From b3e44e8a430d505a13ebf364f0a1cf76a09d23fb Mon Sep 17 00:00:00 2001 From: Bala Ganapathy Date: Wed, 1 Aug 2018 16:49:23 -0700 Subject: [PATCH 1/2] changing principalid and objectid from GUID to string for ADFS scenarios --- .../ActiveDirectory/ActiveDirectoryClient.cs | 9 ++++---- .../ActiveDirectoryClientExtensions.cs | 22 +++++++++---------- .../ActiveDirectory/PSADApplication.cs | 2 +- .../ActiveDirectory/PSADObject.cs | 2 +- .../AddAzureADGroupMemberCommand.cs | 4 ++-- .../GetAzureADGroupMemberCommand.cs | 4 ++-- .../GetAzureADServicePrincipalCommand.cs | 2 +- .../GetAzureADSpCredentialCommand.cs | 2 +- .../NewAzureADServicePrincipalCommand.cs | 6 ++--- .../NewAzureADSpCredentialCommand.cs | 2 +- .../RemoveAzureADGroupCommand.cs | 4 ++-- .../RemoveAzureADGroupMemberCommand.cs | 4 ++-- .../RemoveAzureADServicePrincipalCommand.cs | 4 ++-- .../RemoveAzureADSpCredentialCommand.cs | 2 +- .../AuthorizationClient.cs | 2 +- .../AuthorizationClientExtensions.cs | 12 +++++----- 16 files changed, 41 insertions(+), 42 deletions(-) diff --git a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClient.cs b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClient.cs index 84c285c8eaf0..3dfef7c6a40d 100644 --- a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClient.cs +++ b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClient.cs @@ -244,7 +244,7 @@ public IEnumerable FilterUsers() public List ListUserGroups(string principal) { List result = new List(); - Guid objectId = GetObjectId(new ADObjectFilterOptions { UPN = principal }); + string objectId = GetObjectId(new ADObjectFilterOptions { UPN = principal }); PSADObject user = GetADObject(new ADObjectFilterOptions { Id = objectId.ToString() }); var groupsIds = GraphClient.Users.GetMemberGroups(objectId.ToString(), new UserGetMemberGroupsParameters()); var groupsResult = GraphClient.Objects.GetObjectsByObjectIds(new GetObjectsParameters { ObjectIds = groupsIds.ToList() }); @@ -371,11 +371,10 @@ public void RemoveGroupMember(string groupObjectId, string memberObjectId) GraphClient.Groups.RemoveMember(groupObjectId, memberObjectId); } - public Guid GetObjectId(ADObjectFilterOptions options) + public string GetObjectId(ADObjectFilterOptions options) { - Guid principalId; - if (options != null && options.Id != null - && Guid.TryParse(options.Id, out principalId)) + string principalId = null; + if (options != null && options.Id != null) { // do nothing, we have parsed the guid } diff --git a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClientExtensions.cs b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClientExtensions.cs index e0e52b425ea5..2f382c165490 100644 --- a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClientExtensions.cs +++ b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClientExtensions.cs @@ -25,7 +25,7 @@ public static PSADObject ToPSADObject(this User user) return new PSADObject() { DisplayName = user.DisplayName, - Id = new Guid(user.ObjectId) + Id = user.ObjectId }; } @@ -34,7 +34,7 @@ public static PSADObject ToPSADObject(this ADGroup group) return new PSADObject() { DisplayName = group.DisplayName, - Id = new Guid(group.ObjectId) + Id = group.ObjectId }; } @@ -47,7 +47,7 @@ public static PSADObject ToPSADObject(this AADObject obj) return new PSADUser() { DisplayName = obj.DisplayName, - Id = new Guid(obj.ObjectId), + Id = obj.ObjectId, Type = obj.ObjectType, UserPrincipalName = obj.UserPrincipalName }; @@ -58,7 +58,7 @@ public static PSADObject ToPSADObject(this AADObject obj) { DisplayName = obj.DisplayName, Type = obj.ObjectType, - Id = new Guid(obj.ObjectId), + Id = obj.ObjectId, SecurityEnabled = obj.SecurityEnabled, MailNickname = obj.Mail }; @@ -69,7 +69,7 @@ public static PSADObject ToPSADObject(this AADObject obj) return new PSADServicePrincipal() { DisplayName = obj.DisplayName, - Id = new Guid(obj.ObjectId), + Id = obj.ObjectId, Type = obj.ObjectType, ServicePrincipalNames = obj.ServicePrincipalNames.ToArray() }; @@ -79,7 +79,7 @@ public static PSADObject ToPSADObject(this AADObject obj) return new PSADObject() { DisplayName = obj.DisplayName, - Id = new Guid(obj.ObjectId), + Id = obj.ObjectId, Type = obj.ObjectType }; } @@ -90,7 +90,7 @@ public static PSADObject ToPSADGroup(this AADObject obj) return new PSADObject() { DisplayName = obj.DisplayName, - Id = new Guid(obj.ObjectId) + Id = obj.ObjectId }; } @@ -99,7 +99,7 @@ public static PSADUser ToPSADUser(this User user) return new PSADUser() { DisplayName = user.DisplayName, - Id = new Guid(user.ObjectId), + Id = user.ObjectId, UserPrincipalName = user.UserPrincipalName, Type = user.ObjectType }; @@ -110,7 +110,7 @@ public static PSADGroup