject(sPaths, IID_IADsGroup, (void**) &pGroup);
  8084. err.MsgWrite(0, DCT_UPDATING_MEMBERS_TO_GROUP_SS, pAcct->GetTargetName(), sPaths);
  8085. }
  8086. else
  8087. return S_OK;
  8088. if ( FAILED(hr) ) return hr;
  8089. hr = pGroup->Members(&pMembers);
  8090. if ( SUCCEEDED(hr) )
  8091. {
  8092. hr = pMembers->get__NewEnum((IUnknown**)&pEnum);
  8093. }
  8094. if ( SUCCEEDED(hr) )
  8095. {
  8096. DWORD dwFet = 0;
  8097. while ( pEnum->Next(1, &var, &dwFet) == S_OK )
  8098. {
  8099. IDispatch * pDisp = var.pdispVal;
  8100. IADs * pAds = NULL;
  8101. pDisp->QueryInterface(IID_IADs, (void**)&pAds);
  8102. pAds->Get(L"distinguishedName", &var);
  8103. pAds->Release();
  8104. sMember = var;
  8105. pVs->QueryInterface(IID_IUnknown, (void**)&pUnk);
  8106. hr = pOptions->pDb->raw_GetMigratedObjectBySourceDN(sMember, &pUnk);
  8107. pUnk->Release();
  8108. if ( hr == S_OK )
  8109. {
  8110. // Since we have moved this member we should remove it from the group
  8111. // and add target member to the group.
  8112. sTgtMem = pVs->get(L"MigratedObjects.TargetAdsPath");
  8113. _bstr_t sTgtType = pVs->get(L"MigratedObjects.Type");
  8114. if ( !_wcsicmp(L"computer", (WCHAR*) sTgtType ) )
  8115. {
  8116. MakeFullyQualifiedAdsPath(sSrcPath, nPathLen, (WCHAR*)sMember, pOptions->srcComp + 2, L"");
  8117. MakeFullyQualifiedAdsPath(sTgtPath, nPathLen, (WCHAR*)sTgtMem, pOptions->tgtComp + 2, L"");
  8118. // HRESULT hr1 = pGroup->Remove(sSrcPath);
  8119. pGroup->Remove(sSrcPath);
  8120. if ( ! pOptions->nochange )
  8121. hr = pGroup->Add(sTgtPath);
  8122. else
  8123. hr = 0;
  8124. if ( SUCCEEDED(hr) )
  8125. {
  8126. err.MsgWrite(0, DCT_REPLACE_MEMBER_TO_GROUP_SSS, (WCHAR*)sMember, (WCHAR*) sTgtMem, pAcct->GetTargetName());
  8127. }
  8128. else
  8129. {
  8130. err.SysMsgWrite(ErrE, hr, DCT_REPLACE_MEMBER_FAILED_SSS, (WCHAR*)sMember, (WCHAR*) sTgtMem, pAcct->GetTargetName());
  8131. }
  8132. }
  8133. }
  8134. }
  8135. }
  8136. if ( pEnum ) pEnum->Release();
  8137. if ( pMembers ) pMembers->Release();
  8138. return hr;
  8139. }
  8140. /* This function will get the varset from the action history table for the given
  8141. undo action ID. We will find the given source name and retrieve the UPN for
  8142. that account */
  8143. void CAcctRepl::GetAccountUPN(Options * pOptions, _bstr_t sSName, _bstr_t& sSUPN)
  8144. {
  8145. HRESULT hr;
  8146. IUnknown * pUnk = NULL;
  8147. IVarSetPtr pVsAH(__uuidof(VarSet));
  8148. sSUPN = L"";
  8149. hr = pVsAH->QueryInterface(IID_IUnknown, (void**)&pUnk);
  8150. //fill a varset with the setting from the action to be undone from the Action History table
  8151. if ( SUCCEEDED(hr) )
  8152. hr = pOptions->pDb->raw_GetActionHistory(pOptions->lUndoActionID, &pUnk);
  8153. if (pUnk) pUnk->Release();
  8154. if ( hr == S_OK )
  8155. {
  8156. WCHAR key[MAX_PATH];
  8157. bool bFound = false;
  8158. int i = 0;
  8159. long numAccounts = pVsAH->get(GET_BSTR(DCTVS_Accounts_NumItems));
  8160. _bstr_t tempName;
  8161. while ((i<numAccounts) && (!bFound))
  8162. {
  8163. swprintf(key,GET_STRING(DCTVSFmt_Accounts_D),i);
  8164. tempName = pVsAH->get(key);
  8165. if (_wcsicmp((WCHAR*)tempName, (WCHAR*)sSName) == 0)
  8166. {
  8167. bFound = true;
  8168. swprintf(key,GET_STRING(DCTVSFmt_Accounts_SourceUPN_D),i);
  8169. sSUPN = pVsAH->get(key);
  8170. }
  8171. i++;
  8172. }//end while
  8173. }//end if S_OK
  8174. }
  8175. /*********************************************************************
  8176. * *
  8177. * Written by: Paul Thompson *
  8178. * Date: 1 NOV 2000 *
  8179. * *
  8180. * This function is responsible for updating the *
  8181. * manager\directReports properties for a migrated user or the *
  8182. * managedBy\managedObjects properties for a migrated group. *
  8183. * *
  8184. *********************************************************************/
  8185. //BEGIN UpdateManagement
  8186. HRESULT CAcctRepl::UpdateManagement(TNodeListSortable * acctList, Options *pOptions)
  8187. {
  8188. /* local variables */
  8189. HRESULT hr = S_OK;
  8190. TAcctReplNode * pAcct;
  8191. IEnumVARIANT * pEnum;
  8192. INetObjEnumeratorPtr pQuery(__uuidof(NetObjEnumerator));
  8193. INetObjEnumeratorPtr pQuery2(__uuidof(NetObjEnumerator));
  8194. LPWSTR sUCols[] = { L"directReports",L"managedObjects", L"manager"};
  8195. int nUCols = DIM(sUCols);
  8196. LPWSTR sGCols[] = { L"managedBy" };
  8197. int nGCols = DIM(sGCols);
  8198. SAFEARRAY * cols;
  8199. SAFEARRAYBOUND bdU = { nUCols, 0 };
  8200. SAFEARRAYBOUND bdG = { nGCols, 0 };
