Set-ManagedByTenantForAadds

1.1

Set-ManagedByTenantForAadds.ps1

                                <#PSScriptInfo

.VERSION 1.1

.GUID ab5fb1d9-e8dd-42c9-9a58-552e06e97bdb

.AUTHOR aaddsfb@microsoft.com

.COMPANYNAME Microsoft Corporation

.COPYRIGHT (c) Microsoft Corporation

.TAGS Azure-AD-Domain-Services Migration

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES

    02/18/2023 - Initial release

    03/31/2023 - Allow an admin group name to be specified

#>

<#

.SYNOPSIS

    Uses AzureLighthouse to set up the subscription to be managed by the tenant in order

    to temporarily resolve tenant-subscription mismatch scenario. This allows the classic

    AADDS resource to be migrated to ARM.

.DESCRIPTION

    Uses AzureLighthouse to set up the subscription to be managed by the tenant in order

    to temporarily resolve tenant-subscription mismatch scenario. This allows the classic

    AADDS resource to be migrated to ARM.

.PARAMETER managedByTenantId [MANDATORY]

    The tenant id of the AADDS instance.

.PARAMETER subscriptionId [MANADATORY]

    The subscription id of the AADDS instance.

.PARAMETER adminGroupName [MANADATORY]

    The admin group name in the tenant corresponding to the tenant id of the AADDS instance

    to be granted the permission to manage the subscription.

#>

[CmdletBinding()]

Param (

    [Parameter(Mandatory=$true)]

    [string] $managedByTenantId,

    [Parameter(Mandatory=$true)]

    [string] $subscriptionId,

    [Parameter(Mandatory=$true)]

    [string] $adminGroupName

)

$VerbosePreference = 'Continue'

# Constants

$armServiceAppId = "443155a6-77f3-45e3-882b-22b3a8d431fb"

$armOpsAppId = "abba844e-bc0e-44b0-947a-dc74e5d09022"

$managedServices = "Microsoft.ManagedServices"

$contributorRoleName = "Contributor"

$contributorRoleId = "b24988ac-6180-42a0-ab88-20f7382dd24c"

$subscriptionScope = "/subscriptions/$subscriptionId"

Write-Verbose "Log on to the Azure AD tenant specified by the AADDS resource's tenant id '$managedByTenantId'"

$context = Connect-AzureAD -TenantId $managedByTenantId

$principalIds = @()

$principalNames = @()

# Obtain admin user's object id

$logonUser = Get-AzureADUser -Filter "userPrincipalName eq '$($context.Account.Id)'" -ErrorAction Ignore

if ($null -eq $logonUser)

{

    Write-Error "Cannot retrieve the object id of the logon user in the tenant '$managedByTenantId'."

    return

}

$principalIds += $logonUser.ObjectId

$principalNames += "user $($context.Account.Id)"

# Find the admin aad group's object id

$adminGroup = Get-AzureADGroup -Filter "displayName eq '$adminGroupName'" -ErrorAction Ignore

if ($null -eq $adminGroup)

{

    Write-Error "Cannot retrieve the object id of the admin group '$adminGroupName' in the tenant '$managedByTenantId'."

    return

}

$principalIds += $adminGroup.ObjectId

$principalNames += "group $adminGroupName"

# Obtain a couple of DCaaS service principals

$appIds = @($armServiceAppId, $armOpsAppId)

foreach ($appId in $appIds)

{

    $app = Get-AzureADServicePrincipal -Filter "AppId eq '$appId'" -ErrorAction Ignore

    if ($null -eq $app)

    {

        Write-Error "Service principal for AppId '$appId' not found."

        Write-Error "Please create it using this command: New-AzureADServicePrincipal -AppId '$appId'"

        return

    }

    $principalIds += $app.ObjectId

    $principalNames += "application $appId"

}

Write-Verbose "Log on to the subscription '$subscriptionId' which contains the AADDS resource"

Connect-AzAccount | Out-Null

Set-AzContext -SubscriptionId $subscriptionId -ErrorAction Stop | Out-Null

$managedServicesRps = Get-AzResourceProvider -ProviderNamespace $managedServices

$registered = $null -ne $managedServicesRps -and ($managedServicesRps | Where-Object { $_.RegistrationState -ne 'Registered'}).Count -eq 0

if ($registered -eq $false)

{

    Write-Verbose "Registering $managedServices ..."