ToPSADGroup(this ADGroup group) return new PSADGroup() { DisplayName = group.DisplayName, - Id = new Guid(group.ObjectId), + Id = group.ObjectId, SecurityEnabled = group.SecurityEnabled, Type = group.ObjectType, MailNickname = group.Mail @@ -122,7 +122,7 @@ public static PSADServicePrincipal ToPSADServicePrincipal(this ServicePrincipal return new PSADServicePrincipal() { DisplayName = servicePrincipal.DisplayName, - Id = new Guid(servicePrincipal.ObjectId), + Id = servicePrincipal.ObjectId, ApplicationId = Guid.Parse(servicePrincipal.AppId), ServicePrincipalNames = servicePrincipal.ServicePrincipalNames.ToArray(), Type = servicePrincipal.ObjectType @@ -138,7 +138,7 @@ public static PSADApplication ToPSADApplication(this Application application) ObjectId = Guid.Parse(application.ObjectId), DisplayName = application.DisplayName, Type = application.ObjectType, - ApplicationId = Guid.Parse(application.AppId), + ApplicationId = application.AppId, IdentifierUris = application.IdentifierUris, HomePage = application.Homepage, ReplyUrls = application.ReplyUrls, diff --git a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADApplication.cs b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADApplication.cs index 5a34c3b5da8c..3d418bf882e8 100644 --- a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADApplication.cs +++ b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADApplication.cs @@ -29,7 +29,7 @@ public class PSADApplication public string Type { get; set; } - public Guid ApplicationId { get; set; } + public string ApplicationId { get; set; } public bool AvailableToOtherTenants { get; set; } diff --git a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADObject.cs b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADObject.cs index 6281f3c43229..100bb0c34d60 100644 --- a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADObject.cs +++ b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADObject.cs @@ -20,7 +20,7 @@ public class PSADObject { public string DisplayName { get; set; } - public Guid Id { get; set; } + public string Id { get; set; } public string Type { get; set; } } diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/AddAzureADGroupMemberCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/AddAzureADGroupMemberCommand.cs index e516ffb73d95..622bb3badd54 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/AddAzureADGroupMemberCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/AddAzureADGroupMemberCommand.cs @@ -63,12 +63,12 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.TargetGroupObject)) { - TargetGroupObjectId = TargetGroupObject.Id; + TargetGroupObjectId = Guid.Parse(TargetGroupObject.Id); } else if (this.IsParameterBound(c => c.TargetGroupDisplayName)) { var targetGroup = ActiveDirectoryClient.GetGroupByDisplayName(TargetGroupDisplayName); - TargetGroupObjectId = targetGroup.Id; + TargetGroupObjectId = Guid.Parse(targetGroup.Id); } if (this.IsParameterBound(c => c.MemberUserPrincipalName)) diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADGroupMemberCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADGroupMemberCommand.cs index ce92e03b8fc6..36d42c400e64 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADGroupMemberCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADGroupMemberCommand.cs @@ -47,12 +47,12 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.GroupObject)) { - GroupObjectId = GroupObject.Id; + GroupObjectId = Guid.Parse(GroupObject.Id); } else if (this.IsParameterBound(c => c.GroupDisplayName)) { var targetGroup = ActiveDirectoryClient.GetGroupByDisplayName(GroupDisplayName); - GroupObjectId = targetGroup.Id; + GroupObjectId = Guid.Parse(targetGroup.Id); } ADObjectFilterOptions options = new ADObjectFilterOptions diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADServicePrincipalCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADServicePrincipalCommand.cs index 0d9b656e5034..1e79a66850c0 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADServicePrincipalCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADServicePrincipalCommand.cs @@ -62,7 +62,7 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.ApplicationObject)) { - ApplicationId = ApplicationObject.ApplicationId; + ApplicationId = Guid.Parse(ApplicationObject.ApplicationId); } if (this.IsParameterBound(c => c.ObjectId)) diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADSpCredentialCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADSpCredentialCommand.cs index f274cd1a65bc..e8706b6229fe 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADSpCredentialCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADSpCredentialCommand.cs @@ -49,7 +49,7 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.ServicePrincipalObject)) { - ObjectId = ServicePrincipalObject.Id; + ObjectId = Guid.Parse(ServicePrincipalObject.Id); } else if (this.IsParameterBound(c => c.ServicePrincipalName)) { diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADServicePrincipalCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADServicePrincipalCommand.cs index 03cee18a4739..fdb05e5cfa99 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADServicePrincipalCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADServicePrincipalCommand.cs @@ -192,7 +192,7 @@ public override void ExecuteCmdlet() if (this.IsParameterBound(c => c.ApplicationObject)) { - ApplicationId = ApplicationObject.ApplicationId; + ApplicationId = Guid.Parse(ApplicationObject.ApplicationId); DisplayName = ApplicationObject.DisplayName; } @@ -211,7 +211,7 @@ public override void ExecuteCmdlet() if (ShouldProcess(target: appParameters.DisplayName, action: string.Format("Adding a new application for with display name '{0}'", appParameters.DisplayName))) { var application = ActiveDirectoryClient.CreateApplication(appParameters); - ApplicationId = application.ApplicationId; + ApplicationId = Guid.Parse(application.ApplicationId); } } @@ -335,7 +335,7 @@ private void CreateSimpleServicePrincipal() if (ShouldProcess(target: appParameters.DisplayName, action: string.Format("Adding a new application for with display name '{0}'", appParameters.DisplayName))) { var application = ActiveDirectoryClient.CreateApplication(appParameters); - ApplicationId = application.ApplicationId; + ApplicationId = Guid.Parse(application.ApplicationId); WriteVerbose(string.Format("No application id provided - created new AD application with application id '{0}'", ApplicationId)); } } diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADSpCredentialCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADSpCredentialCommand.cs index 6aab73a44cec..8f49e5760ec9 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADSpCredentialCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADSpCredentialCommand.cs @@ -83,7 +83,7 @@ public override void ExecuteCmdlet() EndDate = StartDate.AddYears(1); if (this.IsParameterBound(c => c.ServicePrincipalObject)) { - ObjectId = ServicePrincipalObject.Id; + ObjectId = Guid.Parse(ServicePrincipalObject.Id); } if (this.IsParameterBound(c => c.ServicePrincipalName)) diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupCommand.cs index 49c252e31db6..0708ed8d055e 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupCommand.cs @@ -49,12 +49,12 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.InputObject)) { - ObjectId = InputObject.Id; + ObjectId = Guid.Parse(InputObject.Id); } else if (this.IsParameterBound(c => c.DisplayName)) { var group = ActiveDirectoryClient.GetGroupByDisplayName(DisplayName); - ObjectId = group.Id; + ObjectId = Guid.Parse(group.Id); } ConfirmAction( diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupMemberCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupMemberCommand.cs index ade41d9c2d49..cb205cab8d8b 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupMemberCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupMemberCommand.cs @@ -64,12 +64,12 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.GroupObject)) { - GroupObjectId = GroupObject.Id; + GroupObjectId = Guid.Parse(GroupObject.Id); } else if (this.IsParameterBound(c => c.GroupDisplayName)) { var group = ActiveDirectoryClient.GetGroupByDisplayName(GroupDisplayName); - GroupObjectId = group.Id; + GroupObjectId = Guid.Parse(group.Id); } diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADServicePrincipalCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADServicePrincipalCommand.cs index b8af931ec0db..6c61d77c1dc7 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADServicePrincipalCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADServicePrincipalCommand.cs @@ -68,7 +68,7 @@ public override void ExecuteCmdlet() PSADServicePrincipal servicePrincipal = null; if (this.IsParameterBound(c => c.InputObject)) { - ObjectId = InputObject.Id; + ObjectId = Guid.Parse(InputObject.Id); } if (!this.IsParameterBound(c => c.ObjectId) && ObjectId != Guid.Empty) @@ -96,7 +96,7 @@ public override void ExecuteCmdlet() throw new ArgumentException(string.Format("Could not find a service principal with the name {0}.", ServicePrincipalName)); } - ObjectId = result.Select(s => s.Id).FirstOrDefault(); + ObjectId = Guid.Parse(result.Select(s => s.Id).FirstOrDefault()); } diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADSpCredentialCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADSpCredentialCommand.cs