  8201. BSTR HUGEP * pData = NULL;
  8202. _bstr_t sQuery;
  8203. _variant_t varMgr;
  8204. _variant_t varDR;
  8205. _variant_t varMdO;
  8206. _variant_t varMain;
  8207. _variant_t HUGEP * pDt, * pVar;
  8208. DWORD dwf;
  8209. _bstr_t sTPath;
  8210. _bstr_t sPath;
  8211. _bstr_t sSam;
  8212. _bstr_t sType;
  8213. _bstr_t sName;
  8214. long lgrpType;
  8215. WCHAR mesg[LEN_Path];
  8216. IADs * pDSE = NULL;
  8217. WCHAR strText[LEN_Path];
  8218. _variant_t varGC;
  8219. /* function body */
  8220. //change from a tree to a sorted list
  8221. if ( acctList->IsTree() ) acctList->ToSorted();
  8222. //prepare to connect to the GC
  8223. _bstr_t sGCDomain = pOptions->srcDomainDns;
  8224. swprintf(strText,L"LDAP://%ls/RootDSE",pOptions->srcDomainDns);
  8225. hr = ADsGetObject(strText,IID_IADs,(void**)&pDSE);
  8226. if ( SUCCEEDED(hr) )
  8227. {
  8228. hr = pDSE->Get(L"RootDomainNamingContext",&varGC);
  8229. if ( SUCCEEDED(hr) )
  8230. sGCDomain = GetDomainDNSFromPath(varGC.bstrVal);
  8231. }
  8232. _bstr_t sGCPath = _bstr_t(L"GC://") + sGCDomain;
  8233. //for each account migrated, if not excluded, migrate the manager\directReports
  8234. for ( pAcct = (TAcctReplNode*)acctList->Head(); pAcct; pAcct = (TAcctReplNode*)pAcct->Next())
  8235. {
  8236. if ( pOptions->pStatus )
  8237. {
  8238. LONG status = 0;
  8239. HRESULT hr = pOptions->pStatus->get_Status(&status);
  8240. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  8241. {
  8242. if ( !bAbortMessageWritten )
  8243. {
  8244. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  8245. bAbortMessageWritten = true;
  8246. }
  8247. break;
  8248. }
  8249. }
  8250. //update the message
  8251. wsprintf(mesg, GET_STRING(IDS_UPDATING_MGR_PROPS_S), pAcct->GetName());
  8252. Progress(mesg);
  8253. //build the path to the source object
  8254. WCHAR sPathSource[LEN_Path];
  8255. DWORD nPathLen = LEN_Path;
  8256. StuffComputerNameinLdapPath(sPathSource, nPathLen, const_cast<WCHAR*>(pAcct->GetSourcePath()), pOptions, FALSE);
  8257. //connect to the GC instead of a specific DC
  8258. WCHAR * pTemp = wcschr(sPathSource + 7, L'/');
  8259. if ( pTemp )
  8260. {
  8261. _bstr_t sNewPath = sGCPath + _bstr_t(pTemp);
  8262. wcscpy(sPathSource, sNewPath);
  8263. }
  8264. //for user, migrate the manager\directReports relationship
  8265. if (!_wcsicmp(pAcct->GetType(), L"user"))
  8266. {
  8267. //if the manager property has explicitly been excluded from migration by the user, don't migrate it
  8268. if ((pOptions->bExcludeProps) &&
  8269. (IsStringInDelimitedString((WCHAR*)pOptions->sExcUserProps, L"manager", L',')))
  8270. continue;
  8271. /* get the "manager", and "directReports", and "managedObjects" property */
  8272. //build the column array
  8273. cols = SafeArrayCreate(VT_BSTR, 1, &bdU);
  8274. SafeArrayAccessData(cols, (void HUGEP **) &pData);
  8275. for ( int i = 0; i < nUCols; i++)
  8276. pData[i] = SysAllocString(sUCols[i]);
  8277. SafeArrayUnaccessData(cols);
  8278. sQuery = L"(objectClass=*)";
  8279. //query the information
  8280. hr = pQuery->raw_SetQuery(sPathSource, pOptions->srcDomain, sQuery, ADS_SCOPE_SUBTREE, TRUE);
  8281. if (FAILED(hr)) return FALSE;
  8282. hr = pQuery->raw_SetColumns(cols);
  8283. if (FAILED(hr)) return FALSE;
  8284. hr = pQuery->raw_Execute(&pEnum);
  8285. if (FAILED(hr)) return FALSE;
  8286. while (pEnum->Next(1, &varMain, &dwf) == S_OK)
  8287. {
  8288. SAFEARRAY * vals = V_ARRAY(&varMain);
  8289. // Get the VARIANT Array out
  8290. SafeArrayAccessData(vals, (void HUGEP**) &pDt);
  8291. varDR = pDt[0];
  8292. varMdO = pDt[1];
  8293. varMgr = pDt[2];
  8294. SafeArrayUnaccessData(vals);
  8295. //process the manager by setting the manager on the moved user if the
  8296. //source user's manager has been migrated
  8297. if ( varMgr.vt & VT_ARRAY )
  8298. {
  8299. //we always get an Array of variants
  8300. SAFEARRAY * multiVals = varMgr.parray;
  8301. SafeArrayAccessData(multiVals, (void HUGEP **) &pVar);
  8302. for ( DWORD dw = 0; dw < multiVals->rgsabound->cElements; dw++ )
  8303. {
  8304. _bstr_t sManager = _bstr_t(V_BSTR(&pVar[dw]));
  8305. sManager = PadDN(sManager);
  8306. _bstr_t sSrcDomain = GetDomainDNSFromPath(sManager);
  8307. sPath = _bstr_t(L"LDAP://") + sSrcDomain + _bstr_t(L"/") + sManager;
  8308. if (GetSamFromPath(sPath, sSam, sType, sName, lgrpType, pOptions))
  8309. {
  8310. IVarSetPtr pVs(__uuidof(VarSet));
  8311. IUnknown * pUnk = NULL;
  8312. pVs->QueryInterface(IID_IUnknown, (void**) &pUnk);
  8313. WCHAR sDomainNB[LEN_Path];