    Register-AzResourceProvider -ProviderNamespace $managedServices -ErrorAction Stop

    Write-Verbose "Registered $managedServices."

}

for ($i = 0; $i -lt $principalIds.Count; $i++)

{

    $principalId = $principalIds[$i]

    $principalName = $principalNames[$i]

    Write-Verbose "Checking ManagedServicesAssignment for $principalName ..."

    $assignment = Get-AzManagedServicesAssignment -Name $principalId -ErrorAction Ignore

    if ($null -eq $assignment)

    {

        $definition = Get-AzManagedServicesDefinition -Name $principalId -ErrorAction Ignore

        if ($null -eq $definition)

        {

            Write-Verbose "Creating ManagedServicesDefinition for $principalName ..."

            $auth = New-AzManagedServicesAuthorizationObject -PrincipalId $principalId -RoleDefinitionId $contributorRoleId

            $definition = New-AzManagedServicesDefinition `

                -Name $principalId `

                -RegistrationDefinitionName "$principalId as $contributorRoleName" `

                -ManagedByTenantId $managedByTenantId `

                -Authorization $auth `

                -Scope $subscriptionScope `

                -Description "$principalName ($principalId) as $contributorRoleName" `

                -ErrorAction Stop

            Write-Verbose "Created ManagedServicesDefinition for $principalName : $($definition.Id)."

        }

        Write-Verbose "Creating ManagedServicesAssignment for $principalName ..."

        $assignment = New-AzManagedServicesAssignment -Name $principalId -RegistrationDefinitionId $definition.Id -ErrorAction Stop

        Write-Verbose "Created ManagedServicesAssignment for $principalName : $($assignment.Id)."

    }

    else

    {

        Write-Verbose "Found ManagedServicesAssignment for $principalName."

