Functions/Create-TieredAccount.ps1
|
function Create-TieredAccount(){ [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$SourceAcct, [Parameter(Mandatory = $true)] [ValidateSet(0, 1, 2)] [int]$tier, [Parameter()] [string]$Domain = "university", [Parameter()] [string]$Ticket, [Parameter()] [string[]]$Roles, [Parameter()] [string[]]$Groups ) Write-Verbose -Message "Using variable $SourceAcct" $ADUserCheck = $null try{ Write-Verbose -Message "Checking for SAMACCOUNTNAME" $ADUserCheck = Get-ADUser $SourceAcct -Properties * } Catch{ Write-Verbose -Message "Checking for HUID" Try{ $ADUserCheck = Get-ADUser -f{harvardEduADHUID -eq $SourceAcct} -Properties * } Catch{} if (!$ADUserCheck){ Write-Warning "$SourceAcct not found in domain. Exiting script" } } if ($ADUserCheck){ #BEGIN PARAMS #==================== $d = (Get-ADDomain) $dn = $d.distinguishedname $pdc = $d.PDCEmulator #=================== $tierOU = 'OU=T'+$tier +'-Accounts,OU=Tier '+$tier +',OU=Admin,'+ $dn #Begin Functions Used ############################################## $pwd = (New-SWRandomPassword -MinPasswordLength 18 -MaxPasswordLength 20) $harvardEduADAffiliateCode = ($ADUserCheck.harvardEduADRoleAffiliateCode0) if($harvardEduADAffiliateCode.length -ne 3){$harvardEduADAffiliateCode = $ADUserCheck.harvardEduADRoleAffiliateCode1} if($harvardEduADAffiliateCode.length -ne 3){$harvardEduADAffiliateCode = $ADUserCheck.harvardEduADRoleAffiliateCode2} $AdminGivenName = $ADUserCheck.givenname $AdminSurname = $ADUserCheck.surname $AdminSAM = $ADUserCheck.SamAccountName #Permission set to OU names #The function names in the formulas that grant acl permissions do not match our OU naming structure #[ValidateSet('Admin','Computer','Group','User','Printer','OU','GPO')] $RoleToGroupMapping = @{} $RoleToGroupMapping.Add('Admin','Administrators') $RoleToGroupMapping.Add('Computer','Computer_Administrators') $RoleToGroupMapping.Add('Group','Group_Administrators') $RoleToGroupMapping.Add('User','User_Administrators') $RoleToGroupMapping.Add('Printer', 'Printer_Administrators') $RoleToGroupMapping.Add('OU','OU_Administrators') $RoleToGroupMapping.Add('GPO', 'GPO_Administrators') $RoleToGroupMapping.Add('HelpDesk', 'HelpDesk') # Search for the SubOU above the Affiliate Code OU, if it exists $OUTier = "Tier " + $tier $harvardEduADAffiliateCodeOUPart = "OU=" + $harvardEduADAffiliateCode + "," If ($Roles) { $CheckRoleGrp = $Roles | Select-Object -first 1 $GroupOU = (Get-ADOrganizationalUnit -SearchScope Subtree -Filter {Name -eq $harvardEduADAffiliateCode} | ` Where-Object {$_.DistinguishedName -like "*$OUTier*" ` -and $_.DistinguishedName -Notlike "*Devices*" ` -and $_.DistinguishedName -Notlike "*Groups*" ` -and $_.DistinguishedName -Notlike "*ServiceAccounts*" ` -and $_.DistinguishedName -Notlike "*Test*"} ).DistinguishedName $TopLevelOU = $GroupOU.Replace($harvardEduADAffiliateCodeOUPart,"").split(",")[0].split("=")[1] $checkgrp = $TopLevelOU + "_" + $harvardEduADAffiliateCode+"_t"+ $tier +"_"+ $RoleToGroupMapping[$CheckRoleGrp] Try { Get-ADGroup -Identity $checkgrp -ErrorAction Stop | Out-Null $GroupExists = $true $SubOU = $TopLevelOU } catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException] { # Group SubOU does not exist Write-Host "User account is not in group SUB OU" -ForegroundColor Gray $SubOU = $null } } #======================== # If tier 0 specified, no need to do the Sub ou Check, or the tier 1 and tier 2 things # Grant only to the admin OU and the appropriate group #======================== try{ If ($Domain -eq "university") { # Create Hashtable for OtherAttributes so we can remove any null values $OtherAttributes = @{ # harvardEduADRoleType = "Admin" # harvardEduADSourceSystemUID = $ADUserCheck.harvardeduadhuid info = $Ticket mail = $ADUserCheck.mail } } Else { # Create Hashtable for OtherAttributes so we can remove any null values $OtherAttributes = @{ info = $Ticket mail = $ADUserCheck.mail } } # Clear out any null values from OtherAttributes ($OtherAttributes.GetEnumerator() | ? { -not $_.Value }) | % { $OtherAttributes.Remove($_.Name) } # Call option to create account New-ADUser ` -Description $("Tier "+ $tier +" Admin") ` -DisplayName ($AdminGivenName +" " + $AdminSurname) ` -name ($AdminSAM +"-at"+ $tier) ` -SamAccountName ($AdminSAM +"-at" +$tier) ` -Surname $AdminSurname ` -GivenName $AdminGivenName ` -Enabled $true ` -Path $tierOU ` -UserPrincipalName ($AdminSAM+"-at"+$tier+"@university.harvard.edu") ` -AccountPassword (ConvertTo-SecureString ($pwd) -AsPlainText -force) ` -AccountNotDelegated $false ` -AllowReversiblePasswordEncryption $false ` -CannotChangePassword $false ` -PasswordNeverExpires $false ` -PasswordNotRequired $false ` -SmartcardLogonRequired $false ` -TrustedForDelegation $false ` -Server $pdc ` -Department $ADUserCheck.Department ` -OtherAttributes $OtherAttributes ` -ErrorAction Stop | Out-Null Write-Host "User created successfully" -ForegroundColor Green Write-AccountInfo -Account "$AdminSAM-at$tier" -password $pwd -ticket $Ticket } catch{ Write-Host "Must have an error" #Write-Warning "Error Action for $SourceAcct in tier $tier" #$error[0] if ($Error[0].Exception.message -eq "The specified account already exists"){ Write-Host "Skipping account creation, $AdminSAM-at$tier