  8314. WCHAR sDNS[LEN_Path];
  8315. //get NetBIOS of the objects source domain
  8316. GetDnsAndNetbiosFromName(sSrcDomain, sDomainNB, sDNS);
  8317. // See if the manager was migrated
  8318. hr = pOptions->pDb->raw_GetAMigratedObjectToAnyDomain((WCHAR*)sSam, sDomainNB, &pUnk);
  8319. if ( hr == S_OK )
  8320. {
  8321. _variant_t var;
  8322. //get the manager's target adspath
  8323. var = pVs->get(L"MigratedObjects.TargetAdsPath");
  8324. sTPath = V_BSTR(&var);
  8325. if ( wcslen((WCHAR*)sTPath) > 0 )
  8326. {
  8327. IADsUser * pUser = NULL;
  8328. //set the manager on the target object
  8329. hr = ADsGetObject((WCHAR*)pAcct->GetTargetPath(), IID_IADsUser, (void**)&pUser);
  8330. if ( SUCCEEDED(hr) )
  8331. {
  8332. _bstr_t sTemp = _bstr_t(wcsstr((WCHAR*)sTPath, L"CN="));
  8333. var = sTemp;
  8334. hr = pUser->Put(L"Manager", var);
  8335. if ( SUCCEEDED(hr) )
  8336. {
  8337. hr = pUser->SetInfo();
  8338. if (FAILED(hr))
  8339. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)sTPath, (WCHAR*)pAcct->GetTargetPath(), hr);
  8340. }
  8341. else
  8342. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)sTPath, (WCHAR*)pAcct->GetTargetPath(), hr);
  8343. pUser->Release();
  8344. }
  8345. else
  8346. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)sTPath, (WCHAR*)pAcct->GetTargetPath(), hr);
  8347. }//end if got the path to the manager on the target
  8348. }//end if manager was migrated
  8349. pUnk->Release();
  8350. }//end if got source sam
  8351. }//for each manager (only one)
  8352. SafeArrayUnaccessData(multiVals);
  8353. }//end if variant array (it will be)
  8354. //process the directReports by setting the manager on the previously moved
  8355. //user if the source user's manager has been migrated
  8356. if ( varDR.vt & VT_ARRAY )
  8357. {
  8358. //we always get an Array of variants
  8359. SAFEARRAY * multiVals = varDR.parray;
  8360. SafeArrayAccessData(multiVals, (void HUGEP **) &pVar);
  8361. for ( DWORD dw = 0; dw < multiVals->rgsabound->cElements; dw++ )
  8362. {
  8363. _bstr_t sDirectReport = _bstr_t(V_BSTR(&pVar[dw]));
  8364. sDirectReport = PadDN(sDirectReport);
  8365. _bstr_t sSrcDomain = GetDomainDNSFromPath(sDirectReport);
  8366. sPath = _bstr_t(L"LDAP://") + sSrcDomain + _bstr_t(L"/") + sDirectReport;
  8367. if (GetSamFromPath(sPath, sSam, sType, sName, lgrpType, pOptions))
  8368. {
  8369. IVarSetPtr pVs(__uuidof(VarSet));
  8370. IUnknown * pUnk = NULL;
  8371. pVs->QueryInterface(IID_IUnknown, (void**) &pUnk);
  8372. WCHAR sDomainNB[LEN_Path];
  8373. WCHAR sDNS[LEN_Path];
  8374. //get NetBIOS of the objects source domain
  8375. GetDnsAndNetbiosFromName(sSrcDomain, sDomainNB, sDNS);
  8376. // See if the direct report was migrated
  8377. hr = pOptions->pDb->raw_GetAMigratedObjectToAnyDomain((WCHAR*)sSam, sDomainNB, &pUnk);
  8378. if ( hr == S_OK )
  8379. {
  8380. _variant_t var;
  8381. //get the direct report's target adspath
  8382. var = pVs->get(L"MigratedObjects.TargetAdsPath");
  8383. sTPath = V_BSTR(&var);
  8384. if ( wcslen((WCHAR*)sTPath) > 0 )
  8385. {
  8386. IADsUser * pUser = NULL;
  8387. //set the manager on the target object
  8388. hr = ADsGetObject(sTPath, IID_IADsUser, (void**)&pUser);
  8389. if ( SUCCEEDED(hr) )
  8390. {
  8391. _bstr_t sTemp = _bstr_t(wcsstr((WCHAR*)pAcct->GetTargetPath(), L"CN="));
  8392. var = sTemp;
  8393. hr = pUser->Put(L"Manager", var);
  8394. if ( SUCCEEDED(hr) )
  8395. {
  8396. hr = pUser->SetInfo();
  8397. if (FAILED(hr))
  8398. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)pAcct->GetTargetPath(), (WCHAR*)sTPath, hr);
  8399. }
  8400. else
  8401. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)pAcct->GetTargetPath(), (WCHAR*)sTPath, hr);
  8402. pUser->Release();
  8403. }
  8404. else
  8405. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)pAcct->GetTargetPath(), (WCHAR*)sTPath, hr);
  8406. }//end if got the path to the manager on the target
  8407. }//end if manager was migrated
  8408. pUnk->Release();
  8409. }//end if got source sam
  8410. }//for each directReport
  8411. SafeArrayUnaccessData(multiVals);
  8412. }//end if variant array (it will be)
  8413. /* get the "managedObjects" property */
  8414. //process the managedObjects by setting the managedBy on the moved group if the
  8415. //source user's managed group has been migrated
  8416. if ( varMdO.vt & VT_ARRAY )
  8417. {
  8418. //we always get an Array of variants
  8419. SAFEARRAY * multiVals = varMdO.parray;
  8420. SafeArrayAccessData(multiVals, (void HUGEP **) &pVar);
