Set-ManagedByTenantForAadds

1.2.0

Set-ManagedByTenantForAadds.ps1

                                <#PSScriptInfo

.VERSION 1.2.0

.GUID ab5fb1d9-e8dd-42c9-9a58-552e06e97bdb

.AUTHOR aaddsfb@microsoft.com

.COMPANYNAME Microsoft Corporation

.COPYRIGHT (c) Microsoft Corporation

.TAGS Azure-AD-Domain-Services

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES

    02/18/2023 - Initial release

    03/31/2023 - Allow an admin group name to be specified

    01/09/2024 - Migrate from AzureAD PowerShell to MS Graph PowerShell, rebrand to Microsoft Entra Domain Services

#>

<#

.SYNOPSIS

    Uses AzureLighthouse to set up the subscription to be managed by the tenant in order

    to temporarily resolve tenant-subscription mismatch scenario.

.DESCRIPTION

    Uses AzureLighthouse to set up the subscription to be managed by the tenant in order

    to temporarily resolve tenant-subscription mismatch scenario.

.PARAMETER managedByTenantId [MANDATORY]

    The tenant id of the AADDS instance.

.PARAMETER subscriptionId [MANADATORY]

    The subscription id of the AADDS instance.

.PARAMETER adminGroupName [MANADATORY]

    The admin group name in the tenant corresponding to the tenant id of the AADDS instance

    to be granted the permission to manage the subscription.

.NOTES

    * This cmdlet requires you install the Microsoft Graph PowerShell SDK: https://review.learn.microsoft.com/en-us/powershell/microsoftgraph/installation?view=graph-powershell-1.0&branch=main

#>

[CmdletBinding()]

Param (

    [Parameter(Mandatory=$true)]

    [string] $managedByTenantId,

    [Parameter(Mandatory=$true)]

    [string] $subscriptionId,

    [Parameter(Mandatory=$true)]

    [string] $adminGroupName

)

$VerbosePreference = 'Continue'

# Constants

$armServiceAppId = "443155a6-77f3-45e3-882b-22b3a8d431fb"

$armOpsAppId = "abba844e-bc0e-44b0-947a-dc74e5d09022"

$managedServices = "Microsoft.ManagedServices"

$contributorRoleName = "Contributor"

$contributorRoleId = "b24988ac-6180-42a0-ab88-20f7382dd24c"

$subscriptionScope = "/subscriptions/$subscriptionId"

Write-Verbose "Log on to the Entra ID tenant specified by the AADDS resource's tenant id '$managedByTenantId'"

Connect-MgGraph -Scopes "Application.ReadWrite.All","Group.ReadWrite.All" -TenantId $managedByTenantId

$context = Get-MgContext

$principalIds = @()

$principalNames = @()

# Obtain admin user's object id

$logonUser = Get-MgUser -Filter "userPrincipalName eq '$($context.Account)'" -ErrorAction Ignore

if ($null -eq $logonUser)

{

    Write-Error "Cannot retrieve the id of the logon user in the tenant '$managedByTenantId'."

    return

}

$principalIds += $logonUser.Id

$principalNames += "user $($context.Account.Id)"

# Find the admin aad group's object id

$adminGroup = Get-MgGroup -Filter "displayName eq '$adminGroupName'" -ErrorAction Ignore

if ($null -eq $adminGroup)

{

    Write-Error "Cannot retrieve the object id of the admin group '$adminGroupName' in the tenant '$managedByTenantId'."

    return

}

$principalIds += $adminGroup.Id

$principalNames += "group $adminGroupName"

# Obtain a couple of DCaaS service principals

$appIds = @($armServiceAppId, $armOpsAppId)

foreach ($appId in $appIds)

{

    $app = Get-MgServicePrincipal -Filter "AppId eq '$appId'" -ErrorAction Ignore

    if ($null -eq $app)

    {

        Write-Error "Service principal for AppId '$appId' not found."

