Bin/ADSyncDiagnostics/ADSyncDiagnostics.psm1
|
Import-Module ADSync Get-ChildItem -Path "$PSScriptRoot\PSScripts\*.ps1" | % { . $_.FullName } Set-Variable ADSyncDiagnosticsOutputPath "$env:ALLUSERSPROFILE\AADConnect" -option Constant $global:AADTenantCredential = $null $global:AscCustomScriptObjectProperty = 'IsAscCustomScriptObject' # # AADConnect General Diagnostics # # Invoke-ADSyncDiagnostics # # # Complete Password Hash Sync Diagnostics # # Invoke-ADSyncDiagnostics -PasswordSync # # # Password Hash Sync Single Object Diagnostics # # Invoke-ADSyncDiagnostics -PasswordSync -ADConnectorName <AD Connector Name> -DistinguishedName <Distinguished Name> # function Invoke-ADSyncDiagnostics { param ( [switch] [parameter(parametersetname="passwordsync", mandatory=$false)] $PasswordSync, [string] [parameter(parametersetname="passwordsync", mandatory=$false)] $ADConnectorName, [string] [parameter(parametersetname="passwordsync", mandatory=$false)] $DistinguishedName, [string] [parameter(parametersetname="passwordsync", mandatory=$false)] $MemberADConnectorName, [string] [parameter(parametersetname="passwordsync", mandatory=$false)] $MemberDistinguishedName, [switch] [parameter(parametersetname="passwordsync", mandatory=$false)] $NonInteractiveMode ) # Currently Non-interactive mode is used to run script from ASC. $isNonInteractiveMode = $NonInteractiveMode.IsPresent if ($PasswordSync -and ([string]::IsNullOrEmpty($ADConnectorName) -or [string]::IsNullOrEmpty($DistinguishedName))) { if ($isNonInteractiveMode) { if ([string]::IsNullOrEmpty($ADConnectorName)) { "ADConnectorName is a mandatory parameter in Non-Interactive Mode. Either provide AdConnectorName or rerun the script without Non-Interactive mode." | Write-Host -fore Red return } $result = DiagnosePasswordHashSyncNonInteractiveMode -ADConnectorName $ADConnectorName if ($result) { # In Non-Interactive mode just output the objects which are logged for ASC purpose. $result | Where-Object {(Get-Member -InputObject $_ -Name $AscCustomScriptObjectProperty) -ne $null} } } else { # Complete Password Hash Sync Diagnostics DiagnosePasswordHashSync PromptPasswordSyncSingleObjectDiagnostics } } elseif ($PasswordSync) { if ($isNonInteractiveMode) { $result = DiagnosePasswordHashSyncNonInteractiveMode -ADConnectorName $ADConnectorName $result += DiagnosePasswordSyncSingleObject -ADConnectorName $ADConnectorName -DistinguishedName $DistinguishedName if ($result) { # In Non-Interactive mode just output the objects which are logged for ASC purpose. $result | Where-Object {(Get-Member -InputObject $_ -Name $AscCustomScriptObjectProperty) -ne $null} } } else { # Password Hash Sync Single Object Diagnostics DiagnosePasswordSyncSingleObject -ADConnectorName $ADConnectorName -DistinguishedName $DistinguishedName } } else { if ($isNonInteractiveMode) { if ([string]::IsNullOrEmpty($ADConnectorName) -or [string]::IsNullOrEmpty($DistinguishedName)) { "ADConnectorName and DistinguishedName are mandatory parameters in Non-Interactive Mode. Either provide all the mandatory parameters or rerun the script without Non-Interactive mode." | Write-Host -fore Red return } elseif ([string]::IsNullOrEmpty($MemberADConnectorName) -or [string]::IsNullOrEmpty($MemberDistinguishedName)) { $result = Debug-ADSyncObjectSynchronizationIssuesNonInteractiveMode -ADConnectorName $ADConnectorName -ObjectDN $DistinguishedName -DiagnosticOption $global:DiagnoseObjectSyncIssues if ($result) { # In Non-Interactive mode just output the objects which are logged for ASC