  8421. for ( DWORD dw = 0; dw < multiVals->rgsabound->cElements; dw++ )
  8422. {
  8423. _bstr_t sManaged = _bstr_t(V_BSTR(&pVar[dw]));
  8424. sManaged = PadDN(sManaged);
  8425. _bstr_t sSrcDomain = GetDomainDNSFromPath(sManaged);
  8426. sPath = _bstr_t(L"LDAP://") + sSrcDomain + _bstr_t(L"/") + sManaged;
  8427. if (GetSamFromPath(sPath, sSam, sType, sName, lgrpType, pOptions))
  8428. {
  8429. IVarSetPtr pVs(__uuidof(VarSet));
  8430. IUnknown * pUnk = NULL;
  8431. pVs->QueryInterface(IID_IUnknown, (void**) &pUnk);
  8432. WCHAR sDomainNB[LEN_Path];
  8433. WCHAR sDNS[LEN_Path];
  8434. //get NetBIOS of the objects source domain
  8435. GetDnsAndNetbiosFromName(sSrcDomain, sDomainNB, sDNS);
  8436. // See if the managed object was migrated
  8437. hr = pOptions->pDb->raw_GetAMigratedObjectToAnyDomain((WCHAR*)sSam, sDomainNB, &pUnk);
  8438. if ( hr == S_OK )
  8439. {
  8440. _variant_t var;
  8441. //get the managed object's target adspath
  8442. var = pVs->get(L"MigratedObjects.TargetAdsPath");
  8443. sTPath = V_BSTR(&var);
  8444. if ( wcslen((WCHAR*)sTPath) > 0 )
  8445. {
  8446. IADsGroup * pGroup = NULL;
  8447. //set the manager on the target object
  8448. hr = ADsGetObject(sTPath, IID_IADsGroup, (void**)&pGroup);
  8449. if ( SUCCEEDED(hr) )
  8450. {
  8451. _bstr_t sTemp = _bstr_t(wcsstr((WCHAR*)pAcct->GetTargetPath(), L"CN="));
  8452. var = sTemp;
  8453. hr = pGroup->Put(L"ManagedBy", var);
  8454. if ( SUCCEEDED(hr) )
  8455. {
  8456. hr = pGroup->SetInfo();
  8457. if (FAILED(hr))
  8458. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)pAcct->GetTargetPath(), (WCHAR*)sTPath, hr);
  8459. }
  8460. else
  8461. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)pAcct->GetTargetPath(), (WCHAR*)sTPath, hr);
  8462. pGroup->Release();
  8463. }
  8464. else
  8465. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)pAcct->GetTargetPath(), (WCHAR*)sTPath, hr);
  8466. }//end if got the path to the manager on the target
  8467. }//end if manager was migrated
  8468. pUnk->Release();
  8469. }//end if got source sam
  8470. }//for each manager (only one)
  8471. SafeArrayUnaccessData(multiVals);
  8472. }//end if variant array (it will be)
  8473. varMgr.Clear();
  8474. varMdO.Clear();
  8475. varDR.Clear();
  8476. VariantInit(&varMain); // data not owned by varMain so clear VARTYPE
  8477. }
  8478. if (pEnum)
  8479. pEnum->Release();
  8480. // SafeArrayDestroy(cols);
  8481. }//end if user
  8482. //for group, migrate the managedBy\managedObjects relationship
  8483. if (!_wcsicmp(pAcct->GetType(), L"group"))
  8484. {
  8485. //if the managedBy property has explicitly been excluded from migration by the user, don't migrate it
  8486. if (IsStringInDelimitedString((WCHAR*)pOptions->sExcGroupProps, L"managedBy", L','))
  8487. continue;
  8488. /* get the "managedBy" property */
  8489. //build the column array
  8490. cols = SafeArrayCreate(VT_BSTR, 1, &bdG);
  8491. SafeArrayAccessData(cols, (void HUGEP **) &pData);
  8492. for ( int i = 0; i < nGCols; i++)
  8493. pData[i] = SysAllocString(sGCols[i]);
  8494. SafeArrayUnaccessData(cols);
  8495. sQuery = L"(objectClass=*)";
  8496. //query the information
  8497. hr = pQuery->raw_SetQuery(sPathSource, pOptions->srcDomain, sQuery, ADS_SCOPE_BASE, TRUE);
  8498. if (FAILED(hr)) return FALSE;
  8499. hr = pQuery->raw_SetColumns(cols);
  8500. if (FAILED(hr)) return FALSE;
  8501. hr = pQuery->raw_Execute(&pEnum);
  8502. if (FAILED(hr)) return FALSE;
  8503. while (pEnum->Next(1, &varMain, &dwf) == S_OK)
  8504. {
  8505. SAFEARRAY * vals = V_ARRAY(&varMain);
  8506. // Get the VARIANT Array out
  8507. SafeArrayAccessData(vals, (void HUGEP**) &pDt);
  8508. varMgr = pDt[0];
  8509. SafeArrayUnaccessData(vals);
  8510. //process the managedBy by setting the managedBy on the moved group if the
  8511. //source group's manager has been migrated
  8512. if ( varMgr.vt & VT_BSTR )
  8513. {
  8514. _bstr_t sManager = varMgr;
  8515. sManager = PadDN(sManager);
  8516. _bstr_t sSrcDomain = GetDomainDNSFromPath(sManager);
  8517. sPath = _bstr_t(L"LDAP://") + sSrcDomain + _bstr_t(L"/") + sManager;
  8518. if (GetSamFromPath(sPath, sSam, sType, sName, lgrpType, pOptions))
  8519. {
  8520. IVarSetPtr pVs(__uuidof(VarSet));
  8521. IUnknown * pUnk = NULL;
  8522. pVs->QueryInterface(IID_IUnknown, (void**) &pUnk);
  8523. WCHAR sDomainNB[LEN_Path];
  8524. WCHAR sDNS[LEN_Path];
  8525. //get NetBIOS of the objects source domain
  8526. GetDnsAndNetbiosFromName(sSrcDomain, sDomainNB, sDNS);
  8527. // See if the manager was migrated