    }

}

# SIG # Begin signature block

# MIIrgwYJKoZIhvcNAQcCoIIrdDCCK3ACAQExDzANBglghkgBZQMEAgEFADB5Bgor

# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG

# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCB3gZz2E5xsuxro

# DpwGk+A7PpTgwlb/EKw5kFOgEn3km6CCEXgwggiIMIIHcKADAgECAhM2AAABrtGg

# awyYSKRjAAIAAAGuMA0GCSqGSIb3DQEBCwUAMEExEzARBgoJkiaJk/IsZAEZFgNH

# QkwxEzARBgoJkiaJk/IsZAEZFgNBTUUxFTATBgNVBAMTDEFNRSBDUyBDQSAwMTAe

# Fw0yMjA2MTAxODI3MDRaFw0yMzA2MTAxODI3MDRaMC8xLTArBgNVBAMTJE1pY3Jv

# c29mdCBBenVyZSBEZXBlbmRlbmN5IENvZGUgU2lnbjCCASIwDQYJKoZIhvcNAQEB

# BQADggEPADCCAQoCggEBALKu+NphKS+D7sydHrBfyKPPze6NFPivnznPzn0744z/

# N8+g1/Ta2S/OX1G+6wxfalLcxUOHg+AvojK73NW9m4azxoPBmzavK0BH0bqdESZr

# zOx/XR8LZPZFF+qtn5egvKlX1IWZUKCmEACjphupjlIbZq6mngG7hfPWlS3naegL

# I96m10lTMgek3B8tKVIcu9X/fiS5Br0GEtIOfRuPZMqE1CR+nlCI8cEFSYy1D71b

# IcOOof/7tSQipnYMUNd77+sx+rTPNtvsVqOfJajAd03OrvYjtikJbpdKtFtael4S

# tIUTJrEB/FkTMsY6YjwcxwcUHAVO9IUhU4DS7fC0XTkCAwEAAaOCBYkwggWFMCkG

# CSsGAQQBgjcVCgQcMBowDAYKKwYBBAGCN1sDATAKBggrBgEFBQcDAzA8BgkrBgEE

# AYI3FQcELzAtBiUrBgEEAYI3FQiGkOMNhNW0eITxiz6Fm90Wzp0SgWDigi2HkK4D

# AgFkAgEOMIICdgYIKwYBBQUHAQEEggJoMIICZDBiBggrBgEFBQcwAoZWaHR0cDov

# L2NybC5taWNyb3NvZnQuY29tL3BraWluZnJhL0NlcnRzL0JZMlBLSUNTQ0EwMS5B

# TUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAwMSgyKS5jcnQwUgYIKwYBBQUHMAKGRmh0

# dHA6Ly9jcmwxLmFtZS5nYmwvYWlhL0JZMlBLSUNTQ0EwMS5BTUUuR0JMX0FNRSUy

# MENTJTIwQ0ElMjAwMSgyKS5jcnQwUgYIKwYBBQUHMAKGRmh0dHA6Ly9jcmwyLmFt

# ZS5nYmwvYWlhL0JZMlBLSUNTQ0EwMS5BTUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAw

# MSgyKS5jcnQwUgYIKwYBBQUHMAKGRmh0dHA6Ly9jcmwzLmFtZS5nYmwvYWlhL0JZ

# MlBLSUNTQ0EwMS5BTUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAwMSgyKS5jcnQwUgYI

# KwYBBQUHMAKGRmh0dHA6Ly9jcmw0LmFtZS5nYmwvYWlhL0JZMlBLSUNTQ0EwMS5B

# TUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAwMSgyKS5jcnQwga0GCCsGAQUFBzAChoGg

# bGRhcDovLy9DTj1BTUUlMjBDUyUyMENBJTIwMDEsQ049QUlBLENOPVB1YmxpYyUy

# MEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9

# QU1FLERDPUdCTD9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlm

# aWNhdGlvbkF1dGhvcml0eTAdBgNVHQ4EFgQU2qSRZ/U4+8zhu4qj+cefLecAfY8w

# DgYDVR0PAQH/BAQDAgeAMEUGA1UdEQQ+MDykOjA4MR4wHAYDVQQLExVNaWNyb3Nv

# ZnQgQ29ycG9yYXRpb24xFjAUBgNVBAUTDTIzNjE2OSs0NzA4NjYwggHmBgNVHR8E

# ggHdMIIB2TCCAdWgggHRoIIBzYY/aHR0cDovL2NybC5taWNyb3NvZnQuY29tL3Br

# aWluZnJhL0NSTC9BTUUlMjBDUyUyMENBJTIwMDEoMikuY3JshjFodHRwOi8vY3Js

# MS5hbWUuZ2JsL2NybC9BTUUlMjBDUyUyMENBJTIwMDEoMikuY3JshjFodHRwOi8v

# Y3JsMi5hbWUuZ2JsL2NybC9BTUUlMjBDUyUyMENBJTIwMDEoMikuY3JshjFodHRw

# Oi8vY3JsMy5hbWUuZ2JsL2NybC9BTUUlMjBDUyUyMENBJTIwMDEoMikuY3JshjFo

# dHRwOi8vY3JsNC5hbWUuZ2JsL2NybC9BTUUlMjBDUyUyMENBJTIwMDEoMikuY3Js

# hoG9bGRhcDovLy9DTj1BTUUlMjBDUyUyMENBJTIwMDEoMiksQ049QlkyUEtJQ1ND

# QTAxLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNl

# cyxDTj1Db25maWd1cmF0aW9uLERDPUFNRSxEQz1HQkw/Y2VydGlmaWNhdGVSZXZv

# Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50