purpose. $result | Where-Object {(Get-Member -InputObject $_ -Name $AscCustomScriptObjectProperty) -ne $null} } } else { $result = Debug-ADSyncGroupMembershipSynchronizationIssuesNonInteractiveMode -GroupADConnectorName $ADConnectorName -GroupDN $DistinguishedName -MemberADConnectorName $MemberADConnectorName -MemberDN $MemberDistinguishedName if ($result) { # In Non-Interactive mode just output the objects which are logged for ASC purpose. $result | Where-Object {(Get-Member -InputObject $_ -Name $AscCustomScriptObjectProperty) -ne $null} } } } else { MainMenu } return } Write-Host "`r`n" "For more help:" | Write-Host -fore Yellow "+ Please see - https://go.microsoft.com/fwlink/?linkid=847231 or" | Write-Host -fore Yellow "+ Open a service request through Azure Portal or Office 365 Admin Portal." | Write-Host -fore Yellow Write-Host "`r`n" } # # Main Troubleshooting Menu # function MainMenu { cls $isQuit = $false while ($true) { Show-MainMenu $selection = Read-Host "`tPlease make a selection" Write-Host "`r`n" if ($selection -eq '1') { $isQuit = ObjectSyncMenu if ($isQuit -eq $true) { break } else { continue } } elseif ($selection -eq '2') { $isQuit = PasswordSyncMenu if ($isQuit -eq $true) { break } else { continue } } elseif ($selection -eq '3') { Export-ADSyncDiagnosticsReport -OutputPath $ADSyncDiagnosticsOutputPath } elseif ($selection -eq '4') { if ($isNonInteractiveMode) { continue } if (-not (CheckConfigureAccountPermissionsPrerequisites)) { continue } $isQuit = ConfigurePermissionsMenu if ($isQuit -eq $true) { break } else { continue } } elseif ($selection -eq '5') { if ($isNonInteractiveMode) { continue } Test-ADSyncAzureActiveDirectoryConnectivity } elseif ($selection -eq '6') { if ($isNonInteractiveMode) { continue } Test-ADSyncActiveDirectoryConnectivity } elseif ($selection -eq 'Q' -or $selection -eq 'q') { break } Write-Host "`r`n" Write-Host "`r`n" } } function Show-MainMenu { Write-Host "`r`n" Write-Host "----------------------------------------AADConnect Troubleshooting------------------------------------------" Write-Host "`r`n" Write-Host "`tEnter '1' - Troubleshoot Object Synchronization" Write-Host "`tEnter '2' - Troubleshoot Password Hash Synchronization" Write-Host "`tEnter '3' - Collect General Diagnostics" Write-Host "`tEnter '4' - Configure AD DS Connector Account Permissions" Write-Host "`tEnter '5' - Test Azure Active Directory Connectivity" Write-Host "`tEnter '6' - Test Active Directory Connectivity" Write-Host "`tEnter 'Q' - Quit" Write-Host "`r`n" } # # Options for Object Synchronization Troubleshooting # function ObjectSyncMenu { $isQuit = $false while ($true) { Show-ObjectSyncMenu $selection = Read-Host "`tPlease make a selection" Write-Host "`r`n" if ($selection -eq '1') { Debug-ADSyncObjectSynchronizationIssues -DiagnosticOption $global:DiagnoseObjectSyncIssues } elseif ($selection -eq '2') { Debug-ADSyncAttributeSynchronizationIssues -DiagnosticOption $global:DiagnoseAttributeSyncIssues } elseif ($selection -eq '3') { Debug-ADSyncGroupMembershipSynchronizationIssues } elseif ($selection -eq '4') { Debug-ADSyncObjectSynchronizationIssues -DiagnosticOption $global:ChangePrimaryEmailAddress } elseif ($selection -eq '5') { Debug-ADSyncObjectSynchronizationIssues -DiagnosticOption $global:HideFromGlobalAddressList } elseif ($selection -eq '6') { Debug-ADSyncObjectAttributeRetrievalIssues } elseif ($selection -eq 'B' -or $selection -eq 'b') { Write-Output $isQuit break } elseif ($selection -eq 'Q' -or $selection -eq 'q') { $isQuit = $true