  8528. hr = pOptions->pDb->raw_GetAMigratedObjectToAnyDomain((WCHAR*)sSam, sDomainNB, &pUnk);
  8529. if ( hr == S_OK )
  8530. {
  8531. _variant_t var;
  8532. //get the manager's target adspath
  8533. var = pVs->get(L"MigratedObjects.TargetAdsPath");
  8534. sTPath = V_BSTR(&var);
  8535. if ( wcslen((WCHAR*)sTPath) > 0 )
  8536. {
  8537. IADsGroup * pGroup = NULL;
  8538. //set the manager on the target object
  8539. hr = ADsGetObject((WCHAR*)pAcct->GetTargetPath(), IID_IADsGroup, (void**)&pGroup);
  8540. if ( SUCCEEDED(hr) )
  8541. {
  8542. _bstr_t sTemp = _bstr_t(wcsstr((WCHAR*)sTPath, L"CN="));
  8543. var = sTemp;
  8544. hr = pGroup->Put(L"ManagedBy", var);
  8545. if ( SUCCEEDED(hr) )
  8546. {
  8547. hr = pGroup->SetInfo();
  8548. if (FAILED(hr))
  8549. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)sTPath, (WCHAR*)pAcct->GetTargetPath(), hr);
  8550. }
  8551. else
  8552. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)sTPath, (WCHAR*)pAcct->GetTargetPath(), hr);
  8553. pGroup->Release();
  8554. }
  8555. else
  8556. err.SysMsgWrite(0, hr, DCT_MSG_MANAGER_MIG_FAILED, (WCHAR*)sTPath, (WCHAR*)pAcct->GetTargetPath(), hr);
  8557. }//end if got the path to the manager on the target
  8558. }//end if manager was migrated
  8559. pUnk->Release();
  8560. }//end if got source sam
  8561. }//end if variant array (it will be)
  8562. VariantClear(&varMgr);
  8563. VariantClear(&varMain);
  8564. }
  8565. if (pEnum)
  8566. pEnum->Release();
  8567. // SafeArrayDestroy(cols);
  8568. }//end if group
  8569. }//end for each account being migrated
  8570. wcscpy(mesg, L"");
  8571. Progress(mesg);
  8572. return hr;
  8573. }
  8574. //END UpdateManagement
  8575. /*********************************************************************
  8576. * *
  8577. * Written by: Paul Thompson *
  8578. * Date: 29 NOV 2000 *
  8579. * *
  8580. * This function is responsible for removing the escape character*
  8581. * in front of any '/' characters. *
  8582. * *
  8583. *********************************************************************/
  8584. //BEGIN GetUnEscapedNameWithFwdSlash
  8585. _bstr_t CAcctRepl::GetUnEscapedNameWithFwdSlash(_bstr_t strName)
  8586. {
  8587. /* local variables */
  8588. WCHAR szNameOld[MAX_PATH];
  8589. WCHAR szNameNew[MAX_PATH];
  8590. WCHAR * pchBeg = NULL;
  8591. _bstr_t sNewName = L"";
  8592. /* function body */
  8593. if (strName.length())
  8594. {
  8595. safecopy(szNameOld, (WCHAR*)strName);
  8596. for (WCHAR* pch = wcschr(szNameOld, _T('\\')); pch; pch = wcschr(pch + 1, _T('\\')))
  8597. {
  8598. if ((*(pch + 1)) == L'/')
  8599. {
  8600. if (pchBeg == NULL)
  8601. {
  8602. wcsncpy(szNameNew, szNameOld, pch - szNameOld);
  8603. szNameNew[pch - szNameOld] = L'\0';
  8604. }
  8605. else
  8606. {
  8607. size_t cch = wcslen(szNameNew);
  8608. wcsncat(szNameNew, pchBeg, pch - pchBeg);
  8609. szNameNew[cch + (pch - szNameOld)] = L'\0';
  8610. }
  8611. pchBeg = pch + 1;
  8612. }
  8613. }
  8614. if (pchBeg == NULL)
  8615. wcscpy(szNameNew, szNameOld);
  8616. else
  8617. wcscat(szNameNew, pchBeg);
  8618. sNewName = szNameNew;
  8619. }
  8620. return sNewName;
  8621. }
  8622. //END GetUnEscapedNameWithFwdSlash
  8623. /*********************************************************************
  8624. * *
  8625. * Written by: Paul Thompson *
  8626. * Date: 29 NOV 2000 *
  8627. * *
  8628. * This function is responsible for gets the CN name of an object*
  8629. * from an ADsPath and returns that CN name if it was retrieved or *
  8630. * NULL otherwise. *
  8631. * *
  8632. *********************************************************************/
  8633. //BEGIN GetCNFromPath
  8634. _bstr_t CAcctRepl::GetCNFromPath(_bstr_t sPath)
  8635. {
  8636. /* local variables */
  8637. BOOL bFound = FALSE;
  8638. WCHAR sName[MAX_PATH];
  8639. WCHAR sTempPath[MAX_PATH];
  8640. _bstr_t sCNName = L"";
  8641. WCHAR * sTempDN;
  8642. /* function body */
  8643. if (sPath.length() > 0)
  8644. {
  8645. wcscpy(sTempPath, (WCHAR*)sPath);
  8646. sTempDN = wcsstr(sTempPath, L"CN=");
  8647. if (sTempDN)
  8648. {
  8649. wcscpy(sName, sTempDN);
  8650. sTempDN = wcsstr(sName, L",OU=");
  8651. if (sTempDN)
  8652. {
  8653. bFound = TRUE;
  8654. *sTempDN = L'\0';
  8655. }
  8656. sTempDN = wcsstr(sName, L",CN=");
  8657. if (sTempDN)
  8658. {
  8659. bFound = TRUE;
  8660. *sTempDN = L'\0';
  8661. }
  8662. sTempDN = wcsstr(sName, L",DC=");
  8663. if (sTempDN)
  8664. {
  8665. bFound = TRUE;
  8666. *sTempDN = L'\0';
  8667. }
  8668. }
  8669. }
  8670. if (bFound)