# MB8GA1UdIwQYMBaAFJZRhOBrb3v+2Aarw/KF5imuavnUMB8GA1UdJQQYMBYGCisG

# AQQBgjdbAwEGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQBHvlNi7Gk6Vqrf

# hyFijoE7EW8Sm3vZVK8Sdz/FuwGlqdL6zuWiL39Ljcl84Za88Sr5F9ybWSq9OmvP

# pC3dyIkAinpGd5K5i19kKYiGgKzLZZ1AsAy7M0f05UcdNb6A3LLw5MrHJU3GjQfL

# Zb4fWlfxVVOzfuhm9bk4/50r/u3a3yrM+2HhqdtJhqhYSuTYEo6EMwyV+UsIWZDb

# qphHduHtmRZjFr1mdubeyd25xucXz95Djg/2IP+7iEqvL3NKKRPMlA4YJs2yaDy/

# XnHqIAmjl09J/J79uBqk+K04OELQFgmFqqaXOPHg7BBGuSO2gIv3JWCN5+GkT80P

# p0KonbVWMIII6DCCBtCgAwIBAgITHwAAAFHqj/accwyoOwAAAAAAUTANBgkqhkiG

# 9w0BAQsFADA8MRMwEQYKCZImiZPyLGQBGRYDR0JMMRMwEQYKCZImiZPyLGQBGRYD

# QU1FMRAwDgYDVQQDEwdhbWVyb290MB4XDTIxMDUyMTE4NDQxNFoXDTI2MDUyMTE4

# NTQxNFowQTETMBEGCgmSJomT8ixkARkWA0dCTDETMBEGCgmSJomT8ixkARkWA0FN

# RTEVMBMGA1UEAxMMQU1FIENTIENBIDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A

# MIIBCgKCAQEAyZpSCX0Bno1W1yqXMhT6BUlJZWpa4p3xFeiTHO4vm2Q6C/azR5xw

# xnyYHrkSGDtS2P9X+KDE64V20mmEQkubxnPNeOVnE2RvdPGxgwlq+BhS3ONdVsQP

# j79q7XgHM9HhzB9+qk0PC9KN1zm9p/seyiRS6JF1dbOqRf1pUl7FAVxmgiCFgV8h

# HIb/rDPXig7FDi3S0yEx2CUDVpIq8jEhG8anUFE1WYxM+ni0S5KHwwKPKV4qyGDo

# DO+9AmDoma3Chyu5WDlW5cdtqXTWsGPE3umtnX6AmlldUFLms4OVR4guKf+n5LIB

# CC6bTiocfXPomqYjYTKx7AGMfaVLaaXmhQIDAQABo4IE3DCCBNgwEgYJKwYBBAGC

# NxUBBAUCAwIAAjAjBgkrBgEEAYI3FQIEFgQUEmgkQiFHy9RrvjHPIKTACyN/P0cw

# HQYDVR0OBBYEFJZRhOBrb3v+2Aarw/KF5imuavnUMIIBBAYDVR0lBIH8MIH5Bgcr

# BgEFAgMFBggrBgEFBQcDAQYIKwYBBQUHAwIGCisGAQQBgjcUAgEGCSsGAQQBgjcV

# BgYKKwYBBAGCNwoDDAYJKwYBBAGCNxUGBggrBgEFBQcDCQYIKwYBBQUIAgIGCisG

# AQQBgjdAAQEGCysGAQQBgjcKAwQBBgorBgEEAYI3CgMEBgkrBgEEAYI3FQUGCisG

# AQQBgjcUAgIGCisGAQQBgjcUAgMGCCsGAQUFBwMDBgorBgEEAYI3WwEBBgorBgEE

# AYI3WwIBBgorBgEEAYI3WwMBBgorBgEEAYI3WwUBBgorBgEEAYI3WwQBBgorBgEE

# AYI3WwQCMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAS

# BgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFCleUV5krjS566ycDaeMdQHR

# CQsoMIIBaAYDVR0fBIIBXzCCAVswggFXoIIBU6CCAU+GMWh0dHA6Ly9jcmwubWlj

# cm9zb2Z0LmNvbS9wa2lpbmZyYS9jcmwvYW1lcm9vdC5jcmyGI2h0dHA6Ly9jcmwy

# LmFtZS5nYmwvY3JsL2FtZXJvb3QuY3JshiNodHRwOi8vY3JsMy5hbWUuZ2JsL2Ny

# bC9hbWVyb290LmNybIYjaHR0cDovL2NybDEuYW1lLmdibC9jcmwvYW1lcm9vdC5j

# cmyGgapsZGFwOi8vL0NOPWFtZXJvb3QsQ049QU1FUm9vdCxDTj1DRFAsQ049UHVi

# bGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlv

# bixEQz1BTUUsREM9R0JMP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9v

# YmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCCAasGCCsGAQUFBwEBBIIB

# nTCCAZkwRwYIKwYBBQUHMAKGO2h0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2lp

# bmZyYS9jZXJ0cy9BTUVSb290X2FtZXJvb3QuY3J0MDcGCCsGAQUFBzAChitodHRw

# Oi8vY3JsMi5hbWUuZ2JsL2FpYS9BTUVSb290X2FtZXJvb3QuY3J0MDcGCCsGAQUF

# BzAChitodHRwOi8vY3JsMy5hbWUuZ2JsL2FpYS9BTUVSb290X2FtZXJvb3QuY3J0

# MDcGCCsGAQUFBzAChitodHRwOi8vY3JsMS5hbWUuZ2JsL2FpYS9BTUVSb290X2Ft

# ZXJvb3QuY3J0MIGiBggrBgEFBQcwAoaBlWxkYXA6Ly8vQ049YW1lcm9vdCxDTj1B

# SUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u

# ZmlndXJhdGlvbixEQz1BTUUsREM9R0JMP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmpl

# Y3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBCwUAA4IC

# AQBQECO3Tw/o317Rrd7yadqcswPx1LvIYymkaTN6KcmuRt6HKa0Xe73Ux2/AQ30T

# fgA9GBJngweRykKBusRzyOU17iIubJvy3gA21dwtqtB0DsoEv1U/ptVu2v++doTC

# J/i+GbssVXkgaX8H+6EOGEmT4evp4GbwR4HwWlc+Dvf8HH8PdUA2Z04CvcwIfckS

# ipbNm84jxJ8XjmTFTWscldL9edj2NsY6iGnyJFIyur2PS7VRYyV3p1VAJp91gj1j