Write-Output $isQuit break } Write-Host "`r`n" Write-Host "`r`n" } } # # Options for Password Hash Synchronization Troubleshooting # function PasswordSyncMenu { $isQuit = $false while ($true) { Show-PasswordSyncMenu $selection = Read-Host "`tPlease make a selection" Write-Host "`r`n" if ($selection -eq '1') { DiagnosePasswordHashSync } elseif ($selection -eq 2) { DiagnosePasswordSyncSingleObject } elseif ($selection -eq 3) { SynchronizeSingleObjectPassword } elseif ($selection -eq 'B' -or $selection -eq 'b') { Write-Output $isQuit break } elseif ($selection -eq 'Q' -or $selection -eq 'q') { $isQuit = $true Write-Output $isQuit break } Write-Host "`r`n" Write-Host "`r`n" } } # # Options for Configuring Permissions # function ConfigurePermissionsMenu { $isQuit = $false while ($true) { Show-ConfigurePermissionsMenu $selection = Read-Host "`tPlease make a selection" Write-Host "`r`n" if ($selection -eq '1') { ConfigureAccountPermissions -ConfigurationOption "GetADSyncADConnectorAccount" } elseif ($selection -eq '2') { ConfigureAccountPermissions -ConfigurationOption "GetADSyncObjectsWithInheritanceDisabled" } elseif ($selection -eq '3') { ConfigureAccountPermissions -ConfigurationOption "SetADSyncBasicReadPermissions" } elseif ($selection -eq '4') { ConfigureAccountPermissions -ConfigurationOption "SetADSyncExchangeHybridPermissions" } elseif ($selection -eq '5') { ConfigureAccountPermissions -ConfigurationOption "SetADSyncExchangeMailPublicFolderPermissions" } elseif ($selection -eq '6') { ConfigureAccountPermissions -ConfigurationOption "SetADSyncMsDsConsistencyGuidPermissions" } elseif ($selection -eq '7') { ConfigureAccountPermissions -ConfigurationOption "SetADSyncPasswordHashSyncPermissions" } elseif ($selection -eq '8') { ConfigureAccountPermissions -ConfigurationOption "SetADSyncPasswordWritebackPermissions" } elseif ($selection -eq '9') { ConfigureAccountPermissions -ConfigurationOption "SetADSyncRestrictedPermissions" } elseif ($selection -eq '10') { ConfigureAccountPermissions -ConfigurationOption "SetADSyncUnifiedGroupWritebackPermissions" } elseif ($selection -eq '11') { ConfigureAccountPermissions -ConfigurationOption "ShowADSyncADObjectPermissions" } elseif ($selection -eq '12') { ConfigureAccountPermissions -ConfigurationOption "SetADSyncDefaultPermssions" } elseif ($selection -eq '13') { Debug-ADSyncObjectAttributeRetrievalIssues } elseif ($selection -eq 'B' -or $selection -eq 'b') { Write-Output $isQuit break } elseif ($selection -eq 'Q' -or $selection -eq 'q') { $isQuit = $true Write-Output $isQuit break } Write-Host "`r`n" Write-Host "`r`n" } } function Show-ObjectSyncMenu { Write-Host "`r`n" Write-Host "------------------------------------Troubleshoot Object Synchronization------------------------------------" Write-Host "`r`n" Write-Host "`tEnter '1' - Diagnose Object Synchronization Issues" Write-Host "`tEnter '2' - Diagnose Attribute Synchronization Issues" Write-Host "`tEnter '3' - Diagnose Group Membership Synchronization Issues" Write-Host "`tEnter '4' - How to change Exchange Online primary email address" Write-Host "`tEnter '5' - How to hide mailbox from Exchange Online global address list" Write-Host "`tEnter '6' - Compare object read permissions when running in context of AD Connector account vs Admin account" Write-Host "`tEnter 'B' - Go back to main troubleshooting menu" Write-Host "`tEnter 'Q' - Quit" Write-Host "`r`n" } function Show-PasswordSyncMenu { Write-Host "`r`n" Write-Host "--------------------------------Troubleshoot Password Hash