        Write-Error "Please create it using this command: New-MgServicePrincipal -AppId '$appId'"

        return

    }

    $principalIds += $app.Id

    $principalNames += "application $appId"

}

Write-Verbose "Log on to the subscription '$subscriptionId' which contains the AADDS resource"

Connect-AzAccount | Out-Null

Set-AzContext -SubscriptionId $subscriptionId -ErrorAction Stop | Out-Null

$managedServicesRps = Get-AzResourceProvider -ProviderNamespace $managedServices

$registered = $null -ne $managedServicesRps -and ($managedServicesRps | Where-Object { $_.RegistrationState -ne 'Registered'}).Count -eq 0

if ($registered -eq $false)

{

    Write-Verbose "Registering $managedServices ..."

    Register-AzResourceProvider -ProviderNamespace $managedServices -ErrorAction Stop

    Write-Verbose "Registered $managedServices."

}

for ($i = 0; $i -lt $principalIds.Count; $i++)

{

    $principalId = $principalIds[$i]

    $principalName = $principalNames[$i]

    Write-Verbose "Checking ManagedServicesAssignment for $principalName ..."

    $assignment = Get-AzManagedServicesAssignment -Name $principalId -ErrorAction Ignore

    if ($null -eq $assignment)

    {

        $definition = Get-AzManagedServicesDefinition -Name $principalId -ErrorAction Ignore

        if ($null -eq $definition)

        {

            Write-Verbose "Creating ManagedServicesDefinition for $principalName ..."

            $auth = New-AzManagedServicesAuthorizationObject -PrincipalId $principalId -RoleDefinitionId $contributorRoleId

            $definition = New-AzManagedServicesDefinition `

                -Name $principalId `

                -RegistrationDefinitionName "$principalId as $contributorRoleName" `

                -ManagedByTenantId $managedByTenantId `

                -Authorization $auth `

                -Scope $subscriptionScope `

                -Description "$principalName ($principalId) as $contributorRoleName" `

                -ErrorAction Stop

            Write-Verbose "Created ManagedServicesDefinition for $principalName : $($definition.Id)."

        }

        Write-Verbose "Creating ManagedServicesAssignment for $principalName ..."

        $assignment = New-AzManagedServicesAssignment -Name $principalId -RegistrationDefinitionId $definition.Id -ErrorAction Stop

        Write-Verbose "Created ManagedServicesAssignment for $principalName : $($assignment.Id)."

    }

    else

    {

        Write-Verbose "Found ManagedServicesAssignment for $principalName."