index a09af9ac670a..696571b27648 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADSpCredentialCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADSpCredentialCommand.cs @@ -62,7 +62,7 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.ServicePrincipalObject)) { - ObjectId = ServicePrincipalObject.Id; + ObjectId = Guid.Parse(ServicePrincipalObject.Id); } else if (this.IsParameterBound(c => c.ServicePrincipalName)) { diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs index 5ffb1f61579f..70395d9a835d 100644 --- a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs +++ b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs @@ -127,7 +127,7 @@ public IEnumerable FilterRoleDefinitionsByCustom(string scope, /// The created role assignment object public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters, Guid roleAssignmentId = default(Guid)) { - Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter); + string principalId = ActiveDirectoryClient.GetObjectIdAsString(parameters.ADObjectFilter); roleAssignmentId = roleAssignmentId == default(Guid) ? Guid.NewGuid() : roleAssignmentId; string scope = parameters.Scope; string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName) diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs index 5de286cab69d..6948784008cd 100644 --- a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs +++ b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs @@ -135,8 +135,8 @@ private static IEnumerable ToPSRoleAssignments(this IEnumerabl foreach (RoleAssignment assignment in assignments) { assignment.RoleDefinitionId = assignment.RoleDefinitionId.GuidFromFullyQualifiedId(); - PSADObject adObject = adObjects.SingleOrDefault(o => o.Id == Guid.Parse(assignment.PrincipalId)) ?? - new PSADObject() { Id = Guid.Parse(assignment.PrincipalId) }; + PSADObject adObject = adObjects.SingleOrDefault(o => o.Id == assignment.PrincipalId) ?? + new PSADObject() { Id = assignment.PrincipalId }; PSRoleDefinition roleDefinition = roleDefinitions.SingleOrDefault(r => r.Id == assignment.RoleDefinitionId) ?? new PSRoleDefinition() { Id = assignment.RoleDefinitionId }; bool delegationFlag = assignment.CanDelegate.HasValue ? (bool)assignment.CanDelegate : false; @@ -150,7 +150,7 @@ private static IEnumerable ToPSRoleAssignments(this IEnumerabl RoleDefinitionName = roleDefinition.Name, Scope = assignment.Scope, SignInName = ((PSADUser)adObject).UserPrincipalName, - ObjectId = adObject.Id, + ObjectId = Guid.Parse(adObject.Id), ObjectType = adObject.Type, CanDelegate = delegationFlag }); @@ -164,7 +164,7 @@ private static IEnumerable ToPSRoleAssignments(this IEnumerabl RoleDefinitionId = roleDefinition.Id, RoleDefinitionName = roleDefinition.Name, Scope = assignment.Scope, - ObjectId = adObject.Id, + ObjectId = Guid.Parse(adObject.Id), ObjectType = adObject.Type, CanDelegate = delegationFlag }); @@ -178,7 +178,7 @@ private static IEnumerable ToPSRoleAssignments(this IEnumerabl RoleDefinitionId = roleDefinition.Id, RoleDefinitionName = roleDefinition.Name, Scope = assignment.Scope, - ObjectId = adObject.Id, + ObjectId = Guid.Parse(adObject.Id), ObjectType = adObject.Type, CanDelegate = delegationFlag }); @@ -192,7 +192,7 @@ private static IEnumerable ToPSRoleAssignments(this IEnumerabl RoleDefinitionId = roleDefinition.Id, RoleDefinitionName = roleDefinition.Name, Scope = assignment.Scope, - ObjectId = adObject.Id, + ObjectId = Guid.Parse(adObject.Id), CanDelegate = delegationFlag, ObjectType = DeletedObject }); From 1f9857e88ee4b98eedb4a9624f95374acb150666 Mon Sep 17 00:00:00 2001 From: Bala Ganapathy Date: Fri, 3 Aug 2018 16:04:51 -0700 Subject: [PATCH 2/2] Adding a string objectid porperty in PsAdObject for the support of ADFS scenarios --- .../ActiveDirectory/ActiveDirectoryClient.cs | 56 +++++++++++++-- .../ActiveDirectoryClientExtensions.cs | 70 ++++++++++++------- .../ActiveDirectory/PSADApplication.cs | 2 +- .../ActiveDirectory/PSADObject.cs | 4 +- .../AddAzureADGroupMemberCommand.cs | 4 +- .../GetAzureADGroupMemberCommand.cs | 4 +- .../GetAzureADServicePrincipalCommand.cs | 2 +- .../GetAzureADSpCredentialCommand.cs | 2 +- .../NewAzureADServicePrincipalCommand.cs | 6 +- .../NewAzureADSpCredentialCommand.cs | 2 +- .../RemoveAzureADGroupCommand.cs | 4 +- .../RemoveAzureADGroupMemberCommand.cs | 4 +- .../RemoveAzureADServicePrincipalCommand.cs | 4 +- .../RemoveAzureADSpCredentialCommand.cs | 2 +- .../AuthorizationClient.cs | 2 +- .../AuthorizationClientExtensions.cs | 12 ++-- 16 files changed, 121 insertions(+), 59 deletions(-) diff --git a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClient.cs b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClient.cs