Synchronization---------------------------------" Write-Host "`r`n" Write-Host "`tEnter '1' - Password Hash Synchronization does NOT work at all" Write-Host "`tEnter '2' - Password Hash Synchronization does NOT work for a specific user account" Write-Host "`tEnter '3' - Synchronize password hash for a specific user account" Write-Host "`tEnter 'B' - Go back to main troubleshooting menu" Write-Host "`tEnter 'Q' - Quit" Write-Host "`r`n" } function Show-ConfigurePermissionsMenu { Write-Host "`r`n" Write-Host "--------------------------------------------Configure Permissions------------------------------------------" Write-Host "`r`n" Write-Host "`tEnter '1' - Get AD Connector account" Write-Host "`tEnter '2' - Get objects with inheritance disabled" Write-Host "`tEnter '3' - Set basic read permissions" Write-Host "`tEnter '4' - Set Exchange Hybrid permissions" Write-Host "`tEnter '5' - Set Exchange mail public folder permissions" Write-Host "`tEnter '6' - Set MS-DS-Consistency-Guid permissions" Write-Host "`tEnter '7' - Set password hash sync permissions" Write-Host "`tEnter '8' - Set password writeback permissions" Write-Host "`tEnter '9' - Set restricted permissions" Write-Host "`tEnter '10' - Set unified group writeback permissions" Write-Host "`tEnter '11' - Show AD object permissions" Write-Host "`tEnter '12' - Set default AD Connector account permissions" Write-Host "`tEnter '13' - Compare object read permissions when running in context of AD Connector account vs Admin account" Write-Host "`tEnter 'B' - Go back to main troubleshooting menu" Write-Host "`tEnter 'Q' - Quit" Write-Host "`r`n" } Export-ModuleMember -Function Invoke-ADSyncDiagnostics Export-ModuleMember -Function Invoke-ADSyncSingleObjectSync # SIG # Begin signature block # MIInogYJKoZIhvcNAQcCoIInkzCCJ48CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAkSvwNRNjHZAVe # vfdvZvyYHFdwNQdJidaVsVX8NWbbBaCCDYIwggYAMIID6KADAgECAhMzAAADXJXz # SFtKBGrPAAAAAANcMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMwNDA2MTgyOTIyWhcNMjQwNDAyMTgyOTIyWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDijA1UCC84R0x+9Vr/vQhPNbfvIOBFfymE+kuP+nho3ixnjyv6vdnUpgmm6RT/ # pL9cXL27zmgVMw7ivmLjR5dIm6qlovdrc5QRrkewnuQHnvhVnLm+pLyIiWp6Tow3 # ZrkoiVdip47m+pOBYlw/vrkb8Pju4XdA48U8okWmqTId2CbZTd8yZbwdHb8lPviE # NMKzQ2bAjytWVEp3y74xc8E4P6hdBRynKGF6vvS6sGB9tBrvu4n9mn7M99rp//7k # ku5t/q3bbMjg/6L6mDePok6Ipb22+9Fzpq5sy+CkJmvCNGPo9U8fA152JPrt14uJ # ffVvbY5i9jrGQTfV+UAQ8ncPAgMBAAGjggF/MIIBezArBgNVHSUEJDAiBgorBgEE # AYI3TBMBBgorBgEEAYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUXgIsrR+tkOQ8 # 10ekOnvvfQDgTHAwRQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBD # b3Jwb3JhdGlvbjEWMBQGA1UEBRMNMjMzMTEwKzUwMDg2ODAfBgNVHSMEGDAWgBRI # bmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEt # MDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBABIm # T2UTYlls5t6i5kWaqI7sEfIKgNquF8Ex9yMEz+QMmc2FjaIF/HQQdpJZaEtDM1Xm # 07VD4JvNJEplZ91A4SIxjHzqgLegfkyc384P7Nn+SJL3XK2FK+VAFxdvZNXcrkt2 # WoAtKo0PclJOmHheHImWSqfCxRispYkKT9w7J/84fidQxSj83NPqoCfUmcy3bWKY # jRZ6PPDXlXERRvl825dXOfmCKGYJXHKyOEcU8/6djs7TDyK0eH9ss4G9mjPnVZzq # Gi/qxxtbddZtkREDd0Acdj947/BTwsYLuQPz7SNNUAmlZOvWALPU7OOVQlEZzO8u # Ec+QH24nep/yhKvFYp4sHtxUKm1ZPV4xdArhzxJGo48Be74kxL7q2AlTyValLV98 # u3FY07rNo4Xg9PMHC6sEAb0tSplojOHFtGtNb0r+sioSttvd8IyaMSfCPwhUxp+B # Td0exzQ1KnRSBOZpxZ8h0HmOlMJOInwFqrCvn5IjrSdjxKa/PzOTFPIYAfMZ4hJn # uKu15EUuv/f0Tmgrlfw+cC0HCz/5WnpWiFso2IPHZyfdbbOXO2EZ9gzB1wmNkbBz # hj8hFyImnycY+94Eo2GLavVTtgBiCcG1ILyQabKDbL7Vh/OearAxcRAmcuVAha07 # WiQx2aLghOSaZzKFOx44LmwUxRuaJ4vO/PRZ7EzAMIIHejCCBWKgAwIBAgIKYQ6Q # 0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNh # dGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5 # WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQD # Ex9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0B # AQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4 # BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe # 0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato # 88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v # ++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDst # rjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN # 91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4ji # JV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmh # D+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbi # wZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8Hh # hUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaI # jAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTl # UAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNV # HQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQF # TuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29m # dC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNf # MjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5t # aWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNf # MjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcC # ARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnlj # cHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5 # AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oal # mOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0ep # o/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1 # HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtY # SWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInW # H8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZ # iWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMd # YzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7f # QccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKf # enoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOpp # O6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZO # SEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGXYwghlyAgEBMIGVMH4xCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jv # c29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAANclfNIW0oEas8AAAAAA1ww # DQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYK # KwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIDEOS4K0 # VMhlx8aakP3dho4dsFSYq9+14/nxDeO8EsMoMEIGCisGAQQBgjcCAQwxNDAyoBSA # EgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20w # DQYJKoZIhvcNAQEBBQAEggEA1v0m4/R6uRpR9TagGdq+WiiyAtBG1sKMlcN3jNvg # 3aolXwlZzil5IB0+yKNZYCFcrSPW3ary0iDkxMGduXfT4EXik5nd6Wl+r9BuYnsi # PBA6KhMopsKYg5ZcWUY21z/P2dk7F9jiAZCbo2moL/rxflWelujAhhRSOhicJ6Ow # Y0O9NzxiJNhEA9DCUU44OW9xIAfnvBPEUA3Jx88o9DtSMgWrcabxan5DuKf5xv00 # /VVYkWTs5dW7tJxfiSItL42c3DJa6KJuK2YN8er36OKPSMKmMploLww9KGilRblm # RHpB6Gp5ZZQC5FjGId4ITzRt1iqLo85Id12wsuXo72kqY6GCFwAwghb8BgorBgEE # AYI3AwMBMYIW7DCCFugGCSqGSIb3DQEHAqCCFtkwghbVAgEDMQ8wDQYJYIZIAWUD # BAIBBQAwggFRBgsqhkiG9w0BCRABBKCCAUAEggE8MIIBOAIBAQYKKwYBBAGEWQoD # ATAxMA0GCWCGSAFlAwQCAQUABCBaPIVcVhsO4SxFB7IXbV086B3vaUjxPn5BkD5Z # LDvO9AIGZF1yfxX7GBMyMDIzMDUxNzIyNTUyNi4yMTlaMASAAgH0oIHQpIHNMIHK # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxN # aWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMSYwJAYDVQQLEx1UaGFsZXMgVFNT # IEVTTjpFQUNFLUUzMTYtQzkxRDElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3Rh # bXAgU2VydmljZaCCEVcwggcMMIIE9KADAgECAhMzAAABw4tv00i/DpFdAAEAAAHD # MA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n # dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y # YXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4X # DTIyMTEwNDE5MDEyOVoXDTI0MDIwMjE5MDEyOVowgcoxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVyaWNh # IE9wZXJhdGlvbnMxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOkVBQ0UtRTMxNi1D # OTFEMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIICIjAN # BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu+u86s3R/q+ikos80aD42Ym21NDO # ZtldNRxMFUxm4o9kVWkSh2c8jOCxJXwV2KFodCTxpGQs9jy5nUI+Lq/bt0HWtSYP # MPPtet420gzwM1EsR26kbpwlBHxFY4hk3y3AH+1YKf9bhvPs7kPbXbH7gdaciteB # +F7FoORt9e0D/dsBeG80GZAF2y6LWAj6C2mMqlafXkwbfTyQanuX65Yu+xMpyJ1f # AREpuR766rePrqlE0KaaeD0nqOgGrTkSZeCMDPH6OtJ00jXMwbIDyH7l4fYReIsT # fzN5Gf3Uairsjea+KFy22lU8elnIXjoeyx3pcesH+q5arY1c6HPfeSnkeMok/gxn # B7P1Mjt7I9EI9thQtMvy/1SUmLG12rBR/DfheE/VJpcm/TYeoV11NfQQnl/jBbPb # SRBp0HGqTIcWDpY6MgSdBoQET1DvpE4PX4sndNGc1wGyg45pH62ZMfUF/CzGZ7iV # 637RtnQFXDzTxoSEEkdXMdWDJG+jjxoC16lRk1xFnfkA4uoma4mKso7qvE6d27+K # 6yzISWQ7TjutYLKJnSzNvfiNiuyv/0xxCASSARvOQ3v9cegvM/pnuU9c6s+4gmK3 # +5jhcvnWGQqJE0tpYHmk3bmmBL1gHm9TjBJz5m/8rvHM3Rw3OUhV4/wmAL32KmPR # 5Ubb4ww5HNGiuY0CAwEAAaOCATYwggEyMB0GA1UdDgQWBBQcGL7N2NdvAaK8TcLr # xMTsa8aB1jAfBgNVHSMEGDAWgBSfpxVdAF5iXYP05dJlpxtTNRnpcjBfBgNVHR8E # WDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9N # aWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcmwwbAYIKwYB # BQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20v # cGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEw # KDEpLmNydDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqG # SIb3DQEBCwUAA4ICAQDd8qZbHBqdBFRDxGGwDollnRyd0WmUnjqoP+5QCH4vMPBt # 4umHVhJuyeRkDELkTWZuWqK3U1z2HnGatbnETcHUlywlH+3I7R7fU0zKYw2PLA+V # awCcrnsICgE3242EsEC/Z0YU740NJ/xbuzrGtTEtUIiQvr2ACPJyhsPote8ItTf4 # uNW4Mbo1QP0tjcBKCgEezIC4DYUM0BYCWCmeZmNwAlxfpTliOFEKB9UaSqHSs51c # H8JY0gqL3LwI9LYfjEO77++HY/nMqXCMi9ihUKoIp2Tfjfzdm5Ng5V+yw8+wXl29 # RcW4Q4CvHntNfKxT9oQ3J7YBQQEHWJPg8TNR9w4B82FzmrDd8sL6ETvGux5hFcwm # F+Q2rT5Ma8dYUSdCSg/ihoEYUGJZnZL9nyDp1snflSVX7FpLyALzDDlHBW1CJhYV # ffJRoqz1D4kRooqRBNRaMFMPingywwbEghMheJKNoda7AGgq+1HH1afRlE+9qYW9 # FKMezxeQmf8gcuAuhr9IAXyaF9DF0PJ5f4uhzOSvIC1BkJtzF6op45UYaI7V+9X8 # dcwXbZJnIIAH1cjVO8KEChxKIkpk4Qgy0PocgUwaGWqmLWRu1hQ1WJWnQXvvBYeY # DGWbj/PtSlywv6m8mujLepfMvJcU25KWklSP2FuNx6aOVfeje+pgbwIQIVQ1nTCC # B3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZIhvcNAQELBQAw # gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMT # KU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIx # MDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg # UENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM57Ry # IQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25PhdgM/9cT8dm95VT # cVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPFdvWGUNzBRMhx # XFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6GnszrYBbfowQ # HJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBpDco2LXCOMcg1 # KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50ZuyjLVwIYwXE8s # 4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW/aUg # fX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3 # Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je # 1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUY # hEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PAPBXbGjfHCBUY # P3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkwEgYJKwYBBAGC # NxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4w # HQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARVMFMwUQYMKwYB # BAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcD # CDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0T # AQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNV # HR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9w # cm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEE # TjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2Nl # cnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOC # AgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0xM7U518JxNj/a # ZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmCVgADsAW+iehp # 4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449xvNo32X2pFaq # 95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wMnosZiefwC2qB # woEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG # +jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2dY3RILLFORy3B # FARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77 # IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJ # fn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokLjzbaukz5m/8K # 6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDx # yKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggLOMIICNwIBATCB # +KGB0KSBzTCByjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO # BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEl # MCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEmMCQGA1UECxMd # VGhhbGVzIFRTUyBFU046RUFDRS1FMzE2LUM5MUQxJTAjBgNVBAMTHE1pY3Jvc29m # dCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAPEdL+Ps+h03e+SL # XdGzuY7tLu7OoIGDMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw # DQYJKoZIhvcNAQEFBQACBQDoDzEhMCIYDzIwMjMwNTE3MTg1NTI5WhgPMjAyMzA1 # MTgxODU1MjlaMHcwPQYKKwYBBAGEWQoEATEvMC0wCgIFAOgPMSECAQAwCgIBAAIC # EiICAf8wBwIBAAICEsIwCgIFAOgQgqECAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYK # KwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUF # AAOBgQAIHDRTj5arPjQ87GnXFYRQWZnMMw8syOrNt7YOAxTP0Mq7XWwAGakgKlcG # U4J2BurB7ZS7Eh9q4uLhdqP7w4TEDH6ksL+XDH9IoTitWrMuuDE8ayTFVPq4/1NS # 0sUdYBTlT5I3gizKmz6isbcnkEsk/fvBe2qYkMp9OTghGrylXjGCBA0wggQJAgEB # MIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABw4tv00i/DpFd # AAEAAAHDMA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcN # AQkQAQQwLwYJKoZIhvcNAQkEMSIEIBgUMp/dL8TXV+ha+OFiFBsrqWNoLcc2g17p # 2QacA8a4MIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQg0vtTm2+SSerh1KiA # kwrJTALxTfJotlPcDZ2ZSn78KkkwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEG # A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFt # cCBQQ0EgMjAxMAITMwAAAcOLb9NIvw6RXQABAAABwzAiBCD6inBeZtk5GBaO3pNG # DWqya/Q21OWtc5ne+tZHwSxfHTANBgkqhkiG9w0BAQsFAASCAgBSzwEUk41tW0+5 # lqjYrVAIXxakQTzV5epOSzJDrhBeRq636AL5vRMSh1TRoHGAv8U4BT4cuIqrzOWg # GlSOIUxsQawe2MXHh4X9iWgPkqxZxheZynl69BqHEnfHz/2vdfuphYMC13YHcyJP # wEwgYuGZjki4NEIYuHQW0wDVQ2jge6d9neXrT5499Tv+jRq5cyG5YiWJigmLD1zg # UelbxE70J6VTL6kQwG1tfzL+L+PX0GA4mxfv/hlbCwNEq66BTyFtjjMmhsFr4f6L # nDTkTz72PNI4mfG7AanukhzBBPabnNqC7VWZD5bftXn7cdiTOCTtN9zzoMY0yjZ/ # rl3kCEqrKImyxEVU3msYaHvXCx5fDoHp5kAp9puw5Oa25aLxzF6jZoQS3uhGy1Xv # Jd9n8nathokr6+BAhzgls5G/BwN8e3L+ztrd7/kmI81F6rz2FlmJG1XlYS7H7P93 # TRn+Aa8DHgXvoEkHvkIH+dG4JU8kFlBFA/PZ7x69v6ecFE7yZjgxZ8Lu8pq0TlmR # pPF2FuRLx30fDaJtCMdNCz9JpomdqLQ1oV4LcjA8LHgupCySEcu7aaspSBJtX3q/ # fXrMBArNKd0G69NXDFC1Pgv5znlbig4u+/NJiVQI8jY4BI9jyhD0vqKAd93z7p1e # 0NaCoWvH5OzvBy8X5cOzeySgH9XbtQ== # SIG # End signature block |