    }

}

# SIG # Begin signature block

# MIIrgwYJKoZIhvcNAQcCoIIrdDCCK3ACAQExDzANBglghkgBZQMEAgEFADB5Bgor

# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG

# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCng3eyFNInzlNv

# pHM8ahd2F00IG3Nvb8zl70AkfW//paCCEXgwggiIMIIHcKADAgECAhM2AAABzxvV

# hIv3HFTwAAIAAAHPMA0GCSqGSIb3DQEBCwUAMEExEzARBgoJkiaJk/IsZAEZFgNH

# QkwxEzARBgoJkiaJk/IsZAEZFgNBTUUxFTATBgNVBAMTDEFNRSBDUyBDQSAwMTAe

# Fw0yMzAzMjAyMDAwMzJaFw0yNDAzMTkyMDAwMzJaMC8xLTArBgNVBAMTJE1pY3Jv

# c29mdCBBenVyZSBEZXBlbmRlbmN5IENvZGUgU2lnbjCCASIwDQYJKoZIhvcNAQEB

# BQADggEPADCCAQoCggEBAOREEBJi/WoqvCPTpdI+NM1fM/zljtamVZMTJaEFhALS

# 3v0oF6vWx7zJy9McdDOyA9wY8x75/uBmwl1n8d5l/cLSD+PExSnU1o/zDyr80He+

# K1yZlVCdYSYsoWDsOeYCI0+sf6O6U2Y2kp+pIVLSf1j7amZd+vkbjHCbxRA28njz

# MCxv66EZS2Sh5yTH+uFi+RzUWMaJltkPurDraCRNKKubmOpAmqbtaPu+FEIs+nyn

# +xzFwefTOGNanTyOs2wmxBJ8VkQGU9tlRlbNrURi/5TtdktoTnM0Vn4M/2MbPlYC

# QBcJtVadNVheejpKNhinXiZw8i9TsGHDOJvuz05Hl7UCAwEAAaOCBYkwggWFMCkG

# CSsGAQQBgjcVCgQcMBowDAYKKwYBBAGCN1sDATAKBggrBgEFBQcDAzA8BgkrBgEE

# AYI3FQcELzAtBiUrBgEEAYI3FQiGkOMNhNW0eITxiz6Fm90Wzp0SgWDigi2HkK4D

# AgFkAgEOMIICdgYIKwYBBQUHAQEEggJoMIICZDBiBggrBgEFBQcwAoZWaHR0cDov

# L2NybC5taWNyb3NvZnQuY29tL3BraWluZnJhL0NlcnRzL0JZMlBLSUNTQ0EwMS5B

# TUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAwMSgyKS5jcnQwUgYIKwYBBQUHMAKGRmh0

# dHA6Ly9jcmwxLmFtZS5nYmwvYWlhL0JZMlBLSUNTQ0EwMS5BTUUuR0JMX0FNRSUy

# MENTJTIwQ0ElMjAwMSgyKS5jcnQwUgYIKwYBBQUHMAKGRmh0dHA6Ly9jcmwyLmFt

# ZS5nYmwvYWlhL0JZMlBLSUNTQ0EwMS5BTUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAw

# MSgyKS5jcnQwUgYIKwYBBQUHMAKGRmh0dHA6Ly9jcmwzLmFtZS5nYmwvYWlhL0JZ

# MlBLSUNTQ0EwMS5BTUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAwMSgyKS5jcnQwUgYI

# KwYBBQUHMAKGRmh0dHA6Ly9jcmw0LmFtZS5nYmwvYWlhL0JZMlBLSUNTQ0EwMS5B

# TUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAwMSgyKS5jcnQwga0GCCsGAQUFBzAChoGg

# bGRhcDovLy9DTj1BTUUlMjBDUyUyMENBJTIwMDEsQ049QUlBLENOPVB1YmxpYyUy

# MEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9

# QU1FLERDPUdCTD9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlm

# aWNhdGlvbkF1dGhvcml0eTAdBgNVHQ4EFgQUF8EGJdg3VCco3OMElEnYjfOsKQAw

# DgYDVR0PAQH/BAQDAgeAMEUGA1UdEQQ+MDykOjA4MR4wHAYDVQQLExVNaWNyb3Nv

# ZnQgQ29ycG9yYXRpb24xFjAUBgNVBAUTDTIzNjE2OSs1MDAzNjQwggHmBgNVHR8E

# ggHdMIIB2TCCAdWgggHRoIIBzYY/aHR0cDovL2NybC5taWNyb3NvZnQuY29tL3Br

# aWluZnJhL0NSTC9BTUUlMjBDUyUyMENBJTIwMDEoMikuY3JshjFodHRwOi8vY3Js

# MS5hbWUuZ2JsL2NybC9BTUUlMjBDUyUyMENBJTIwMDEoMikuY3JshjFodHRwOi8v

# Y3JsMi5hbWUuZ2JsL2NybC9BTUUlMjBDUyUyMENBJTIwMDEoMikuY3JshjFodHRw

# Oi8vY3JsMy5hbWUuZ2JsL2NybC9BTUUlMjBDUyUyMENBJTIwMDEoMikuY3JshjFo

# dHRwOi8vY3JsNC5hbWUuZ2JsL2NybC9BTUUlMjBDUyUyMENBJTIwMDEoMikuY3Js

# hoG9bGRhcDovLy9DTj1BTUUlMjBDUyUyMENBJTIwMDEoMiksQ049QlkyUEtJQ1ND

# QTAxLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNl

# cyxDTj1Db25maWd1cmF0aW9uLERDPUFNRSxEQz1HQkw/Y2VydGlmaWNhdGVSZXZv

# Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50