index 3dfef7c6a40d..7f84a82b8f2a 100644 --- a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClient.cs +++ b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClient.cs @@ -244,9 +244,9 @@ public IEnumerable FilterUsers() public List ListUserGroups(string principal) { List result = new List(); - string objectId = GetObjectId(new ADObjectFilterOptions { UPN = principal }); - PSADObject user = GetADObject(new ADObjectFilterOptions { Id = objectId.ToString() }); - var groupsIds = GraphClient.Users.GetMemberGroups(objectId.ToString(), new UserGetMemberGroupsParameters()); + string objectId = GetObjectIdAsString(new ADObjectFilterOptions { UPN = principal }); + PSADObject user = GetADObject(new ADObjectFilterOptions { Id = objectId }); + var groupsIds = GraphClient.Users.GetMemberGroups(objectId, new UserGetMemberGroupsParameters()); var groupsResult = GraphClient.Objects.GetObjectsByObjectIds(new GetObjectsParameters { ObjectIds = groupsIds.ToList() }); result.AddRange(groupsResult.Select(g => g.ToPSADGroup())); @@ -371,10 +371,11 @@ public void RemoveGroupMember(string groupObjectId, string memberObjectId) GraphClient.Groups.RemoveMember(groupObjectId, memberObjectId); } - public string GetObjectId(ADObjectFilterOptions options) + public Guid GetObjectId(ADObjectFilterOptions options) { - string principalId = null; - if (options != null && options.Id != null) + Guid principalId; + if (options != null && options.Id != null + && Guid.TryParse(options.Id, out principalId)) { // do nothing, we have parsed the guid } @@ -392,7 +393,50 @@ public string GetObjectId(ADObjectFilterOptions options) return principalId; } + public string GetObjectIdAsString(ADObjectFilterOptions options) + { + Guid principalId; + if (options != null && options.Id != null + && Guid.TryParse(options.Id, out principalId)) + { + // do nothing, we have parsed the guid + } + else + { + PSADObject adObj = GetADObject(options); + + if (adObj == null) + { + throw new KeyNotFoundException("The provided information does not map to an AD object id."); + } + + principalId = adObj.Id; + } + + return principalId.ToString(); + } + public string GetAdfsObjectId(ADObjectFilterOptions options) + { + string principalId = null; + if (options != null && options.Id != null) + { + // do nothing, we have parsed the guid + } + else + { + PSADObject adObj = GetADObject(options); + + if (adObj == null) + { + throw new KeyNotFoundException("The provided information does not map to an AD object id."); + } + + principalId = adObj.AdfsId; + } + + return principalId; + } public void UpdateApplication(Guid appObjectId, ApplicationUpdateParameters parameters) { GraphClient.Applications.Patch(appObjectId.ToString(), parameters); diff --git a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClientExtensions.cs b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClientExtensions.cs index 2f382c165490..ddbbf373c986 100644 --- a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClientExtensions.cs +++ b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ActiveDirectoryClientExtensions.cs @@ -22,20 +22,30 @@ internal static class ActiveDirectoryClientExtensions { public static PSADObject ToPSADObject(this User user) { - return new PSADObject() - { - DisplayName = user.DisplayName, - Id = user.ObjectId - }; + var adObj = new PSADObject() { DisplayName = user.DisplayName }; + return AssignObjectId(adObj, user.ObjectId); } public static PSADObject ToPSADObject(this ADGroup group) { - return new PSADObject() + var adObj = new PSADObject() { DisplayName = group.DisplayName }; + return AssignObjectId(adObj, group.ObjectId); + } + + public static PSADObject AssignObjectId(PSADObject adObj, string objectId) + { + Guid objectIdGuid; + + if (Guid.TryParse(objectId, out objectIdGuid)) { - DisplayName = group.DisplayName, - Id = group.ObjectId - }; + adObj.Id = objectIdGuid; + } + else + { + adObj.AdfsId = objectId; + } + + return adObj; } public static PSADObject ToPSADObject(this AADObject obj) @@ -44,89 +54,95 @@ public static PSADObject ToPSADObject(this AADObject obj) if (obj.ObjectType == typeof(User).Name) { - return new PSADUser() + var adUser = new PSADUser() { DisplayName = obj.DisplayName, - Id = obj.ObjectId, Type = obj.ObjectType, UserPrincipalName = obj.UserPrincipalName }; + + return AssignObjectId(adUser, obj.ObjectId); } else if (obj.ObjectType == "Group") { - return new PSADGroup() + var adGroup = new PSADGroup() { DisplayName = obj.DisplayName, Type = obj.ObjectType, - Id = obj.ObjectId, SecurityEnabled = obj.SecurityEnabled, MailNickname = obj.Mail }; - + return AssignObjectId(adGroup, obj.ObjectId); } else if (obj.ObjectType == typeof(ServicePrincipal).Name) { - return new PSADServicePrincipal() + var adSp = new PSADServicePrincipal() { DisplayName = obj.DisplayName, - Id = obj.ObjectId, Type = obj.ObjectType, ServicePrincipalNames = obj.ServicePrincipalNames.ToArray() }; + + return AssignObjectId(adSp, obj.ObjectId); } else { - return new PSADObject() + var adObj = new PSADObject() { DisplayName = obj.DisplayName, - Id = obj.ObjectId, Type = obj.ObjectType }; + + return AssignObjectId(adObj, obj.ObjectId); } } public static PSADObject ToPSADGroup(this AADObject obj) { - return new PSADObject() + var adObj = new PSADObject() { DisplayName = obj.DisplayName, - Id = obj.ObjectId }; + + return AssignObjectId(adObj, obj.ObjectId); } public static PSADUser ToPSADUser(this User user) { - return new PSADUser() + var adUser = new PSADUser() { DisplayName = user.DisplayName, - Id = user.ObjectId, UserPrincipalName = user.UserPrincipalName, Type = user.ObjectType }; + + return (PSADUser) AssignObjectId(adUser, user.ObjectId); } public static PSADGroup ToPSADGroup(this ADGroup group) { - return new PSADGroup() + var adGroup = new PSADGroup() { DisplayName = group.DisplayName, - Id = group.ObjectId, SecurityEnabled = group.SecurityEnabled, Type = group.ObjectType, MailNickname = group.Mail }; + + return (PSADGroup) AssignObjectId(adGroup, group.ObjectId); } public static PSADServicePrincipal ToPSADServicePrincipal(this ServicePrincipal servicePrincipal) { - return new PSADServicePrincipal() + var adSp = new PSADServicePrincipal() { DisplayName = servicePrincipal.DisplayName, - Id = servicePrincipal.ObjectId, ApplicationId = Guid.Parse(servicePrincipal.AppId), ServicePrincipalNames = servicePrincipal.ServicePrincipalNames.ToArray(), Type = servicePrincipal.ObjectType }; + + return (PSADServicePrincipal) AssignObjectId(adSp, servicePrincipal.ObjectId); } public static PSADApplication ToPSADApplication(this Application application) @@ -138,7 +154,7 @@ public static PSADApplication ToPSADApplication(this Application application) ObjectId = Guid.Parse(application.ObjectId), DisplayName = application.DisplayName, Type = application.ObjectType, - ApplicationId = application.AppId, + ApplicationId = Guid.Parse(application.AppId), IdentifierUris = application.IdentifierUris, HomePage = application.Homepage, ReplyUrls = application.ReplyUrls, diff --git a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADApplication.cs b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADApplication.cs index 3d418bf882e8..5a34c3b5da8c 100644 --- a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADApplication.cs +++ b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADApplication.cs @@ -29,7 +29,7 @@ public class PSADApplication public string Type { get; set; } - public string ApplicationId { get; set; } + public Guid ApplicationId { get; set; } public bool AvailableToOtherTenants { get; set; } diff --git a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADObject.cs b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADObject.cs index 100bb0c34d60..0056afb2b868 100644 --- a/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADObject.cs +++ b/src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/PSADObject.cs @@ -20,7 +20,9 @@ public class PSADObject { public string DisplayName { get; set; } - public string Id { get; set; } + public Guid Id { get; set; } + + public string AdfsId { get; set; } public string Type { get; set; } } diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/AddAzureADGroupMemberCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/AddAzureADGroupMemberCommand.cs index 622bb3badd54..e516ffb73d95 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/AddAzureADGroupMemberCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/AddAzureADGroupMemberCommand.cs @@ -63,12 +63,12 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.TargetGroupObject)) { - TargetGroupObjectId = Guid.Parse(TargetGroupObject.Id); + TargetGroupObjectId = TargetGroupObject.Id; } else if (this.IsParameterBound(c => c.TargetGroupDisplayName)) { var targetGroup = ActiveDirectoryClient.GetGroupByDisplayName(TargetGroupDisplayName); - TargetGroupObjectId = Guid.Parse(targetGroup.Id); + TargetGroupObjectId = targetGroup.Id; } if (this.IsParameterBound(c => c.MemberUserPrincipalName)) diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADGroupMemberCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADGroupMemberCommand.cs index 36d42c400e64..ce92e03b8fc6 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADGroupMemberCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADGroupMemberCommand.cs @@ -47,12 +47,12 