Extensions/AADConnector.psm1
|
#------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. #------------------------------------------------------------------------- $ErrorActionPreference = "Stop" $paramsRegKey = 'HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters\' if (Test-Path $paramsRegKey) { $installationDirectory = (Get-ItemProperty $paramsRegKey -Name Path).Path Import-Module "$installationDirectory\Bin\ADSync\ADSync.psd1" Add-Type -Path "$installationDirectory\Bin\Assemblies\Microsoft.MetadirectoryServicesEx.dll" Add-Type -Path "$installationDirectory\Bin\Microsoft.MetadirectoryServices.PasswordHashSynchronization.Types.dll" Add-Type -Path "$installationDirectory\Extensions\Microsoft.Azure.ActiveDirectory.Connector.dll" } else { Write-Warning -Message "AADConnect installation was not found. Using current directory. Some functionality may be unavailable." Add-Type -Path "$PSScriptRoot\Microsoft.MetadirectoryServicesEx.dll" Add-Type -Path "$PSScriptRoot\Microsoft.MetadirectoryServices.PasswordHashSynchronization.Types.dll" Add-Type -Path "$PSScriptRoot\Microsoft.Azure.ActiveDirectory.Connector.dll" } function Get-ADSyncAADConnectorImportApiVersion { $paramRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters" $paramRegName = "AadConnectorImportApiVersion" $version = (Get-ItemProperty -Path $paramRegKey | Select $paramRegName).$paramRegName if (-not $version) { $version = 2 } Write-Output $version } function Get-ADSyncAADConnectorExportApiVersion { $aad = Get-ADSyncConnector -Identifier b891884f-051e-4a83-95af-2544101c9083 $aadRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters\PerMAInstance\" + $aad.Name $aadRegName = "EnableNonExistentObjectReferenceExportFiltering" $paramRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters" $paramRegName = "AadConnectorExportApiVersion" $exportType = $aad.ExtensionConfiguration.ExportType $enableNonExistentObjectReferenceExportFiltering = 1 if (Test-Path -Path $aadRegKey) { $enableNonExistentObjectReferenceExportFiltering = (Get-ItemProperty -Path $aadRegKey | Select $aadRegName).$aadRegName if ([string]::IsNullOrEmpty($enableNonExistentObjectReferenceExportFiltering)) { $enableNonExistentObjectReferenceExportFiltering = 1 } } $version = (Get-ItemProperty -Path $paramRegKey | Select $paramRegName).$paramRegName if (-not $version) { $version = 2 } if ($version -eq 1) { if ($exportType -ne 2 -or $enableNonExistentObjectReferenceExportFiltering -ne 0) { Write-Error "Version mismatch in Registry and AAD Connector. Run Set-ADSyncAADConnectorExportApiVersion to fix the issue" return } } elseif ($version -eq 2) { if ($exportType -ne 5 -or $enableNonExistentObjectReferenceExportFiltering -ne 1) { Write-Error "Version mismatch in Registry and AAD Connector. Run Set-ADSyncAADConnectorExportApiVersion to fix the issue" return } } else { Write-Error "unknown version $version" return } Write-Output $version } function Set-ADSyncAADConnectorImportApiVersion { Param ( [Parameter(Mandatory=$true)] [int] $version ) $regKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters" $regName = "AadConnectorImportApiVersion" if (($version -ne 1) -and ($version -ne 2)) { Write-Error "unknown version $version" } Set-ItemProperty -path $regKey -name $regName -value $version Write-Output $version } function Set-ADSyncAADConnectorExportApiVersion { Param ( [Parameter(Mandatory=$true)] [int] $version ) $paramRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters" $regName = "AadConnectorExportApiVersion" $exportType = $null; $enableNonExistentObjectReferenceExportFiltering = 1; if ($version -eq 1) { $exportType = 2 $enableNonExistentObjectReferenceExportFiltering = 0 } elseif ($version -eq 2) { $exportType = 5 $enableNonExistentObjectReferenceExportFiltering = 1 } else { Write-Error "unknown version $version" } Set-ItemProperty -path $paramRegKey -name $regName -value $version $aad = Get-ADSyncConnector -Identifier b891884f-051e-4a83-95af-2544101c9083 $perMaInstanceRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters\PerMAInstance\" if (-not (Test-Path -Path $perMaInstanceRegKey)) { New-Item -Path $perMaInstanceRegKey | Out-Null } $aadRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters\PerMAInstance\" + $aad.Name if (-not (Test-Path -Path $aadRegKey)) { New-Item -Path $aadRegKey | Out-Null } Set-ItemProperty -Path $aadRegKey -Name "EnableNonExistentObjectReferenceExportFiltering" -Value $enableNonExistentObjectReferenceExportFiltering $aad.ExtensionConfiguration.ExportType = $exportType $aad = Add-ADSyncConnector -Connector $aad Write-Output $version } function ConvertTo-ADSyncSourceAnchor { Param ( [Parameter(Mandatory=$true)] [string] $dn ) $result = [Microsoft.Online.DirSync.Extension.Utilities.DNEncoding]::SafeRdnToString($dn); Write-Output $result } function ConvertTo-ADSyncAadDistinguishedName { Param ( [Parameter(Mandatory=$true)] [string] $sourceAnchor ) $result = [Microsoft.Online.DirSync.Extension.Utilities.DNEncoding]::StringToSafeRdn($sourceAnchor); Write-Output $result } function ConvertTo-ADSyncCloudAnchor { Param ( [Parameter(Mandatory=$true)] [string] $encodedB64Anchor ) $encodedRawAnchor = [System.Convert]::FromBase64String($encodedB64Anchor); $rawAnchor = $encodedRawAnchor[4..($encodedRawAnchor.Length - 3)] $cloudAnchor = [System.Text.Encoding]::Unicode.GetString($rawAnchor) Write-Output $cloudAnchor } function Set-ADSyncMaxImportRefetchSize { Param ( [Parameter(Mandatory=$true)] [int] $size ) $paramRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters" $regName = "MaxImportRefetchSize" Set-ItemProperty -path $paramRegKey -name $regName -value $size Write-Output $size } function Enable-ADSyncAADConnectorReferenceObsoletion { $aadConnector = Get-ADSyncConnector -Identifier b891884f-051e-4a83-95af-2544101c9083 $perMaInstanceRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters\PerMAInstance\" if (-not (Test-Path -Path $perMaInstanceRegKey)) { New-Item -Path $perMaInstanceRegKey | Out-Null } $aadConnectorRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters\PerMAInstance\" + $aadConnector.Name if (-not (Test-Path -Path $aadConnectorRegKey)) { New-Item -Path $aadConnectorRegKey | Out-Null } Set-ItemProperty -Path $aadConnectorRegKey -Name "EnableReferenceObsoletion" -Value 1 Write-Output $true } function Disable-ADSyncAADConnectorReferenceObsoletion { $aadConnector = Get-ADSyncConnector -Identifier b891884f-051e-4a83-95af-2544101c9083 $perMaInstanceRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters\PerMAInstance\" if (-not (Test-Path -Path $perMaInstanceRegKey)) { New-Item -Path $perMaInstanceRegKey | Out-Null } $aadConnectorRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\ADSync\Parameters\PerMAInstance\" + $aadConnector.Name if (-not (Test-Path -Path $aadConnectorRegKey)) { New-Item -Path $aadConnectorRegKey | Out-Null } Set-ItemProperty -Path $aadConnectorRegKey -Name "EnableReferenceObsoletion" -Value 0 Write-Output $true } # # Sample usage: # Full import: Get-ADSyncAadDirectoryChanges -creds $creds -version 2 # function