already exists." -ForegroundColor Yellow Set-ADAccountPassword "$AdminSAM-at$tier" -NewPassword (ConvertTo-SecureString ($pwd) -AsPlainText -force) Enable-ADAccount "$AdminSAM-at$tier" Write-AccountInfo -Account "$AdminSAM-at$tier" -password $pwd -ticket $Ticket } if ($Error[0].Exception.message -like "*access is denied*"){ Write-Host "You do not have permissions to created this type of account $AdminSAM-at$tier." -ForegroundColor Red } } # Add to groups If ($tier -ne 0) { If ($Groups) { Foreach ($Group in $Groups) { $GroupCheck = Get-ADGroup $Group Add-ADGroupMember -Identity $GroupCheck.distinguishedname -Members ($AdminSAM +"-at" +$tier) -Server $pdc -ErrorAction Stop |Out-Null Write-Host "User added to group $Group" -ForegroundColor Green } } If ($Roles) { Foreach ($AdminRole in $Roles) { If (!$SubOU){ $grp = $harvardEduADAffiliateCode+"_t"+ $tier +"_"+ $RoleToGroupMapping[$AdminRole] } Else { $grp = $Subou + "_" + $harvardEduADAffiliateCode+"_t"+ $tier +"_"+ $RoleToGroupMapping[$AdminRole] } Try { Add-ADGroupMember -Identity $grp -Members ($AdminSAM +"-at" +$tier) -Server $pdc -ErrorAction Stop |Out-Null Write-Host "User added to group $grp" -ForegroundColor Green } Catch { if ($Error[0].Exception.message -like "*Insufficient access rights*"){ Write-Host "Access Denied: Unable to add user to group $grp." -ForegroundColor Red } } } } Else { #No Roles were added so we will add the account to a TierXAdmins group if no groups were also added above. If (!$Groups) { # No roles selected. Account will be added to the TierXAdmins group. $grp = "Tier" + $tier +"Admins" Try { Add-ADGroupMember -Identity $grp -Members ($AdminSAM +"-at" +$tier) -Server $pdc -ErrorAction Stop |Out-Null Write-Host "No admin groups selected, so user has been added to group $grp" -ForegroundColor Green } Catch { if ($Error[0].Exception.message -like "*Insufficient access rights*"){ Write-Host "Access Denied: Unable to add user to group $grp." -ForegroundColor Red } } } } } } # SIG # Begin signature block # MIIl1gYJKoZIhvcNAQcCoIIlxzCCJcMCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUfK4oNKL7EFFJDYCe6Ac7p47f # aLKggh++MIIFjTCCBHWgAwIBAgIQDpsYjvnQLefv21DiCEAYWjANBgkqhkiG9w0B # AQwFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD # VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVk # IElEIFJvb3QgQ0EwHhcNMjIwODAxMDAwMDAwWhcNMzExMTA5MjM1OTU5WjBiMQsw # CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu # ZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQw # ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz # 7MKnJS7JIT3yithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS # 5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7 # bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfI # SKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jH # trHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14 # Ztk6MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2 # h4mXaXpI8OCiEhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt # 6zPZxd9LBADMfRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPR # iQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ER # ElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4K # Jpn15GkvmB0t9dmpsh3lGwIDAQABo4IBOjCCATYwDwYDVR0TAQH/BAUwAwEB/zAd # BgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wHwYDVR0jBBgwFoAUReuir/SS # y4IxLVGLp6chnfNtyA8wDgYDVR0PAQH/BAQDAgGGMHkGCCsGAQUFBwEBBG0wazAk # BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAC # hjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURS # b290Q0EuY3J0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0 # LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwEQYDVR0gBAowCDAGBgRV # HSAAMA0GCSqGSIb3DQEBDAUAA4IBAQBwoL9DXFXnOF+go3QbPbYW1/e/Vwe9mqyh # hyzshV6pGrsi+IcaaVQi7aSId229GhT0E0p6Ly23OO/0/4C5+KH38nLeJLxSA8hO # 0Cre+i1Wz/n096wwepqLsl7Uz9FDRJtDIeuWcqFItJnLnU+nBgMTdydE1Od/6Fmo # 8L8vC6bp8jQ87PcDx4eo0kxAGTVGamlUsLihVo7spNU96LHc/RzY9HdaXFSMb++h # UD38dglohJ9vytsgjTVgHAIDyyCwrFigDkBjxZgiwbJZ9VVrzyerbHbObyMt9H5x # aiNrIv8SuFQtJ37YOtnwtoeW/VvRXKwYw02fc7cBqZ9Xql4o4rmUMIIGITCCBQmg # AwIBAgITYwAAAVOZckg75vLFNQAAAAABUzANBgkqhkiG9w0BAQsFADCBpDELMAkG # A1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCUNhbWJy # aWRnZTExMC8GA1UEChMoUHJlc2lkZW50IGFuZCBGZWxsb3dzIG9mIEhhcnZhcmQg # Q29sbGVnZTEMMAoGA1UECxMDUEtJMSgwJgYDVQQDEx9IYXJ2YXJkIFVuaXZlcnNp # dHkgSXNzdWluZyBDQSAwMB4XDTIyMDkwOTE2MDc1NVoXDTI1MDkwODE2MDc1NVow # gbIxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMRIwEAYDVQQH # EwlDYW1icmlkZ2UxMTAvBgNVBAoTKFByZXNpZGVudCBhbmQgRmVsbG93cyBvZiBI # YXJ2YXJkIENvbGxlZ2UxDDAKBgNVBAsTA1BLSTE2MDQGA1UEAxMtSGFydmFyZCBD # b2RlIFNpZ25pbmcgQXV0aG9yaXR5IC0gSm9obiBMb2NrZXR0MIIBIjANBgkqhkiG # 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUu4M5+FKMkzMFRzrPgxeo3HjIYxzRaHD9hl # ABxjD4a/qDMmefEk/lqTG1sL/5o4devvSyyJYlsBFckfy7J1mnt6xoLPAD7i7d/o # zdEwm4JFrBlES0FL1uP6SUuJhC3m4zBtULGyelTv7h0dEXu5yuYSXKDHIACLQ1Jt # fodE6mCz8xc0ZbHhkyfBqGSe7EClijxjRwsApI2zPLx7bsJwURnc7nGdarG+KDH3 # xD3FyZAGIX3o7TjVgRPjk+70jk9mDDIXza4pPKF3CUD6hEvTnQ4ewrsB0IFsa8j8 # y57Hwwun9hIa+eAtrCtGCPS/EB4JAxVbH9wRppfIn/gDJmt0xQIDAQABo4ICOjCC # AjYwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIgbyHd4OYsyKHqZ0ih8rAOoHj # smyBAYeut3yB+M0LAgFkAgEQMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA4GA1UdDwEB # /wQEAwIHgDBWBgNVHSAETzBNMEsGCysGAQQBsUWDfQEEMDwwOgYIKwYBBQUHAgEW # Lmh0dHA6Ly9jcmwuaHVpdC5oYXJ2YXJkLmVkdS9wb2xpY2llcy9oaWdoLmh0bWww # GwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU0OBFyn+6uXYR # XQvQ4NhhN29MLvYwHwYDVR0jBBgwFoAUtrP8YtlLby2pqOM9wNbmhQhyVAgwXAYD # VR0fBFUwUzBRoE+gTYZLaHR0cDovL2NybC5odWl0LmhhcnZhcmQuZWR1L3BraS9I # YXJ2YXJkJTIwVW5pdmVyc2l0eSUyMElzc3VpbmclMjBDQSUyMDAuY3JsMIG7Bggr # BgEFBQcBAQSBrjCBqzB6BggrBgEFBQcwAoZuaHR0cDovL2NybC5odWl0LmhhcnZh # cmQuZWR1L3BraS9QMC1QS0ktSVNTQ0EwLnJlZC5odWl0LmhhcnZhcmQuZWR1X0hh # cnZhcmQlMjBVbml2ZXJzaXR5JTIwSXNzdWluZyUyMENBJTIwMC5jcnQwLQYIKwYB # BQUHMAGGIWh0dHA6Ly9vY3NwLmh1aXQuaGFydmFyZC5lZHUvb2NzcDANBgkqhkiG # 9w0BAQsFAAOCAQEAQ88H4jF8MoupCyIXtjHte4Xj+5sKtvmNc5S+Lom21qohQFz3 # p8X/2kdC7rsRdXlDiwahvje5IN10CSUVtRR0cADKNOzrgYqRNb5xjq8bMyFFL5S4 # 0ghlmXPdS3gSeor+UQXWuSAhirrG4WXUXujfBrWo9fOZrdZykznLpDfgmrs0+4xd # 4C3yyknYyH6hpKMuNt+dJPCM4ssBln2lRIVdYr4NwCg7OOVjXY24k9b8baTFijWn # 3IzUlSUVSq3nkLb1NiYAopNi9O7Fo0Apr6RoH56EaT9TKcXQHQzv+ZN+iZGnxXwn # 8eeXydiuWmgy35pIbA9f4Y1AJSNFYMMMKUJMZTCCBpIwggR6oAMCAQICEycAAAAC # EE6egJ9S5DMAAAAAAAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVTMRYw # FAYDVQQIEw1NYXNzYWNodXNldHRzMRIwEAYDVQQHEwlDYW1icmlkZ2UxMTAvBgNV # BAoTKFByZXNpZGVudCBhbmQgRmVsbG93cyBvZiBIYXJ2YXJkIENvbGxlZ2UxDDAK # BgNVBAsTA1BLSTEjMCEGA1UEAxMaSGFydmFyZCBVbml2ZXJzaXR5IFJvb3QgQ0Ew # HhcNMTgxMTI3MjA1NTQwWhcNMjgxMTI3MjEwNTQwWjCBpDELMAkGA1UEBhMCVVMx # FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCUNhbWJyaWRnZTExMC8G # A1UEChMoUHJlc2lkZW50IGFuZCBGZWxsb3dzIG9mIEhhcnZhcmQgQ29sbGVnZTEM # MAoGA1UECxMDUEtJMSgwJgYDVQQDEx9IYXJ2YXJkIFVuaXZlcnNpdHkgSXNzdWlu # ZyBDQSAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5agkImBBfND # H20UkgckfukHNTUqPbJ5F9ctwIwFJD/0TJ43JO5bis+4ZHkeXzx9uGs+gMM2nfJB # ifexAzcuY6JlHofW1RpXkhbTcgNEjmLmqk5jesQGphkza7HlPdQ8vd3HDhWEFgos # 2mwfxXIpV9Tgi+ySVf394xu9XaDhaBK/t8vOOH1fIp4DTosy6j1W+rhNGRr/aPEq # DEFocG9FhVl5YFj/WpbGZUFbiOxvYIFeNuaWLjxM/L5rbpQjj6ZSMppqzH7BAyYQ # xy9YYC3/mYOOS/v9I/D8uxnh8Pe6z62ej0sab/EU9oO0kuJCx9A1DtDXd9e5HlAT # XttkhWdEfwIDAQABo4IBvjCCAbowCwYDVR0PBAQDAgGGMBAGCSsGAQQBgjcVAQQD # AgEAMB0GA1UdDgQWBBS2s/xi2UtvLamo4z3A1uaFCHJUCDBmBgNVHSAEXzBdMA0G # CysGAQQBsUWDfQECMA0GCysGAQQBsUWDfQEDMA0GCysGAQQBsUWDfQEEMA4GDCsG # AQQBsUWDfQEEATAOBgwrBgEEAbFFg30BBAMwDgYMKwYBBAGxRYN9AQQEMBkGCSsG # AQQBgjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw # FoAUYoKA1zSUqpUkOghATS0l6RYwrBIwVQYDVR0fBE4wTDBKoEigRoZEaHR0cDov # L2NybC5odWl0LmhhcnZhcmQuZWR1L3BraS9IYXJ2YXJkJTIwVW5pdmVyc2l0eSUy # MFJvb3QlMjBDQS5jcmwwbgYIKwYBBQUHAQEEYjBgMF4GCCsGAQUFBzAChlJodHRw # Oi8vY3JsLmh1aXQuaGFydmFyZC5lZHUvcGtpL1AwLVBLSS1Sb290Q0FfSGFydmFy # ZCUyMFVuaXZlcnNpdHklMjBSb290JTIwQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IC # AQCkJrhO58DnnYeEzuYL6WLC6QsQKPAtR9qR4r+BmnrZ0OXDC9IjhhiIcYtnESsR # 8liR2Ta4VvwvONBxtH4NwCVQSK8Pnp6OunKjR+oCeopPAIpmXRiZNLzgmbMKXin+ # BnYYwsGy36TB926JghMx7N0BCaICgdDNsOx9GQiZvVJVfVl1yTeYnGS+t+4G1xbb # IrmHqMnoTxyl2keEHHNjNmDYU6ABNMNeySXD58BCf5YQeeQVuSuEurZBN96TOk3D # 2cPZN5J8yxGonFTuT8zLDs55hylPh6j0PsaehGhm3JVD6JWYNXvYdx3lKe7ddB2N # 9RjPMt0Snu7xhLe31I9hmbvUJ7LuUvHKwLWy1/Q0tqDxfbLho/402giQOjkCBGYY # Qx/k3wHDooOdvuW56RKnzoN4E6OmTTjn29NivX5VQgYWIlXD6YbbE6OFOZ5mnZs+ # 7GLF2w1DdmpCX1k8cSpkf+VqLiYtyKv9grCAh0S0jcAXjBpRTESeTo8Eu6ylvKGV # AHzgeOAdBcZc7R9vTbOIyQ6dYTRVgQWOFt45zz81Z17nu3q/4GoSCCXn2ho+Vs2F # AsGRCDdvA4cHWEhlGRGQIHVcO6qlvML8NEYkz8/pumSv8auf3m+LhgoTI6sdn6jd # qUSpqo6UYkhzq6GlMrRCAQRUYUw7kW94nqV6WoW1rWsErTCCBq4wggSWoAMCAQIC # EAc2N7ckVHzYR6z9KGYqXlswDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMx # FTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNv # bTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MB4XDTIyMDMyMzAw # MDAwMFoXDTM3MDMyMjIzNTk1OVowYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRp # Z2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQw # OTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP # ADCCAgoCggIBAMaGNQZJs8E9cklRVcclA8TykTepl1Gh1tKD0Z5Mom2gsMyD+Vr2 # EaFEFUJfpIjzaPp985yJC3+dH54PMx9QEwsmc5Zt+FeoAn39Q7SE2hHxc7Gz7iuA # hIoiGN/r2j3EF3+rGSs+QtxnjupRPfDWVtTnKC3r07G1decfBmWNlCnT2exp39mQ # h0YAe9tEQYncfGpXevA3eZ9drMvohGS0UvJ2R/dhgxndX7RUCyFobjchu0CsX7Le # Sn3O9TkSZ+8OpWNs5KbFHc02DVzV5huowWR0QKfAcsW6Th+xtVhNef7Xj3OTrCw5 # 4qVI1vCwMROpVymWJy71h6aPTnYVVSZwmCZ/oBpHIEPjQ2OAe3VuJyWQmDo4EbP2 # 9p7mO1vsgd4iFNmCKseSv6De4z6ic/rnH1pslPJSlRErWHRAKKtzQ87fSqEcazjF # KfPKqpZzQmiftkaznTqj1QPgv/CiPMpC3BhIfxQ0z9JMq++bPf4OuGQq+nUoJEHt # Qr8FnGZJUlD0UfM2SU2LINIsVzV5K6jzRWC8I41Y99xh3pP+OcD5sjClTNfpmEpY # PtMDiP6zj9NeS3YSUZPJjAw7W4oiqMEmCPkUEBIDfV8ju2TjY+Cm4T72wnSyPx4J # duyrXUZ14mCjWAkBKAAOhFTuzuldyF4wEr1GnrXTdrnSDmuZDNIztM2xAgMBAAGj # ggFdMIIBWTASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBS6FtltTYUvcyl2 # mi91jGogj57IbzAfBgNVHSMEGDAWgBTs1+OC0nFdZEzfLmc/57qYrhwPTzAOBgNV # HQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwgwdwYIKwYBBQUHAQEEazBp # MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQQYIKwYBBQUH # MAKGNWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRS # b290RzQuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0 # LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3JsMCAGA1UdIAQZMBcwCAYGZ4EM # AQQCMAsGCWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAgEAfVmOwJO2b5ipRCIB # fmbW2CFC4bAYLhBNE88wU86/GPvHUF3iSyn7cIoNqilp/GnBzx0H6T5gyNgL5Vxb # 122H+oQgJTQxZ822EpZvxFBMYh0MCIKoFr2pVs8Vc40BIiXOlWk/R3f7cnQU1/+r # T4osequFzUNf7WC2qk+RZp4snuCKrOX9jLxkJodskr2dfNBwCnzvqLx1T7pa96kQ # sl3p/yhUifDVinF2ZdrM8HKjI/rAJ4JErpknG6skHibBt94q6/aesXmZgaNWhqsK # RcnfxI2g55j7+6adcq/Ex8HBanHZxhOACcS2n82HhyS7T6NJuXdmkfFynOlLAlKn # N36TU6w7HQhJD5TNOXrd/yVjmScsPT9rp/Fmw0HNT7ZAmyEhQNC3EyTN3B14OuSe # reU0cZLXJmvkOHOrpgFPvT87eK1MrfvElXvtCl8zOYdBeHo46Zzh3SP9HSjTx/no # 8Zhf+yvYfvJGnXUsHicsJttvFXseGYs2uJPU5vIXmVnKcPA3v5gA3yAWTyf7YGcW # oWa63VXAOimGsJigK+2VQbc61RWYMbRiCQ8KvYHZE/6/pNHzV9m8BPqC3jLfBInw # AM1dwvnQI38AC+R2AibZ8GV2QqYphwlHK+Z/GqSFD/yYlvZVVCsfgPrA8g4r5db7 # qS9EFUrnEw4d2zc4GqEr9u3WfPwwgga8MIIEpKADAgECAhALrma8Wrp/lYfG+ekE # 4zMEMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdp # Q2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2 # IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0EwHhcNMjQwOTI2MDAwMDAwWhcNMzUxMTI1 # MjM1OTU5WjBCMQswCQYDVQQGEwJVUzERMA8GA1UEChMIRGlnaUNlcnQxIDAeBgNV # BAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAyMDI0MIICIjANBgkqhkiG9w0BAQEFAAOC # Ag8AMIICCgKCAgEAvmpzn/aVIauWMLpbbeZZo7Xo/ZEfGMSIO2qZ46XB/QowIEMS # vgjEdEZ3v4vrrTHleW1JWGErrjOL0J4L0HqVR1czSzvUQ5xF7z4IQmn7dHY7yijv # oQ7ujm0u6yXF2v1CrzZopykD07/9fpAT4BxpT9vJoJqAsP8YuhRvflJ9YeHjes4f # duksTHulntq9WelRWY++TFPxzZrbILRYynyEy7rS1lHQKFpXvo2GePfsMRhNf1F4 # 1nyEg5h7iOXv+vjX0K8RhUisfqw3TTLHj1uhS66YX2LZPxS4oaf33rp9HlfqSBeP # ejlYeEdU740GKQM7SaVSH3TbBL8R6HwX9QVpGnXPlKdE4fBIn5BBFnV+KwPxRNUN # K6lYk2y1WSKour4hJN0SMkoaNV8hyyADiX1xuTxKaXN12HgR+8WulU2d6zhzXomJ # 2PleI9V2yfmfXSPGYanGgxzqI+ShoOGLomMd3mJt92nm7Mheng/TBeSA2z4I78Jp # wGpTRHiT7yHqBiV2ngUIyCtd0pZ8zg3S7bk4QC4RrcnKJ3FbjyPAGogmoiZ33c1H # G93Vp6lJ415ERcC7bFQMRbxqrMVANiav1k425zYyFMyLNyE1QulQSgDpW9rtvVcI # H7WvG9sqYup9j8z9J1XqbBZPJ5XLln8mS8wWmdDLnBHXgYly/p1DhoQo5fkCAwEA # AaOCAYswggGHMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB # /wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwH # ATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2mi91jGogj57IbzAdBgNVHQ4EFgQUn1cs # A3cOKBWQZqVjXu5Pkh92oFswWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybDMu # ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVT # dGFtcGluZ0NBLmNybDCBkAYIKwYBBQUHAQEEgYMwgYAwJAYIKwYBBQUHMAGGGGh0 # dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBYBggrBgEFBQcwAoZMaHR0cDovL2NhY2Vy # dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRp # bWVTdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAPa0eH3aZW+M4hBJH # 2UOR9hHbm04IHdEoT8/T3HuBSyZeq3jSi5GXeWP7xCKhVireKCnCs+8GZl2uVYFv # Qe+pPTScVJeCZSsMo1JCoZN2mMew/L4tpqVNbSpWO9QGFwfMEy60HofN6V51sMLM # XNTLfhVqs+e8haupWiArSozyAmGH/6oMQAh078qRh6wvJNU6gnh5OruCP1QUAvVS # u4kqVOcJVozZR5RRb/zPd++PGE3qF1P3xWvYViUJLsxtvge/mzA75oBfFZSbdakH # Je2BVDGIGVNVjOp8sNt70+kEoMF+T6tptMUNlehSR7vM+C13v9+9ZOUKzfRUAYSy # yEmYtsnpltD/GWX8eM70ls1V6QG/ZOB6b6Yum1HvIiulqJ1Elesj5TMHq8CWT/xr # W7twipXTJ5/i5pkU5E16RSBAdOp12aw8IQhhA/vEbFkEiF2abhuFixUDobZaA0Vh # qAsMHOmaT3XThZDNi5U2zHKhUs5uHHdG6BoQau75KiNbh0c+hatSF+02kULkftAR # jsyEpHKsF7u5zKRbt5oK5YGwFvgc4pEVUNytmB3BpIiowOIIuDgP5M9WArHYSAR1 # 6gc0dP2XdkMEP5eBsX7bf/MGN4K3HP50v/01ZHo/Z5lGLvNwQ7XHBx1yomzLP8lx # 4Q1zZKDyHcp4VQJLu2kWTsKsOqQxggWCMIIFfgIBATCBvDCBpDELMAkGA1UEBhMC # VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCUNhbWJyaWRnZTEx # MC8GA1UEChMoUHJlc2lkZW50IGFuZCBGZWxsb3dzIG9mIEhhcnZhcmQgQ29sbGVn # ZTEMMAoGA1UECxMDUEtJMSgwJgYDVQQDEx9IYXJ2YXJkIFVuaXZlcnNpdHkgSXNz # dWluZyBDQSAwAhNjAAABU5lySDvm8sU1AAAAAAFTMAkGBSsOAwIaBQCgeDAYBgor # BgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEE # MBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMCMGCSqGSIb3DQEJBDEWBBRq # uCDtt0ZqZXaKtdXpu/p1BZ8tczANBgkqhkiG9w0BAQEFAASCAQCML5t3Ddb9U+af # gen7tTyAah7nITTsKxyZbncK4g0qCG2wsLOP2as8NLSvizNZj2k16c2NDjcakq9C # kyXt9uLdF8iT/sG8k7IPjTuEY8nSwW4VWUyhqKYlB4HZ1u3VKmW8/3VZVz+6Mpbm # 9/2vvHM9NcdJxAj++bBi/2Y2peN4pPZfVN2/rChB76Ljljs7JJy0qt+SLEvBMYwI # MOMezt4CEEszMPEKEHl22hHa70rc5TDSts/iDZATuQN6knX6EVKF77F9iQyGYC+3 # QB0wUkd9Lf6iXWTls+wYE//RVuuaU7ym1BO8uP8npEGeqU/1LiiIr1GwHqiZp18A # O4x6xkLAoYIDIDCCAxwGCSqGSIb3DQEJBjGCAw0wggMJAgEBMHcwYzELMAkGA1UE # BhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2Vy # dCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQQIQC65m # vFq6f5WHxvnpBOMzBDANBglghkgBZQMEAgEFAKBpMBgGCSqGSIb3DQEJAzELBgkq # hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI1MDMyMzIwNDMyNlowLwYJKoZIhvcN # AQkEMSIEIC8ERFpqO+FXS9SK/oqGxURhNWfzk6F8kr8bhRkDEJeBMA0GCSqGSIb3 # DQEBAQUABIICACdAa8eWhMO2WYFBIxiJXzpuu3tn9k3WvZvJgZtlyg5p2irEQSel # wyb/d8C4Znx22BS7Q21SH7GVmprW6ZzNjf4VjnSfdlpyNrKGOzaxXt9LUzPTyNwe # yLmc5qvUK5ZEgkmF/SFxlJCMVx73GskvLb5OEcqa7pLb3YxSrJhHtAzFpYoKA/eI # fXyC9MilkCIJTGijXSGEB127jHU94d8eUPegYM5xs5uATxZUyoRLBY9uQwwyxugY # JmGBXws6iO6iD7DPd3hzQv2o6cSedz7METgiz+aZrMSbS8p0shD1lh8GQQ7DvWiF # Bi08UxeO5hm/GJa6VBVZvEna/L+4YcPgEWmnOWV0EADd18pOhw0AjAZpOU0ljXAO # 5pzbAaaGfsHp6bdzhVPIe4TlprpXl4azBzA5Z+s4PRioFSfnz9AvXXbeCT07Xf4y # nrOVJgaZZ5mKX6gCQ66mmo684tVAVIgJUoCekWMcsGe5jv3znKBpOVlCcAavmBWN # QuOHgkDa2qv2VIEUOd2nrfzvkjWFOCiPRXLTkRAxq/u1s0TG76+5z/xbaTOJoCvZ # AEJRMq87CfsqErCLz6cMIUuEoolqLO3ph3azXkocyEXDkrq6f4s6Dmdv1BvdL151 # 3xKcgUNRY/UlUbyNNhF//1XdaqPsbUjnVyoJuFahZQ33jUYTKYg5ShHw # SIG # End signature block |