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.GroupObject)) { - GroupObjectId = Guid.Parse(GroupObject.Id); + GroupObjectId = GroupObject.Id; } else if (this.IsParameterBound(c => c.GroupDisplayName)) { var targetGroup = ActiveDirectoryClient.GetGroupByDisplayName(GroupDisplayName); - GroupObjectId = Guid.Parse(targetGroup.Id); + GroupObjectId = targetGroup.Id; } ADObjectFilterOptions options = new ADObjectFilterOptions diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADServicePrincipalCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADServicePrincipalCommand.cs index 1e79a66850c0..0d9b656e5034 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADServicePrincipalCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADServicePrincipalCommand.cs @@ -62,7 +62,7 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.ApplicationObject)) { - ApplicationId = Guid.Parse(ApplicationObject.ApplicationId); + ApplicationId = ApplicationObject.ApplicationId; } if (this.IsParameterBound(c => c.ObjectId)) diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADSpCredentialCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADSpCredentialCommand.cs index e8706b6229fe..f274cd1a65bc 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADSpCredentialCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADSpCredentialCommand.cs @@ -49,7 +49,7 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.ServicePrincipalObject)) { - ObjectId = Guid.Parse(ServicePrincipalObject.Id); + ObjectId = ServicePrincipalObject.Id; } else if (this.IsParameterBound(c => c.ServicePrincipalName)) { diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADServicePrincipalCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADServicePrincipalCommand.cs index fdb05e5cfa99..03cee18a4739 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADServicePrincipalCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADServicePrincipalCommand.cs @@ -192,7 +192,7 @@ public override void ExecuteCmdlet() if (this.IsParameterBound(c => c.ApplicationObject)) { - ApplicationId = Guid.Parse(ApplicationObject.ApplicationId); + ApplicationId = ApplicationObject.ApplicationId; DisplayName = ApplicationObject.DisplayName; } @@ -211,7 +211,7 @@ public override void ExecuteCmdlet() if (ShouldProcess(target: appParameters.DisplayName, action: string.Format("Adding a new application for with display name '{0}'", appParameters.DisplayName))) { var application = ActiveDirectoryClient.CreateApplication(appParameters); - ApplicationId = Guid.Parse(application.ApplicationId); + ApplicationId = application.ApplicationId; } } @@ -335,7 +335,7 @@ private void CreateSimpleServicePrincipal() if (ShouldProcess(target: appParameters.DisplayName, action: string.Format("Adding a new application for with display name '{0}'", appParameters.DisplayName))) { var application = ActiveDirectoryClient.CreateApplication(appParameters); - ApplicationId = Guid.Parse(application.ApplicationId); + ApplicationId = application.ApplicationId; WriteVerbose(string.Format("No application id provided - created new AD application with application id '{0}'", ApplicationId)); } } diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADSpCredentialCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADSpCredentialCommand.cs index 8f49e5760ec9..6aab73a44cec 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADSpCredentialCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADSpCredentialCommand.cs @@ -83,7 +83,7 @@ public override void ExecuteCmdlet() EndDate = StartDate.AddYears(1); if (this.IsParameterBound(c => c.ServicePrincipalObject)) { - ObjectId = Guid.Parse(ServicePrincipalObject.Id); + ObjectId = ServicePrincipalObject.Id; } if (this.IsParameterBound(c => c.ServicePrincipalName)) diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupCommand.cs index 0708ed8d055e..49c252e31db6 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupCommand.cs @@ -49,12 +49,12 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.InputObject)) { - ObjectId = Guid.Parse(InputObject.Id); + ObjectId = InputObject.Id; } else if (this.IsParameterBound(c => c.DisplayName)) { var group = ActiveDirectoryClient.GetGroupByDisplayName(DisplayName); - ObjectId = Guid.Parse(group.Id); + ObjectId = group.Id; } ConfirmAction( diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupMemberCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupMemberCommand.cs index cb205cab8d8b..ade41d9c2d49 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupMemberCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADGroupMemberCommand.cs @@ -64,12 +64,12 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.GroupObject)) { - GroupObjectId = Guid.Parse(GroupObject.Id); + GroupObjectId = GroupObject.Id; } else if (this.IsParameterBound(c => c.GroupDisplayName)) { var group = ActiveDirectoryClient.GetGroupByDisplayName(GroupDisplayName); - GroupObjectId = Guid.Parse(group.Id); + GroupObjectId = group.Id; } diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADServicePrincipalCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADServicePrincipalCommand.cs index 6c61d77c1dc7..b8af931ec0db 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADServicePrincipalCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADServicePrincipalCommand.cs @@ -68,7 +68,7 @@ public override void ExecuteCmdlet() PSADServicePrincipal servicePrincipal = null; if (this.IsParameterBound(c => c.InputObject)) { - ObjectId = Guid.Parse(InputObject.Id); + ObjectId = InputObject.Id; } if (!this.IsParameterBound(c => c.ObjectId) && ObjectId != Guid.Empty) @@ -96,7 +96,7 @@ public override void ExecuteCmdlet() throw new ArgumentException(string.Format("Could not find a service principal with the name {0}.", ServicePrincipalName)); } - ObjectId = Guid.Parse(result.Select(s => s.Id).FirstOrDefault()); + ObjectId = result.Select(s => s.Id).FirstOrDefault(); } diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADSpCredentialCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADSpCredentialCommand.cs index 696571b27648..a09af9ac670a 100644 --- a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADSpCredentialCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/RemoveAzureADSpCredentialCommand.cs @@ -62,7 +62,7 @@ public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.ServicePrincipalObject)) { - ObjectId = Guid.Parse(ServicePrincipalObject.Id); + ObjectId = ServicePrincipalObject.Id; } else if (this.IsParameterBound(c => c.ServicePrincipalName)) { diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs index 70395d9a835d..7486f28d391b 100644 --- a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs +++ b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs @@ -135,7 +135,7 @@ public IEnumerable FilterRoleDefinitionsByCustom(string scope, : AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId); var createParameters = new RoleAssignmentCreateParameters { - PrincipalId = principalId.ToString(), + PrincipalId = principalId, RoleDefinitionId = roleDefinitionId, CanDelegate = parameters.CanDelegate }; diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs index 6948784008cd..70ec1b8a8220 100644 --- a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs +++ b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs @@ -135,8 +135,8 @@ private static IEnumerable ToPSRoleAssignments(this IEnumerabl foreach (RoleAssignment assignment in assignments) { assignment.RoleDefinitionId = assignment.RoleDefinitionId.GuidFromFullyQualifiedId(); - PSADObject adObject = adObjects.SingleOrDefault(o => o.Id == assignment.PrincipalId) ?? - new PSADObject() { Id = assignment.PrincipalId }; + PSADObject adObject = adObjects.SingleOrDefault(o => o.Id == Guid.Parse(assignment.PrincipalId)) ?? + new PSADObject() { Id = Guid.Parse(assignment.PrincipalId) }; PSRoleDefinition roleDefinition = roleDefinitions.SingleOrDefault(r => r.Id == assignment.RoleDefinitionId) ?? new PSRoleDefinition() { Id = assignment.RoleDefinitionId }; bool delegationFlag = assignment.CanDelegate.HasValue ? (bool)assignment.CanDelegate : false; @@ -150,7 +150,7 @@ private static IEnumerable ToPSRoleAssignments(this IEnumerabl RoleDefinitionName = roleDefinition.Name, Scope = assignment.Scope, SignInName = ((PSADUser)adObject).UserPrincipalName, - ObjectId = Guid.Parse(adObject.Id), + ObjectId = adObject.Id, ObjectType = adObject.Type, CanDelegate = delegationFlag }); @@ -164,7 +164,7 @@ private static IEnumerable ToPSRoleAssignments(this IEnumerabl RoleDefinitionId = roleDefinition.Id, RoleDefinitionName = roleDefinition.Name, Scope = assignment.Scope, - ObjectId = Guid.Parse(adObject.Id), + ObjectId = adObject.Id, ObjectType = adObject.Type, CanDelegate = delegationFlag }); @@ -178,7 +178,7 @@ private static IEnumerable ToPSRoleAssignments(this IEnumerabl RoleDefinitionId = roleDefinition.Id, RoleDefinitionName = roleDefinition.Name, Scope = assignment.Scope, - ObjectId = Guid.Parse(adObject.Id), + ObjectId = adObject.Id, ObjectType = adObject.Type, CanDelegate = delegationFlag }); @@ -192,7 +192,7 @@ private static IEnumerable ToPSRoleAssignments(this IEnumerabl RoleDefinitionId = roleDefinition.Id, RoleDefinitionName = roleDefinition.Name, Scope = assignment.Scope, - ObjectId = Guid.Parse(adObject.Id), + ObjectId = adObject.Id, CanDelegate = delegationFlag, ObjectType = DeletedObject });