# MB8GA1UdIwQYMBaAFJZRhOBrb3v+2Aarw/KF5imuavnUMB8GA1UdJQQYMBYGCisG

# AQQBgjdbAwEGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAy72n19XEpbA0F

# OW2VYlwvvLf8AVlRHgV5AnFegvbNSGIlfvbTizxYyHrzzldeW/xZxpLMOfnU8Ymo

# Oe3cpJYN6qX99cL50D2F0QibG6eJ4XpVNKDbt1YbaR+ekLgHoATohGFqAeI0LHO8

# jIQBJaICrYeLNXRcP8kXV0BrLtKXPsUojlvSxHzaECg7F2fhKt7WQkVZexhZB6QO

# VGj/VQY9TjWsHi6D5evjT3o819ZINUG1mCKbBFL1pFHMDjFICKlPDFIt9oL2QbZZ

# 27gH2HHcOqCIWeFlrz3qcH+dwcVGEOHz6j5SDMSIWBpS3pebi5kb0jnOu7m6uAz0

# Q8ksXFl/MIII6DCCBtCgAwIBAgITHwAAAFHqj/accwyoOwAAAAAAUTANBgkqhkiG

# 9w0BAQsFADA8MRMwEQYKCZImiZPyLGQBGRYDR0JMMRMwEQYKCZImiZPyLGQBGRYD

# QU1FMRAwDgYDVQQDEwdhbWVyb290MB4XDTIxMDUyMTE4NDQxNFoXDTI2MDUyMTE4

# NTQxNFowQTETMBEGCgmSJomT8ixkARkWA0dCTDETMBEGCgmSJomT8ixkARkWA0FN

# RTEVMBMGA1UEAxMMQU1FIENTIENBIDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A

# MIIBCgKCAQEAyZpSCX0Bno1W1yqXMhT6BUlJZWpa4p3xFeiTHO4vm2Q6C/azR5xw

# xnyYHrkSGDtS2P9X+KDE64V20mmEQkubxnPNeOVnE2RvdPGxgwlq+BhS3ONdVsQP

# j79q7XgHM9HhzB9+qk0PC9KN1zm9p/seyiRS6JF1dbOqRf1pUl7FAVxmgiCFgV8h

# HIb/rDPXig7FDi3S0yEx2CUDVpIq8jEhG8anUFE1WYxM+ni0S5KHwwKPKV4qyGDo

# DO+9AmDoma3Chyu5WDlW5cdtqXTWsGPE3umtnX6AmlldUFLms4OVR4guKf+n5LIB

# CC6bTiocfXPomqYjYTKx7AGMfaVLaaXmhQIDAQABo4IE3DCCBNgwEgYJKwYBBAGC

# NxUBBAUCAwIAAjAjBgkrBgEEAYI3FQIEFgQUEmgkQiFHy9RrvjHPIKTACyN/P0cw

# HQYDVR0OBBYEFJZRhOBrb3v+2Aarw/KF5imuavnUMIIBBAYDVR0lBIH8MIH5Bgcr

# BgEFAgMFBggrBgEFBQcDAQYIKwYBBQUHAwIGCisGAQQBgjcUAgEGCSsGAQQBgjcV

# BgYKKwYBBAGCNwoDDAYJKwYBBAGCNxUGBggrBgEFBQcDCQYIKwYBBQUIAgIGCisG

# AQQBgjdAAQEGCysGAQQBgjcKAwQBBgorBgEEAYI3CgMEBgkrBgEEAYI3FQUGCisG

# AQQBgjcUAgIGCisGAQQBgjcUAgMGCCsGAQUFBwMDBgorBgEEAYI3WwEBBgorBgEE

# AYI3WwIBBgorBgEEAYI3WwMBBgorBgEEAYI3WwUBBgorBgEEAYI3WwQBBgorBgEE

# AYI3WwQCMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAS

# BgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFCleUV5krjS566ycDaeMdQHR

# CQsoMIIBaAYDVR0fBIIBXzCCAVswggFXoIIBU6CCAU+GMWh0dHA6Ly9jcmwubWlj

# cm9zb2Z0LmNvbS9wa2lpbmZyYS9jcmwvYW1lcm9vdC5jcmyGI2h0dHA6Ly9jcmwy

# LmFtZS5nYmwvY3JsL2FtZXJvb3QuY3JshiNodHRwOi8vY3JsMy5hbWUuZ2JsL2Ny

# bC9hbWVyb290LmNybIYjaHR0cDovL2NybDEuYW1lLmdibC9jcmwvYW1lcm9vdC5j

# cmyGgapsZGFwOi8vL0NOPWFtZXJvb3QsQ049QU1FUm9vdCxDTj1DRFAsQ049UHVi

# bGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlv

# bixEQz1BTUUsREM9R0JMP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9v

# YmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCCAasGCCsGAQUFBwEBBIIB

# nTCCAZkwRwYIKwYBBQUHMAKGO2h0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2lp

# bmZyYS9jZXJ0cy9BTUVSb290X2FtZXJvb3QuY3J0MDcGCCsGAQUFBzAChitodHRw

# Oi8vY3JsMi5hbWUuZ2JsL2FpYS9BTUVSb290X2FtZXJvb3QuY3J0MDcGCCsGAQUF

# BzAChitodHRwOi8vY3JsMy5hbWUuZ2JsL2FpYS9BTUVSb290X2FtZXJvb3QuY3J0

# MDcGCCsGAQUFBzAChitodHRwOi8vY3JsMS5hbWUuZ2JsL2FpYS9BTUVSb290X2Ft

# ZXJvb3QuY3J0MIGiBggrBgEFBQcwAoaBlWxkYXA6Ly8vQ049YW1lcm9vdCxDTj1B

# SUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u

# ZmlndXJhdGlvbixEQz1BTUUsREM9R0JMP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmpl

# Y3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBCwUAA4IC

# AQBQECO3Tw/o317Rrd7yadqcswPx1LvIYymkaTN6KcmuRt6HKa0Xe73Ux2/AQ30T

# fgA9GBJngweRykKBusRzyOU17iIubJvy3gA21dwtqtB0DsoEv1U/ptVu2v++doTC

# J/i+GbssVXkgaX8H+6EOGEmT4evp4GbwR4HwWlc+Dvf8HH8PdUA2Z04CvcwIfckS

# ipbNm84jxJ8XjmTFTWscldL9edj2NsY6iGnyJFIyur2PS7VRYyV3p1VAJp91gj1j

# RQtWEyCB8P5g9nE3z8u0ANaU/hjwEQCrdGyravWgnf2JtG+bT26YAokbc8m+32zU

# tXRO+NK3tAjhOu2FdsG3qNrF4sc7y37R/C+7Pcb/cFfhttqsirepZii4xStcjMOD

# YuXzGm3IJs0b0owHG6oKd7ZOGvHpmmh9K8/DLriD/sq8bURD10qi/wuW8zM7IpLg

# 1vcR9dIK2mc0pj44pc6UX0XbttP/VEJgu3lT2eI9VjWtaKjx38xE9woSMyekPRtz

# TwgfuysF9DkJisr+yA4po/FPxpbBw9c/hBf32DH/GFxteS2pmjgKIbMP8sDukmEq

# 3lVvuWNJsybrZwQvQpvaM49fv+JKpLK5YWYEfwksYRR9wU8Hh/ID9hRCEkbUoQ2W

# 7mMpsp2Nbp/kcn4ivfolUy3Q9Yf0scsQ6WTLYpm+AoCUJTGCGWEwghldAgEBMFgw

# QTETMBEGCgmSJomT8ixkARkWA0dCTDETMBEGCgmSJomT8ixkARkWA0FNRTEVMBMG

# A1UEAxMMQU1FIENTIENBIDAxAhM2AAABzxvVhIv3HFTwAAIAAAHPMA0GCWCGSAFl

# AwQCAQUAoIGuMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcC

# AQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCAdPh6bETjtGXX2W6D/

# P+T9LJCudtgVSHhT2SEapqt3mDBCBgorBgEEAYI3AgEMMTQwMqAUgBIATQBpAGMA

# cgBvAHMAbwBmAHShGoAYaHR0cDovL3d3dy5taWNyb3NvZnQuY29tMA0GCSqGSIb3

# DQEBAQUABIIBAE91ntu211GsFWC+3e8Bz/5LGoz1kQLvvzKQ1dkjRODpcyRpzmVL

# kchKq8kb+HkV4EworQk5Z0FjTAMmA12QExzT5T8W6c/EtkdM0TS8VE9bku6uReej

# HK8Gnzl1yPM7uBbomILlL5YZs+ZeI20MJlwVzNiFd6SXI9Tlgp/cQEl4pVKNkEzG

# aTIeDpIZFcREiurSJ1f+HUwKlWnk5TeaIzVmjq3o8sMiRp3N7pU7KH4hNeBESb6/

# ccoBhduZ+FI6hNoWnfD69P9eeWzOY610KcNEB8/Ypq9txabUHSBu0pBfRb5pAeCZ

# Xr+soqnWs1UV2hRfW9E19Hc4wAYcia0L1rOhghcpMIIXJQYKKwYBBAGCNwMDATGC

# FxUwghcRBgkqhkiG9w0BBwKgghcCMIIW/gIBAzEPMA0GCWCGSAFlAwQCAQUAMIIB

# WQYLKoZIhvcNAQkQAQSgggFIBIIBRDCCAUACAQEGCisGAQQBhFkKAwEwMTANBglg

# hkgBZQMEAgEFAAQg22GSHViBfiCR3I8ePNaVVu5FnOQyAc+IDtvV1HfoNd4CBmWC

# 4TfdgBgTMjAyNDAxMTUwNzIxNTQuOTE2WjAEgAIB9KCB2KSB1TCB0jELMAkGA1UE

# BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc

# BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0

# IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNT

# IEVTTjowODQyLTRCRTYtQzI5QTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3Rh

# bXAgU2VydmljZaCCEXgwggcnMIIFD6ADAgECAhMzAAAB2o7VyVoA0RGxAAEAAAHa

# MA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n

# dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y

# YXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4X

# DTIzMTAxMjE5MDY1OVoXDTI1MDExMDE5MDY1OVowgdIxCzAJBgNVBAYTAlVTMRMw

# EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN

# aWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5k

# IE9wZXJhdGlvbnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046MDg0

# Mi00QkU2LUMyOUExJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZp

# Y2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCTkAYIdrVRUdY/I0AO

# DQ3/G3Fa10jdPNAjSj0kKO0ue7Apz1NBSheO8Ni+qh7cJuBJwpRdnK7lxaf5ez6T

# EINuRO1/MQ5r8a/AQROogEgDwn603m7rwLGVnCWIcu6a4ArgX+zonV6YLFtcvKel

# bO7A9mrqf9Lr3mMXl5SrbD4zAqZR5JNG2vh4C4aNCevCnY4twzNiufcB8vca7bGC

# vl/Xq2wxmdppl9++uWkuUO/7oA8TFYM8o/NMiZ+lC55Jw/YuJFEMVYaldXXPwxel

# AXrs37pJDHne7a81BGTEcpWu6ob8FHkJYMwkIaWY8/s7EIKV5T3M7xndIqq+5QAs

# H1RqIOaZSM3RMb7dUwPCZnn/NfWkysB9SFRCMGCwOrr0vJEXQOkcbzHG//7pTYyL

# hnHsspDAFxMp1ayxvVbyuK36wrBi9499C5onboPqMK3Ao0GoGJqxpNYQcpF4paPW

# AfEMsuUNSoRrh+uVd8xcvGtJMGygUbPFUeB7aD2MPc9Q3XCX2QTtnYc198gDIqQh

# pukpr5r2r0bF4cvNOY4gKQ8jfrNP2+6LNs/IkVhiZOjPbrk9uPd4BVf/SSxoOWCS

# QiVyPssZDvzl52SbLhrdPs1i3R0uFyFwRte6D7uSrBX0Ux0RJaEdnSOhsGmsSMg8

# kh2DrbyMnZWu7uJX53wo2P6ikwIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFKF8jclR

# PWYTlYsxFFcITYC/D19FMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1Gely

# MF8GA1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lv

# cHMvY3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNy

# bDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9z

# b2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBD

# QSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYB

# BQUHAwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQC5g1XU7biN

# IwBLeNTtjjPAlNt+0xjMoaxq+xcyghBWl8baKpPyDm0K4qtXGh1Ydr8rkNuJ8903

# Tgb+63LP6pz4zsZ1xS8mT3mli7DbgEVZlFYslWF412AeQ8M2lmYEnGPBii+8ho8l

# q4e/FiVIIe6xNfuVQ+YdP+q7PXQUagMyPX4Wc+7KbI7fL58edFhMWwUkh+632mx3

# p3aXqm05lv0X3Gk/hhSLE/oNno+8ESiKv0IZ7KBfJqRTTx1dav1iv6xfwoaL5IST

# A75arRE1ovexqJTkimpmQvW2IHDyn89vHnduVictdFbUPT+fgv9nTnw2s9UZnjm9

# uym3oIWtEnz3K4k3zkVb6jw0mt5/Te3YU2O/uPSPHr6GnfYXWfAnyDj37cLd8U19

# kYTGSQlaBZWmx3L32/OK2hTOnM+RGJPsdWlRIl7YCukdMZ9cIzFx39AFpUo6kZM7