  8671. sCNName = sName;
  8672. return sCNName;
  8673. }
  8674. //END GetCNFromPath
  8675. /*********************************************************************
  8676. * *
  8677. * Written by: Paul Thompson *
  8678. * Date: 26 FEB 2001 *
  8679. * *
  8680. * This function is responsible for replacing the source account *
  8681. * for a given list of accounts in any local groups they are a member*
  8682. * of on the target, if that account was migrated by ADMT. This *
  8683. * function is called during the undo process. *
  8684. * *
  8685. *********************************************************************/
  8686. //BEGIN ReplaceSourceInLocalGroup
  8687. BOOL CAcctRepl::ReplaceSourceInLocalGroup(TNodeListSortable *acctlist, //in- Accounts being processed
  8688. Options *pOptions, //in- Options specified by the user
  8689. IStatusObj *pStatus) // in -status object to support cancellation
  8690. {
  8691. /* local variables */
  8692. TAcctReplNode * pAcct;
  8693. IEnumVARIANT * pEnum;
  8694. INetObjEnumeratorPtr pQuery(__uuidof(NetObjEnumerator));
  8695. LPWSTR sCols[] = { L"memberOf" };
  8696. int nCols = DIM(sCols);
  8697. SAFEARRAY * psaCols;
  8698. SAFEARRAYBOUND bd = { nCols, 0 };
  8699. BSTR HUGEP * pData;
  8700. WCHAR sQuery[LEN_Path];
  8701. _variant_t HUGEP * pDt, * pVar;
  8702. _variant_t vx;
  8703. _variant_t varMain;
  8704. DWORD dwf = 0;
  8705. HRESULT hr = S_OK;
  8706. _bstr_t sDomPath = L"";
  8707. _bstr_t sDomain = L"";
  8708. /* function body */
  8709. FillNamingContext(pOptions);
  8710. //for each account, enumerate all local groups it is a member of and add the account's
  8711. //source account in that local group
  8712. for ( pAcct = (TAcctReplNode*)acctlist->Head(); pAcct; pAcct = (TAcctReplNode*)pAcct->Next())
  8713. {
  8714. // Do we need to abort ?
  8715. if ( pStatus )
  8716. {
  8717. LONG status = 0;
  8718. HRESULT hr = pStatus->get_Status(&status);
  8719. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  8720. {
  8721. if ( !bAbortMessageWritten )
  8722. {
  8723. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  8724. bAbortMessageWritten = true;
  8725. }
  8726. break;
  8727. }
  8728. }
  8729. //enumerate the groups this account is a member of
  8730. sDomain = GetDomainDNSFromPath(pAcct->GetTargetPath());
  8731. if (!_wcsicmp(pAcct->GetType(), L"user"))
  8732. wsprintf(sQuery, L"(&(sAMAccountName=%s)(objectCategory=Person)(objectClass=user))", pAcct->GetTargetSam());
  8733. else
  8734. wsprintf(sQuery, L"(&(sAMAccountName=%s)(objectCategory=Group))", pAcct->GetTargetSam());
  8735. psaCols = SafeArrayCreate(VT_BSTR, 1, &bd);
  8736. SafeArrayAccessData(psaCols, (void HUGEP **)&pData);
  8737. for ( int i = 0; i < nCols; i++ )
  8738. pData[i] = SysAllocString(sCols[i]);
  8739. SafeArrayUnaccessData(psaCols);
  8740. hr = pQuery->raw_SetQuery(sDomPath, sDomain, sQuery, ADS_SCOPE_SUBTREE, FALSE);
  8741. if (FAILED(hr)) return FALSE;
  8742. hr = pQuery->raw_SetColumns(psaCols);
  8743. if (FAILED(hr)) return FALSE;
  8744. hr = pQuery->raw_Execute(&pEnum);
  8745. if (FAILED(hr)) return FALSE;
  8746. //while more groups
  8747. while (pEnum->Next(1, &varMain, &dwf) == S_OK)
  8748. {
  8749. SAFEARRAY * vals = V_ARRAY(&varMain);
  8750. // Get the VARIANT Array out
  8751. SafeArrayAccessData(vals, (void HUGEP**) &pDt);
  8752. vx = pDt[0];
  8753. SafeArrayUnaccessData(vals);
  8754. if ( vx.vt == VT_BSTR )
  8755. {
  8756. _bstr_t sPath;
  8757. BSTR sGrpName = NULL;
  8758. IADsGroup * pGrp = NULL;
  8759. _variant_t var;
  8760. _bstr_t sDN = vx.bstrVal;
  8761. if (wcslen((WCHAR*)sDN) == 0)
  8762. continue;
  8763. sDN = PadDN(sDN);
  8764. sPath = _bstr_t(L"LDAP://") + sDomain + _bstr_t(L"/") + sDN;
  8765. //connect to the target group
  8766. hr = ADsGetObject(sPath, IID_IADsGroup, (void**)&pGrp);
  8767. if (FAILED(hr))
  8768. continue;
  8769. //get this group's type and name
  8770. hr = pGrp->get_Name(&sGrpName);
  8771. hr = pGrp->Get(L"groupType", &var);
  8772. //if this is a local group, get this account source path and add it as a member
  8773. if ((SUCCEEDED(hr)) && (var.lVal & 4))
  8774. {
  8775. //add the account's source account to the local group, using the sid string format
  8776. WCHAR strSid[MAX_PATH] = L"";
  8777. WCHAR strRid[MAX_PATH] = L"";
  8778. DWORD lenStrSid = DIM(strSid);
  8779. GetTextualSid(pAcct->GetSourceSid(), strSid, &lenStrSid);
  8780. _bstr_t sSrcDmSid = strSid;
  8781. _ltow((long)(pAcct->GetSourceRid()), strRid, 10);
  8782. _bstr_t sSrcRid = strRid;