Get-ADSyncAadDirectoryChanges { Param ( [Parameter(Mandatory=$true)] [PSCredential] $creds, [Parameter(Mandatory=$false)] [byte[]] $watermark, [Parameter(Mandatory=$false)] [int] $version = 1, [Parameter(Mandatory=$false)] [string[]] $objectClassFilter ) $enumerator = ` [Microsoft.Azure.ActiveDirectory.Connector.Diagnostics.DiagnosticsFactory]::CreateChangeEnumerator( ` $creds.UserName, ` $creds.Password, $objectClassFilter, ` $watermark, ` ($watermark -eq $null), ` $version) try { while ($true) { $res = $enumerator.EnumerateNextBatch() Write-Output $res if (-not $res.AadBatch.MoreToRead) { break; } } } finally { $enumerator.Dispose() } } # # Sample usage: # Collect AAD user object DNs to delete in file userDNs.txt and run: # Remove-ADSyncAadObjects -creds $creds -entries $( type .\userDNs.txt | ForEach-Object { [Microsoft.Azure.ActiveDirectory.Connector.Diagnostics.DeletionEntry]::FromDistinguishedName("user", $_) } ) # function Remove-ADSyncAadObjects { Param ( [Parameter(Mandatory=$true)] [PSCredential] $creds, [Parameter(Mandatory=$true)] [Microsoft.Azure.ActiveDirectory.Connector.Diagnostics.DeletionEntry[]] $entries ) $len = $entries.Count $entriesProcessed = 0 $batchSize = 10 $exporter = ` [Microsoft.Azure.ActiveDirectory.Connector.Diagnostics.DiagnosticsFactory]::CreateDirectoryChangeExporter( ` $creds.UserName, ` $creds.Password) try { while ($entriesProcessed -lt $len) { $nextBatch = $entries | Select-Object -First $batchSize $entries = $entries | Select-Object -Skip $batchSize $results = $exporter.ExportDeletions([Microsoft.Azure.ActiveDirectory.Connector.Diagnostics.DeletionEntry[]]$nextBatch) Write-Output $results $entriesProcessed += $nextBatch.Count } } finally { $exporter.Dispose() } } # SIG # Begin signature block # MIInogYJKoZIhvcNAQcCoIInkzCCJ48CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBnSNOH//dxFJEH # 2xhnTU7oLyyJAofe9EQ2s8CBSTa1HKCCDYIwggYAMIID6KADAgECAhMzAAADXJXz # SFtKBGrPAAAAAANcMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMwNDA2MTgyOTIyWhcNMjQwNDAyMTgyOTIyWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDijA1UCC84R0x+9Vr/vQhPNbfvIOBFfymE+kuP+nho3ixnjyv6vdnUpgmm6RT/ # pL9cXL27zmgVMw7ivmLjR5dIm6qlovdrc5QRrkewnuQHnvhVnLm+pLyIiWp6Tow3 # ZrkoiVdip47m+pOBYlw/vrkb8Pju4XdA48U8okWmqTId2CbZTd8yZbwdHb8lPviE # NMKzQ2bAjytWVEp3y74xc8E4P6hdBRynKGF6vvS6sGB9tBrvu4n9mn7M99rp//7k # ku5t/q3bbMjg/6L6mDePok6Ipb22+9Fzpq5sy+CkJmvCNGPo9U8fA152JPrt14uJ # ffVvbY5i9jrGQTfV+UAQ8ncPAgMBAAGjggF/MIIBezArBgNVHSUEJDAiBgorBgEE # AYI3TBMBBgorBgEEAYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUXgIsrR+tkOQ8 # 10ekOnvvfQDgTHAwRQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBD # b3Jwb3JhdGlvbjEWMBQGA1UEBRMNMjMzMTEwKzUwMDg2ODAfBgNVHSMEGDAWgBRI # bmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEt # MDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBABIm # T2UTYlls5t6i5kWaqI7sEfIKgNquF8Ex9yMEz+QMmc2FjaIF/HQQdpJZaEtDM1Xm # 07VD4JvNJEplZ91A4SIxjHzqgLegfkyc384P7Nn+SJL3XK2FK+VAFxdvZNXcrkt2 # WoAtKo0PclJOmHheHImWSqfCxRispYkKT9w7J/84fidQxSj83NPqoCfUmcy3bWKY # jRZ6PPDXlXERRvl825dXOfmCKGYJXHKyOEcU8/6djs7TDyK0eH9ss4G9mjPnVZzq # Gi/qxxtbddZtkREDd0Acdj947/BTwsYLuQPz7SNNUAmlZOvWALPU7OOVQlEZzO8u # Ec+QH24nep/yhKvFYp4sHtxUKm1ZPV4xdArhzxJGo48Be74kxL7q2AlTyValLV98 # u3FY07rNo4Xg9PMHC6sEAb0tSplojOHFtGtNb0r+sioSttvd8IyaMSfCPwhUxp+B # Td0exzQ1KnRSBOZpxZ8h0HmOlMJOInwFqrCvn5IjrSdjxKa/PzOTFPIYAfMZ4hJn # uKu15EUuv/f0Tmgrlfw+cC0HCz/5WnpWiFso2IPHZyfdbbOXO2EZ9gzB1wmNkbBz # hj8hFyImnycY+94Eo2GLavVTtgBiCcG1ILyQabKDbL7Vh/OearAxcRAmcuVAha07 # WiQx2aLghOSaZzKFOx44LmwUxRuaJ4vO/PRZ7EzAMIIHejCCBWKgAwIBAgIKYQ6Q # 0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNh # dGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5 # WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQD # Ex9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0B # AQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4 # BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe # 0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato # 88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v # ++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDst # rjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN # 91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4ji # JV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmh # D+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbi # wZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8Hh # hUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaI # jAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTl # UAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNV # HQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQF # TuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29m # dC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNf # MjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5t # aWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNf # MjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcC # ARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnlj # cHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5 # AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oal # mOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0ep # o/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1 # HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtY # SWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInW # H8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZ # iWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMd # YzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7f # QccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKf # enoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOpp # O6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZO # SEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGXYwghlyAgEBMIGVMH4xCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jv # c29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAANclfNIW0oEas8AAAAAA1ww # DQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYK # KwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIH7etgK0 # 1m0cpKZLIFLzKuZUbQG5dQtqPRa/kVGcNYnpMEIGCisGAQQBgjcCAQwxNDAyoBSA # EgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20w # DQYJKoZIhvcNAQEBBQAEggEAevUJ+qtx0CQ9tZtASDEk4WfDBv71ycLk7WpFg+H5 # I244PTHu6stIIqNCl6/KSSyi2IhhcxQQ0A/b2vhoL+lhMLuijo8vH65q+E6/mT0h # cz0dDzS9LjSlM2j6YZWqeLZTP7K+G1kncdb+Bj0LWnn4enkAUFpCUs9rB8ss2Ea1 # 9u3uaZ+1XaGCJEQkwLuo1ga6LCeqLJn63EXLjcwW5oSTwgXdkcnT2ieIsgAgHgsc # 9tpsFRMNbfAtAonL4OAEf9AMgMfyUxRB3dn3eHbjG9xDhg/AKAhhKGFSIw10C5pd # oX7EIrIuRQ45jxHETXwZER0laYk/Ubm+c19nCIPTSWJI5aGCFwAwghb8BgorBgEE # AYI3AwMBMYIW7DCCFugGCSqGSIb3DQEHAqCCFtkwghbVAgEDMQ8wDQYJYIZIAWUD # BAIBBQAwggFRBgsqhkiG9w0BCRABBKCCAUAEggE8MIIBOAIBAQYKKwYBBAGEWQoD # ATAxMA0GCWCGSAFlAwQCAQUABCCtSBwBaQ5nRcWyHyUzXj3VOKPCuDVTVnsh3qZk # aWm35wIGZF1oa0FkGBMyMDIzMDUxNzIyNTcxNC4xMTlaMASAAgH0oIHQpIHNMIHK # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxN # aWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMSYwJAYDVQQLEx1UaGFsZXMgVFNT # IEVTTjo4QTgyLUUzNEYtOUREQTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3Rh # bXAgU2VydmljZaCCEVcwggcMMIIE9KADAgECAhMzAAABwvp9hw5UU0ckAAEAAAHC # MA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n # dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y # YXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4X # DTIyMTEwNDE5MDEyOFoXDTI0MDIwMjE5MDEyOFowgcoxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVyaWNh # IE9wZXJhdGlvbnMxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOjhBODItRTM0Ri05 # RERBMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIICIjAN # BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtfEJvPKOSFn3petp9wco29/UoJmD # DyHpmmpRruRVWBF37By0nvrszScOV/K+LvHWWWC4S9cme4P63EmNhxTN/k2CgPnI # t/sDepyACSkya4ukqc1sT2I+0Uod0xjy9K2+jLH8UNb9vM3yH/vCYnaJSUqgtqZU # ly82pgYSB6tDeZIYcQoOhTI+M1HhRxmxt8RaAKZnDnXgLdkhnIYDJrRkQBpIgaht # ExtTuOkmVp2y8YCoFPaUhUD2JT6hPiDD7qD7A77PLpFzD2QFmNezT8aHHhKsVBuJ # MLPXZO1k14j0/k68DZGts1YBtGegXNkyvkXSgCCxt3Q8WF8laBXbDnhHaDLBhCOB # aZQ8jqcFUx8ZJSXQ8sbvEnmWFZmgM93B9P/JTFTF6qBVFMDd/V0PBbRQC2TctZH4 # bfv+jyWvZOeFz5yltPLRxUqBjv4KHIaJgBhU2ntMw4H0hpm4B7s6LLxkTsjLsajj # CJI8PiKi/mPKYERdmRyvFL8/YA/PdqkIwWWg2Tj5tyutGFtfVR+6GbcCVhijjy7l # 7otxa/wYVSX66Lo0alaThjc+uojVwH4psL+A1qvbWDB9swoKla20eZubw7fzCpFe # 6qs++G01sst1SaA0GGmzuQCd04Ue1eH3DFRDZPsN+aWvA455Qmd9ZJLGXuqnBo4B # XwVxdWZNj6+b4P8CAwEAAaOCATYwggEyMB0GA1UdDgQWBBRGsYh76V41aUCRXE9W # vD++sIfGajAfBgNVHSMEGDAWgBSfpxVdAF5iXYP05dJlpxtTNRnpcjBfBgNVHR8E # WDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9N # aWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcmwwbAYIKwYB # BQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20v # cGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEw # KDEpLmNydDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqG # SIb3DQEBCwUAA4ICAQARdu3dCkcLLPfaJ3rR1M7D9jWHvneffkmXvFIJtqxHGWM1 # oqAh+bqxpI7HZz2MeNhh1Co+E9AabOgj94Sp1seXxdWISJ9lRGaAAWzA873aTB3/ # SjwuGqbqQuAvUzBFCO40UJ9anpavkpq/0nDqLb7XI5H+nsmjFyu8yqX1PMmnb4s1 # fbc/F30ijaASzqJ+p5rrgYWwDoMihM5bF0Y0riXihwE7eTShak/EwcxRmG3h+OT+ # Ox8KOLuLqwFFl1siTeQCp+YSt4J1tWXapqGJDlCbYr3Rz8+ryTS8CoZAU0vSHCOQ # cq12Th81p7QlHZv9cTRDhZg2TVyg8Gx3X6mkpNOXb56QUohI3Sn39WQJwjDn74J0 # aVYMai8mY6/WOurKMKEuSNhCiei0TK68vOY7sH0XEBWnRSbVefeStDo94UIUVTwd # 2HmBEfY8kfryp3RlA9A4FvfUvDHMaF9BtvU/pK6d1CdKG29V0WN3uVzfYETJoRpj # LYFGq0MvK6QVMmuNxk3bCRfj1acSWee14UGjglxWwvyOfNJe3pxcNFOd8Hhyp9d4 # AlQGVLNotaFvopgPLeJwUT3dl5VaAAhMwvIFmqwsffQy93morrprcnv74r5g3ejC # 39NYpFEoy+qmzLW1jFa1aXE2Xb/KZw2yawqldSp0Hu4VEkjGxFNc+AztIUWwmTCC # B3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZIhvcNAQELBQAw # gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMT # KU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIx # MDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg # UENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM57Ry # IQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25PhdgM/9cT8dm95VT # cVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPFdvWGUNzBRMhx # XFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6GnszrYBbfowQ # HJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBpDco2LXCOMcg1 # KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50ZuyjLVwIYwXE8s # 4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW/aUg # fX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3 # Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je # 1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUY # hEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PAPBXbGjfHCBUY # P3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkwEgYJKwYBBAGC # NxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4w # HQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARVMFMwUQYMKwYB # BAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcD # CDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0T # AQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNV # HR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9w # cm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEE # TjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2Nl # cnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOC # AgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0xM7U518JxNj/a # ZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmCVgADsAW+iehp # 4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449xvNo32X2pFaq # 95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wMnosZiefwC2qB # woEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG # +jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2dY3RILLFORy3B # FARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77 # IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJ # fn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokLjzbaukz5m/8K # 6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDx # yKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggLOMIICNwIBATCB # +KGB0KSBzTCByjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO # BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEl # MCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEmMCQGA1UECxMd # VGhhbGVzIFRTUyBFU046OEE4Mi1FMzRGLTlEREExJTAjBgNVBAMTHE1pY3Jvc29m # dCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAMp1N1VLhPMvWXEo # ZfmF4apZlnRUoIGDMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw # DQYJKoZIhvcNAQEFBQACBQDoD8/LMCIYDzIwMjMwNTE4MDYxMjI3WhgPMjAyMzA1 # MTkwNjEyMjdaMHcwPQYKKwYBBAGEWQoEATEvMC0wCgIFAOgPz8sCAQAwCgIBAAIC # Bv4CAf8wBwIBAAICEbswCgIFAOgRIUsCAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYK # KwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUF # AAOBgQAOcEM/tGVYofgsVgmB7+n9LL+gyOSZJeGjbYdz/brGNvqgplomk5u+xahu # MEp+QnDQHmvhm2qIT1WX4XPuhOkJMCGoGaZwlYVDicgU4+FCl0xyidK8NLKdiLeD # 3BhHPYDHSBzXLc4kQjHmZl3qImC8rdx28Lq4wZKwsOhWiS8yhTGCBA0wggQJAgEB # MIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABwvp9hw5UU0ck # AAEAAAHCMA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcN # AQkQAQQwLwYJKoZIhvcNAQkEMSIEIMNpb1vWLYvl3f4JwkTvWnlRsapfO+v+2hxO # jbNrW5TWMIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgypNgW8fpsMV57r0F # 5beUuiEVOVe4BdmaO+e28mGDUBYwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEG # A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFt # cCBQQ0EgMjAxMAITMwAAAcL6fYcOVFNHJAABAAABwjAiBCCb5c/0EjdIPNI3b3R2 # wqfJX2Pf2Bx1/pzWJ/cik6fIMDANBgkqhkiG9w0BAQsFAASCAgAvxIv52UcrRfcj # 0MxxTC3x84m/ThOJss/OXxTCmyOPKVTnle1abLMwBqhcK3bb5IkbsNhzFfMEyeAh # tiYOmFTdIoiyuVU7euVIKzvkwxfaLgChqiRR8EKg5CvlORTGoGE9LkcKOml88Ftm # XTAKwaViYwukI94TcGVsEDjst5LS899NsgiBvKA19iqUoxrHF/YSLcURmgiG/1K0 # k/et1jD+pRiYe/eF708Ck6A7gZZ+nAa4hasc45afx/P5x8fHg/jIoX5R+Wx5UFDO # bKXENoL8l+RSOoYOv4AkoCcGSJN6FqeuhZs1gmSGuRnpeqqxWjVBwcCTGoH4Dg0C # fM5fc/qiHaV1y57weFoe3IhPLWwCMTfpZxSXMET2Kiq4+mNxhIBxG8S4KXdn81sx # PaUP16XUTY4SdYkjFjlbRNJ35Kb6B+HztYRxal71F5roThfPqztPKfqVo49oSwQD # beLYYa1289oH35wiUqP/2OzAUQL/F27/G746uJhdz8dOPFRu7hDdH9w2DZ41WRPb # tCOIzkqq+KtNp33eSRFROI/KbM47Ab+h/SuHQ2EEHWH8PWpl5fwDhl9slzsEo6CF # 5wzXKBpLaJ2eW03maFhNoVQ8HgIc+kK0kDdvw6nIDOXaG765Rp//E0HaiXwlMpcu # 02cFrmZJLI+4l1Y0z8qjnJgJWYubxA== # SIG # End signature block |