# RQtWEyCB8P5g9nE3z8u0ANaU/hjwEQCrdGyravWgnf2JtG+bT26YAokbc8m+32zU

# tXRO+NK3tAjhOu2FdsG3qNrF4sc7y37R/C+7Pcb/cFfhttqsirepZii4xStcjMOD

# YuXzGm3IJs0b0owHG6oKd7ZOGvHpmmh9K8/DLriD/sq8bURD10qi/wuW8zM7IpLg

# 1vcR9dIK2mc0pj44pc6UX0XbttP/VEJgu3lT2eI9VjWtaKjx38xE9woSMyekPRtz

# TwgfuysF9DkJisr+yA4po/FPxpbBw9c/hBf32DH/GFxteS2pmjgKIbMP8sDukmEq

# 3lVvuWNJsybrZwQvQpvaM49fv+JKpLK5YWYEfwksYRR9wU8Hh/ID9hRCEkbUoQ2W

# 7mMpsp2Nbp/kcn4ivfolUy3Q9Yf0scsQ6WTLYpm+AoCUJTGCGWEwghldAgEBMFgw

# QTETMBEGCgmSJomT8ixkARkWA0dCTDETMBEGCgmSJomT8ixkARkWA0FNRTEVMBMG

# A1UEAxMMQU1FIENTIENBIDAxAhM2AAABrtGgawyYSKRjAAIAAAGuMA0GCWCGSAFl

# AwQCAQUAoIGuMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcC

# AQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCC80dZ2U8OTyDnEv4/u

# 6PEdBVCNiNH86knW06AUAM/4vTBCBgorBgEEAYI3AgEMMTQwMqAUgBIATQBpAGMA

# cgBvAHMAbwBmAHShGoAYaHR0cDovL3d3dy5taWNyb3NvZnQuY29tMA0GCSqGSIb3

# DQEBAQUABIIBAImaElpfTnQYLehjHKH4aduOdPKxiNURGPuKJjrIE4hrMZlTK48q

# oYpBlRnJzYhH42d7EnHez9YLzFfaMbp/tLkAvUmmOdBt/Nws1j2HmQ7pMON3qJG1

# Yw+lM+9BrrrlgVZgmyvkY40EfczG4enDNLL3wCCwLzxpYL+YJ2nrR8AXu46DYv1+

# MdcpvNOkJKkBfiFOISvT+PS2VPbYdFb8VvGbyEkITIDv/uAXrqtNfkKR/tHGkCgZ

# BKVuuYGQYOXdrFY5FQnVLimYhAOQVsvC8jCa/c4WJ8sSREXtd9tEyzMcZ5sESSpT

# uxeHHAyb/aP28GREnTFkCZVEEVHmOMFHLm2hghcpMIIXJQYKKwYBBAGCNwMDATGC

# FxUwghcRBgkqhkiG9w0BBwKgghcCMIIW/gIBAzEPMA0GCWCGSAFlAwQCAQUAMIIB

# WQYLKoZIhvcNAQkQAQSgggFIBIIBRDCCAUACAQEGCisGAQQBhFkKAwEwMTANBglg

# hkgBZQMEAgEFAAQggF4YN9iaQne7HqgGaRYE/yvX0HBf1RteTcaZ6C90mloCBmQa

# 7JkuoBgTMjAyMzA0MDMwNzI5MDEuODM2WjAEgAIB9KCB2KSB1TCB0jELMAkGA1UE

# BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc

# BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0

# IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNT

# IEVTTjoyQUQ0LTRCOTItRkEwMTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3Rh

# bXAgU2VydmljZaCCEXgwggcnMIIFD6ADAgECAhMzAAABscqQQ+4L8AOrAAEAAAGx

# MA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n

# dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y

# YXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4X

# DTIyMDkyMDIwMjE1OVoXDTIzMTIxNDIwMjE1OVowgdIxCzAJBgNVBAYTAlVTMRMw

# EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN

# aWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5k

# IE9wZXJhdGlvbnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046MkFE

# NC00QjkyLUZBMDExJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZp

# Y2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCGoqs+1ewbx+yDjDxH

# gzNlMAqTPC8QFD3ie1L7vatEYgwXQYLIQv0g63t/2CQahqZ9u2u11jjL4ogVHzDX

# 3+dTcShaEl+thqat+mC0WZNoTdcIoKwjuues+aVU4yad0PI3WACV967iXmt3HH04

# MQIE91L/7D+MNPsmQGGtiWWpVdzAYCBYt1cChQOApUHK/leEqRs6s/H2qmm5mMqb

# id+WZ/Bv9tNaQDdowxDru0GgwtKxsg3cEk1Zl3BzOOhBVejdhevZ8H49g2Ye+IJw

# NQwezRXGZ/uL9ZKkFp+wMwSfpZjsbyq1EZVf7tfTMNWD/s1UMsyp+f+K/77mEkY/

# 7YWa/hZmQFLUwGnC86LgRDbmkgbjmNZN99HjKfJ53UjVLFI4/55+4HHRas3UDbnS

# W/l8ZkcIvS8IwNP/D5TrCk2fF8OhBFj1S3zaI0rlqWTE2jM8/8M0j6eSdNpKWJpH

# ZedJcMhkSzuV+4liDSpqF8knUJkXYhjE5L0UrVysSKBJvxCcQmiPpOEt/gVilgtO

# xFeU91Bu8GxW+C374G22ijOfB8rQMow5zvXxItL66fCRU7RoXbcIRBJK2jLRlbfg