  8783. if ((!sSrcDmSid.length()) || (!sSrcRid.length()))
  8784. {
  8785. hr = E_INVALIDARG;
  8786. err.SysMsgWrite(ErrW, hr, DCT_MSG_FAILED_TO_READD_TO_GROUP_SSD, pAcct->GetSourcePath(), (WCHAR*)sGrpName, hr);
  8787. continue;
  8788. }
  8789. //build an LDAP path to the src object in the group
  8790. _bstr_t sSrcSid = sSrcDmSid + _bstr_t(L"-") + sSrcRid;
  8791. _bstr_t sSrcLDAPPath = L"LDAP://";
  8792. sSrcLDAPPath += _bstr_t(pOptions->tgtComp + 2);
  8793. sSrcLDAPPath += L"/CN=";
  8794. sSrcLDAPPath += sSrcSid;
  8795. sSrcLDAPPath += L",CN=ForeignSecurityPrincipals,";
  8796. sSrcLDAPPath += pOptions->tgtNamingContext;
  8797. //add the source account to the local group
  8798. hr = pGrp->Add(sSrcLDAPPath);
  8799. if (SUCCEEDED(hr))
  8800. err.MsgWrite(0,DCT_MSG_READD_MEMBER_TO_GROUP_SS, pAcct->GetSourcePath(), (WCHAR*)sGrpName);
  8801. else
  8802. err.SysMsgWrite(ErrW, hr, DCT_MSG_FAILED_TO_READD_TO_GROUP_SSD, pAcct->GetSourcePath(), (WCHAR*)sGrpName, hr);
  8803. }//end if local group
  8804. if (pGrp)
  8805. pGrp->Release();
  8806. }//end if bstr
  8807. else if ( vx.vt & VT_ARRAY )
  8808. {
  8809. // We must have got an Array of multivalued properties
  8810. // Access the BSTR elements of this variant array
  8811. SAFEARRAY * multiVals = vx.parray;
  8812. SafeArrayAccessData(multiVals, (void HUGEP **) &pVar);
  8813. //for each group
  8814. for ( DWORD dw = 0; dw < multiVals->rgsabound->cElements; dw++ )
  8815. {
  8816. // Do we need to abort ?
  8817. if ( pStatus )
  8818. {
  8819. LONG status = 0;
  8820. HRESULT hr = pStatus->get_Status(&status);
  8821. if ( SUCCEEDED(hr) && status == DCT_STATUS_ABORTING )
  8822. {
  8823. if ( !bAbortMessageWritten )
  8824. {
  8825. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  8826. bAbortMessageWritten = true;
  8827. }
  8828. break;
  8829. }
  8830. }
  8831. _bstr_t sPath;
  8832. BSTR sGrpName = NULL;
  8833. IADsGroup * pGrp = NULL;
  8834. _variant_t var;
  8835. _bstr_t sDN = _bstr_t(V_BSTR(&pVar[dw]));
  8836. sDN = PadDN(sDN);
  8837. sPath = _bstr_t(L"LDAP://") + sDomain + _bstr_t(L"/") + sDN;
  8838. //connect to the target group
  8839. hr = ADsGetObject(sPath, IID_IADsGroup, (void**)&pGrp);
  8840. if (FAILED(hr))
  8841. continue;
  8842. //get this group's type and name
  8843. hr = pGrp->get_Name(&sGrpName);
  8844. hr = pGrp->Get(L"groupType", &var);
  8845. //if this is a local group, get this account source path and add it as a member
  8846. if ((SUCCEEDED(hr)) && (var.lVal & 4))
  8847. {
  8848. //add the account's source account to the local group, using the sid string format
  8849. WCHAR strSid[MAX_PATH];
  8850. WCHAR strRid[MAX_PATH];
  8851. DWORD lenStrSid = DIM(strSid);
  8852. GetTextualSid(pAcct->GetSourceSid(), strSid, &lenStrSid);
  8853. _bstr_t sSrcDmSid = strSid;
  8854. _ltow((long)(pAcct->GetSourceRid()), strRid, 10);
  8855. _bstr_t sSrcRid = strRid;
  8856. if ((!sSrcDmSid.length()) || (!sSrcRid.length()))
  8857. {
  8858. hr = E_INVALIDARG;
  8859. err.SysMsgWrite(ErrW, hr, DCT_MSG_FAILED_TO_READD_TO_GROUP_SSD, pAcct->GetSourcePath(), (WCHAR*)sGrpName, hr);
  8860. continue;
  8861. }
  8862. //build an LDAP path to the src object in the group
  8863. _bstr_t sSrcSid = sSrcDmSid + _bstr_t(L"-") + sSrcRid;
  8864. _bstr_t sSrcLDAPPath = L"LDAP://";
  8865. sSrcLDAPPath += _bstr_t(pOptions->tgtComp + 2);
  8866. sSrcLDAPPath += L"/CN=";
  8867. sSrcLDAPPath += sSrcSid;
  8868. sSrcLDAPPath += L",CN=ForeignSecurityPrincipals,";
  8869. sSrcLDAPPath += pOptions->tgtNamingContext;
  8870. //add the source account to the local group
  8871. hr = pGrp->Add(sSrcLDAPPath);
  8872. if (SUCCEEDED(hr))
  8873. err.MsgWrite(0,DCT_MSG_READD_MEMBER_TO_GROUP_SS, pAcct->GetSourcePath(), (WCHAR*)sGrpName);
  8874. else
  8875. err.SysMsgWrite(ErrW, hr, DCT_MSG_FAILED_TO_READD_TO_GROUP_SSD, pAcct->GetSourcePath, (WCHAR*)sGrpName, hr);
  8876. }//end if local group
  8877. if (pGrp)
  8878. pGrp->Release();
  8879. }//end for each group
  8880. SafeArrayUnaccessData(multiVals);
  8881. }//end if array of groups
  8882. }//end while groups
  8883. pEnum->Release();
  8884. VariantInit(&vx);
  8885. VariantInit(&varMain);
  8886. SafeArrayDestroy(psaCols);
  8887. }//end for each account
  8888. return TRUE;
  8889. }
  8890. //END ReplaceSourceInLocalGroup
  8891. /*********************************************************************
  8892. * *
  8893. * Written by: Paul Thompson *
  8894. * Date: 6 MAR 2001 *
  8895. * *
  8896. * This function is responsible for retrieving the actual source *