# 0p0SsxbGcBJe+FWoZSlYSPgovUU/fuhnNMVsye80CFBRNyYosefuyi/AKx3wWPVB

# S8+LJ26Ce0IqdyAA25FOGS9IkPI/CMa2u2kmH06FHn5nLd3TOvX3+BHodiofTbCo

# oqYefPQKf8UtYxEpa34y/4P2W6GkuXfWtnwOffJrmw7yw+ceTz9++9NL5v2PjyIZ

# qdn077ktrJ3XmQZsk6nFDR0TZgpPp41d5zCCB3EwggVZoAMCAQICEzMAAAAVxedr

# ngKbSZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYD

# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy

# b3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRp

# ZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4

# MzIyNVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV

# BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG

# A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3

# DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qls

# TnXIyjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLA

# EBjoYH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrE

# qv1yaa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyF

# Vk3v3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1o

# O5pGve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg

# 3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2

# TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07B

# MzlMjgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJ

# NmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6

# r1AFemzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+

# auIurQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3

# FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl

# 0mWnG1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUH

# AgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0

# b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMA

# dQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAW

# gBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8v

# Y3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRf

# MjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRw

# Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEw

# LTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL

# /Klv6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu

# 6WZnOlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5t

# ggz1bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfg

# QJY4rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8s

# CXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCr

# dTDFNLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZ

# c9d/HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2

# tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8C

# wYKiexcdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9

# JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDB

# cQZqELQdVTNYs6FwZvKhggLUMIICPQIBATCCAQChgdikgdUwgdIxCzAJBgNVBAYT

# AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD

# VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJ

# cmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVzIFRTUyBF

# U046MDg0Mi00QkU2LUMyOUExJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1w

# IFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAEKiHyGJYx1GzaGNP8I4V0Z/7EgNoIGD

# MIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV

# BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG

# A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEF

# BQACBQDpTvvdMCIYDzIwMjQwMTE1MDgzMzMzWhgPMjAyNDAxMTYwODMzMzNaMHQw

# OgYKKwYBBAGEWQoEATEsMCowCgIFAOlO+90CAQAwBwIBAAICEHQwBwIBAAICEQww

# CgIFAOlQTV0CAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgC

# AQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUFAAOBgQCu+I5sWWSI8ZYY

# 1RkMYNzDsPGk4QZcOWir8W8sa+zi7xMsPqlkZLpHhQTZKvhhFVMJaZOjrK2mvsDP

# G0RC7vBLwMR6A1fy1r3ggU7ZmvuXb7L9vUeXGk4PeFXD2lwVt6WQxJPnTdIwS7LY

# UO0rSXIxHgUmLyqWPZOHc1J3pGHQFzGCBA0wggQJAgEBMIGTMHwxCzAJBgNVBAYT

# AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD

# VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBU

# aW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB2o7VyVoA0RGxAAEAAAHaMA0GCWCGSAFl

# AwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcN

# AQkEMSIEIPYmedquljrDHQ5tG4+pt/YDQHRFozYf9Dw5TgGD8qb7MIH6BgsqhkiG

# 9w0BCRACLzGB6jCB5zCB5DCBvQQgIqWjaWLA756k3veQ49QtPdNtCOZY4m61v53S

# AjsYPcYwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv

# bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0

# aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAA

# AdqO1claANERsQABAAAB2jAiBCAXXj/R02IVPsMOOC7pzt93yBuu6P2/cs7SJkWd

# dXhudzANBgkqhkiG9w0BAQsFAASCAgAPzhgPkDK1ERg60EN0qgwNiY2o4ZUiaKmP

# N64q8eLE6mp+H8U7VV/327tBcDJUJs33TFItFMuPmH4l8J1RCSaDYs6kJp3xc7rb

# BPkK+tavMTZF3VbShLFFkY9HfSPzTllOQWJBYfTxuJRwvw1ZtMDvmBeZhq4f6Wq0

# ZEW1WAPBpjqgncintldhVNG8/grO+NUeNPYZDGk6TwPbMQuweWCldMz3Cl3UP6Fi

# DwAyVREz4IHpf7iFnwLIvD+hTDkEICyG36mrZqUwE/47lFZMJqS8xLDf19iHY+f/

# Ykh7UvA6vHwE9gbNt5mUPj9I1pntB8mDqNoOgOYKcmnhBNUL1Y8Ngpeq2Om8KZOZ

# JVwA9UntSgy6C9g2KwIixW8w8GR4s+7jUUqy33N047pCtMPMYRQ4/oekqV2GeGny

# 86jLgMC/COadBIrOtNz0KNOX2s5jKQKBrNWGSIpTLkOu+VmZbgBR1kXXwxyZUFFA

# 2MG7PSoaE+QnMb4YVSU4lC2ycyZ4Jk9QCNaxbr5redTydTzqA1w5uNFwYUAzwX4L

# FoTy3kHefzpVI5jgIAN+8w35xME7DnGLb4VsntBlF0gT+HG9Rqvx39nUWyBu8W5w

# NoXiK6xJqqSP6IsHkAnNThW8XtB7ScTS230svTzAw5MgSdcbADqxDVGA4LMQ+R+K

# F8XaCzNYQQ==

# SIG # End signature block