# r5xtGZR+Jr6T0T7iW6hOdPXugqph8M07lGTxTBVryZ+Hz79Hd9lrPY79mGJhP9Fk

# dX1C7Pk8caVoJ9c9DwDrMUmUTwIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFPSbZ5Hv

# Da2EivXxZ6FRNKa9DjmTMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1Gely

# MF8GA1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lv

# cHMvY3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNy

# bDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9z

# b2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBD

# QSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYB

# BQUHAwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQDY5zeSaqXl

# UoSK0CGgEJzVTr9XAxJgpA+qELn1/TRjl9vCcP4HZBrTCcmoANJVW7psEJWuSz4Q

# ZuS4yFFv+WmIc0pWe5cXg8pMOe8KdgKqDACZu213F7Sbfx8mkZTd+YQIQVfg5hpw

# SEXBOQtm0hRWN2rA+dClEgj5ipf9DRWnT3qDam4+WVJ2vFQHzEg7HcXssY7PK//V

# aasvJYCFQaka17Rbep9fhhaSftgIz7KXzzu2PmP6M7+XUxGLpuXgyw3Q9bYUJh5F

# vLNAQQ2yDk93fnVnTxE5H+dHzP5wC5DBHb2KNoMoiazkhtGvWdkv+pmyQVK4K5ID

# 6dh4y5MnEeDYcJeu3oQIVsSRig9oEZPPE9iily4kRwKGE2VaR24JGC7KQSybPQu+

# 2ZLsV7ryDhmiHexCQgTlUTCcoLcfBV6aErt41hHWrtFgTF8YVQMxB07u1Cltw8Pi

# hoFu0UZYa7efPUivJaz0rzzOjz56hBX+j1LE1TtGzpMypwt0zoLouCYZVpYooLRL

# YNUpTzMXHTLnPbmHVkntf9mFpq/Wa1dUbr6UkiryS0mA5Tn+mia6Z1+2CizEaMin

# c05HL18NSWX4pCXhiY30bNnE9iSG4jRBiuIubK0G1Qr4Ar3WFRFWV1VtSM/yySyv

# V2yJDDI5hAiRLGtO6GnSnDuHnfb2OmGARjCCB3EwggVZoAMCAQICEzMAAAAVxedr

# ngKbSZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYD

# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy

# b3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRp

# ZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4

# MzIyNVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV

# BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG

# A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3

# DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qls

# TnXIyjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLA

# EBjoYH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrE

# qv1yaa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyF

# Vk3v3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1o

# O5pGve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg

# 3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2

# TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07B

# MzlMjgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJ

# NmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6

# r1AFemzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+

# auIurQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3

# FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl

# 0mWnG1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUH

# AgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0

# b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMA

# dQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAW

# gBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8v

# Y3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRf

# MjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRw

# Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEw

# LTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL

# /Klv6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu

# 6WZnOlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5t

# ggz1bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfg

# QJY4rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8s

# CXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCr

# dTDFNLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZ

# c9d/HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2

# tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8C

# wYKiexcdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9

# JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDB

# cQZqELQdVTNYs6FwZvKhggLUMIICPQIBATCCAQChgdikgdUwgdIxCzAJBgNVBAYT

# AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD

# VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJ

# cmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVzIFRTUyBF

# U046MkFENC00QjkyLUZBMDExJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1w

# IFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAO1ksb6kA2wO78suvU59MD+QRscroIGD

# MIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV

# BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG

# A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEF

# BQACBQDn1JNSMCIYDzIwMjMwNDAzMDc1MDQyWhgPMjAyMzA0MDQwNzUwNDJaMHQw

# OgYKKwYBBAGEWQoEATEsMCowCgIFAOfUk1ICAQAwBwIBAAICI4YwBwIBAAICEbEw

# CgIFAOfV5NICAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgC

# AQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUFAAOBgQCQl5dUf/1hsj8v

# rSPqkZOzx48zYPfl/aQqnLwqq+gx78BcSWWXMX04nbZ+9y4w/PB7RflOlU3GeCGq

# A8oGB95Q3FAwbO1Oqk049JIDNYs4kwM3UCm8vgK/ZdTpV3tgZp1t5AGI6uhzO3UC

# 8xMWePHeKw+0ybC/7ycm+mNA5sTHQzGCBA0wggQJAgEBMIGTMHwxCzAJBgNVBAYT

# AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD

# VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBU

# aW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABscqQQ+4L8AOrAAEAAAGxMA0GCWCGSAFl

# AwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcN

# AQkEMSIEINaJJI78OADYHIPIvls7faaBlrdHXqgsbYtvpdpDLYlnMIH6BgsqhkiG

# 9w0BCRACLzGB6jCB5zCB5DCBvQQgg+0NixRb36ng6MvYKbt+benWHq6wztHDE5Ti

# KJs0z2wwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv

# bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0

# aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAA

# AbHKkEPuC/ADqwABAAABsTAiBCAiL1okQj5ZBZfUZcKuU0Q9Vu4oxdaiGvSGTV9q

# wGBuSjANBgkqhkiG9w0BAQsFAASCAgAuS454i82MiIe8vHQQt1eKWyHI/V0a3zzX

# iBy8/nE6TelKRDZzsGsbLq2TNwUF2F3tj/Q5ZkrpYCoLCsPwA4SquYs9tNy4xmg/

# wnn+nJYCudfOzHv/Cd9uOWlgYWngJiWIEG5Qhb3UGAjkuOp1R35hq44xM4Cg/ELU

# 1v3uba6JB9ss8l4FqQAXMCbAQTTRjxxZX2h5gjLozCOG1XM/6XDB8a1BUG+DjOrx

# RopJ+g1hxDp+HDfb9+pg2WVz+MJsX+cr3Pc+jEucDBCkNviBGbSr7oy6P1mNz+/o

# /eKd/Ovio6mtC/n7FI0hBYE0DZgal7IlrIXu0jAVT5A7QPOrWAU6EnNFrLqJip4F

# X9kcOO1SnN80rm7k6kYt7oZGV6CH+zWlKV3wpeFIafAC3EyWBv3rXxI+Tw0Icwvu

# SBU3ITNSbtTQqxd49pmXNZ5LNfbpTwElZLTyA/iC/P0ItOSWgMJUGV8LmjCUy3c8

# BGNa32Vi/K0igM3ZtrSTQ/HCWYxsoWbA9T4qblsiGDYNeiXMwj+vXipbH/RdDO9L

# BMWIwx7hcTRa+53BBx9gZXwZcXIjdddZ5Pf/I9y4BiWw98Jm8xn+a4cIlDj87F1g

# Lo5MAGkqVPMXeNnZ98ZxXdy7u2QNEGhq/ckOI5aOEhDC8+K1sgzvHzkJeVaYN6Gy

# +9n0R1jhMQ==

# SIG # End signature block