  8897. * domain, from the Migrated Objects table, of a given path if that *
  8898. * path is one to a foreign security principal. *
  8899. * *
  8900. *********************************************************************/
  8901. //BEGIN GetDomainOfMigratedForeignSecPrincipal
  8902. _bstr_t CAcctRepl::GetDomainOfMigratedForeignSecPrincipal(_bstr_t sPath)
  8903. {
  8904. /* local variables */
  8905. IVarSetPtr pVs(__uuidof(VarSet));
  8906. IUnknown * pUnk = NULL;
  8907. IADs * pTempAds = NULL;
  8908. HRESULT hr = S_OK;
  8909. _variant_t varName;
  8910. _bstr_t sDomainSid, sRid;
  8911. _bstr_t sDomain = L"";
  8912. BOOL bSplit = FALSE;
  8913. /* function body */
  8914. //if this account is outside the domain, lookup the account
  8915. //in the migrated objects table to retrieve it's actual source domain
  8916. if (wcsstr((WCHAR*)sPath, L"CN=ForeignSecurityPrincipals"))
  8917. {
  8918. //get the sid of this account
  8919. hr = ADsGetObject(sPath,IID_IADs,(void**)&pTempAds);
  8920. if (SUCCEEDED(hr))
  8921. {
  8922. hr = pTempAds->Get(SysAllocString(L"name"),&varName);
  8923. pTempAds->Release();
  8924. if (SUCCEEDED(hr))
  8925. {
  8926. WCHAR sName[MAX_PATH];
  8927. _bstr_t sTempName = varName;
  8928. wcscpy(sName, sTempName);
  8929. //break the sid into domain sid and account rid
  8930. WCHAR * pTemp = wcsrchr(sName, L'-');
  8931. if (pTemp)
  8932. {
  8933. sRid = (pTemp + 1);
  8934. *pTemp = L'\0';
  8935. sDomainSid = sName;
  8936. bSplit = TRUE;
  8937. }
  8938. }
  8939. }
  8940. //if we got the rid and domain sid, look in MOT for account's
  8941. //real source domain
  8942. if (bSplit)
  8943. {
  8944. pVs->QueryInterface(IID_IUnknown, (void**)&pUnk);
  8945. try
  8946. {
  8947. IIManageDBPtr pDB(CLSID_IManageDB);
  8948. hr = pDB->raw_GetAMigratedObjectBySidAndRid(sDomainSid, sRid, &pUnk);
  8949. if (SUCCEEDED(hr))
  8950. sDomain = pVs->get(L"MigratedObjects.SourceDomain");
  8951. }
  8952. catch(_com_error& e)
  8953. {
  8954. hr = e.Error();
  8955. }
  8956. catch(...)
  8957. {
  8958. hr = E_FAIL;
  8959. }
  8960. if (pUnk)
  8961. pUnk->Release();
  8962. }
  8963. }
  8964. return sDomain;
  8965. }
  8966. //END GetDomainOfMigratedForeignSecPrincipal
  8967. /*********************************************************************
  8968. * *
  8969. * Written by: Paul Thompson *
  8970. * Date: 22 APR 2001 *
  8971. * *
  8972. * This function is responsible for removing the source account *
  8973. * object, represented by its VarSet entry from the Migrated Objects *
  8974. * Table, from the given group. This helper function is used by *
  8975. * "UpdateMemberToGroups" and "UpdateGroupMembership" after *
  8976. * successfully adding the cloned account to this same group. *
  8977. * *
  8978. *********************************************************************/
  8979. //BEGIN RemoveSourceAccountFromGroup
  8980. void CAcctRepl::RemoveSourceAccountFromGroup(IADsGroup * pGroup, IVarSetPtr pMOTVarSet, Options * pOptions)
  8981. {
  8982. /* local variables */
  8983. _bstr_t sSrcDmSid, sSrcRid, sSrcPath, sGrpName = L"";
  8984. BSTR bstrGrpName = NULL;
  8985. HRESULT hr = S_OK;
  8986. /* function body */
  8987. //get the target group's name
  8988. hr = pGroup->get_Name(&bstrGrpName);
  8989. if ( SUCCEEDED(hr) )
  8990. sGrpName = bstrGrpName;
  8991. //get the source object's sid from the migrate objects table
  8992. sSrcDmSid = pMOTVarSet->get(L"MigratedObjects.SourceDomainSid");
  8993. sSrcRid = pMOTVarSet->get(L"MigratedObjects.SourceRid");
  8994. sSrcPath = pMOTVarSet->get(L"MigratedObjects.SourceAdsPath");
  8995. if ((wcslen((WCHAR*)sSrcDmSid) > 0) && (wcslen((WCHAR*)sSrcPath) > 0)
  8996. && (wcslen((WCHAR*)sSrcRid) > 0))
  8997. {
  8998. //build an LDAP path to the src object in the group
  8999. _bstr_t sSrcSid = sSrcDmSid + _bstr_t(L"-") + sSrcRid;
  9000. _bstr_t sSrcLDAPPath = L"LDAP://";
  9001. sSrcLDAPPath += _bstr_t(pOptions->tgtComp + 2);
  9002. sSrcLDAPPath += L"/CN=";
  9003. sSrcLDAPPath += sSrcSid;
  9004. sSrcLDAPPath += L",CN=ForeignSecurityPrincipals,";
  9005. sSrcLDAPPath += pOptions->tgtNamingContext;
  9006. VARIANT_BOOL bIsMem = VARIANT_FALSE;
  9007. //got the source LDAP path, now see if that account is in the group
  9008. pGroup->IsMember(sSrcLDAPPath, &bIsMem);
  9009. if (bIsMem)
  9010. {
  9011. hr = pGroup->Remove(sSrcLDAPPath);//remove the src account
  9012. if ( SUCCEEDED(hr) )
  9013. err.MsgWrite(0,DCT_MSG_REMOVE_FROM_GROUP_SS, (WCHAR*)sSrcPath, (WCHAR*)sGrpName);
  9014. }
  9015. }
  9016. }
  9017. //END RemoveSourceAccountFromGroup