Set-ManagedByTenantForAadds

2.0.0

Set-ManagedByTenantForAadds.ps1

                                <#PSScriptInfo

.VERSION 2.0.0

.GUID ab5fb1d9-e8dd-42c9-9a58-552e06e97bdb

.AUTHOR aaddsfb@microsoft.com

.COMPANYNAME Microsoft Corporation

.COPYRIGHT (c) Microsoft Corporation

.TAGS Azure-AD-Domain-Services

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES

    02/18/2023 - Initial release

    03/31/2023 - Allow an admin group name to be specified

    01/09/2024 - Migrate from AzureAD PowerShell to MS Graph PowerShell, rebrand to Microsoft Entra Domain Services

    02/09/2026 - Explicitly requires MS Graph PowerShell

#>

<#

.SYNOPSIS

    Uses AzureLighthouse to set up the subscription to be managed by the tenant in order

    to temporarily resolve tenant-subscription mismatch scenario.

.DESCRIPTION

    Uses AzureLighthouse to set up the subscription to be managed by the tenant in order

    to temporarily resolve tenant-subscription mismatch scenario.

.PARAMETER managedByTenantId [MANDATORY]

    The tenant id of the AADDS instance.

.PARAMETER subscriptionId [MANADATORY]

    The subscription id of the AADDS instance.

.PARAMETER adminGroupName [MANADATORY]

    The admin group name in the tenant corresponding to the tenant id of the AADDS instance

    to be granted the permission to manage the subscription.

.NOTES

    * This cmdlet requires you install the Microsoft Graph PowerShell SDK: https://review.learn.microsoft.com/en-us/powershell/microsoftgraph/installation?view=graph-powershell-1.0&branch=main

#>

[CmdletBinding()]

Param (

    [Parameter(Mandatory=$true)]

    [string] $managedByTenantId,

    [Parameter(Mandatory=$true)]

    [string] $subscriptionId,

    [Parameter(Mandatory=$true)]

    [string] $adminGroupName

)

$VerbosePreference = 'Continue'

# Constants

$armServiceAppId = "443155a6-77f3-45e3-882b-22b3a8d431fb"

$armOpsAppId = "abba844e-bc0e-44b0-947a-dc74e5d09022"

$managedServices = "Microsoft.ManagedServices"

$contributorRoleName = "Contributor"

$contributorRoleId = "b24988ac-6180-42a0-ab88-20f7382dd24c"

$subscriptionScope = "/subscriptions/$subscriptionId"

Write-Verbose "Log on to the Entra ID tenant specified by the AADDS resource's tenant id '$managedByTenantId'"

Connect-MgGraph -Scopes "Application.ReadWrite.All","Group.ReadWrite.All" -TenantId $managedByTenantId

$context = Get-MgContext

$principalIds = @()

$principalNames = @()

# Obtain admin user's object id

$logonUser = Get-MgUser -Filter "userPrincipalName eq '$($context.Account)'" -ErrorAction Ignore

if ($null -eq $logonUser)

{

    Write-Error "Cannot retrieve the id of the logon user in the tenant '$managedByTenantId'."

    return

}

$principalIds += $logonUser.Id

$principalNames += "user $($context.Account.Id)"

# Find the admin aad group's object id

$adminGroup = Get-MgGroup -Filter "displayName eq '$adminGroupName'" -ErrorAction Ignore

if ($null -eq $adminGroup)

{

    Write-Error "Cannot retrieve the object id of the admin group '$adminGroupName' in the tenant '$managedByTenantId'."

    return

}

$principalIds += $adminGroup.Id

$principalNames += "group $adminGroupName"

# Obtain a couple of DCaaS service principals

$appIds = @($armServiceAppId, $armOpsAppId)

foreach ($appId in $appIds)

{

    $app = Get-MgServicePrincipal -Filter "AppId eq '$appId'" -ErrorAction Ignore

    if ($null -eq $app)

    {

        Write-Error "Service principal for AppId '$appId' not found."

        Write-Error "Please create it using this command: New-MgServicePrincipal -AppId '$appId'"

        return

    }

    $principalIds += $app.Id

    $principalNames += "application $appId"

}

Write-Verbose "Log on to the subscription '$subscriptionId' which contains the AADDS resource"

Connect-AzAccount | Out-Null

Set-AzContext -SubscriptionId $subscriptionId -ErrorAction Stop | Out-Null

$managedServicesRps = Get-AzResourceProvider -ProviderNamespace $managedServices

$registered = $null -ne $managedServicesRps -and ($managedServicesRps | Where-Object { $_.RegistrationState -ne 'Registered'}).Count -eq 0

if ($registered -eq $false)

{

    Write-Verbose "Registering $managedServices ..."

    Register-AzResourceProvider -ProviderNamespace $managedServices -ErrorAction Stop

    Write-Verbose "Registered $managedServices."

}

for ($i = 0; $i -lt $principalIds.Count; $i++)

{

    $principalId = $principalIds[$i]

    $principalName = $principalNames[$i]

    Write-Verbose "Checking ManagedServicesAssignment for $principalName ..."

    $assignment = Get-AzManagedServicesAssignment -Name $principalId -ErrorAction Ignore

    if ($null -eq $assignment)

    {

        $definition = Get-AzManagedServicesDefinition -Name $principalId -ErrorAction Ignore

        if ($null -eq $definition)

        {

            Write-Verbose "Creating ManagedServicesDefinition for $principalName ..."

            $auth = New-AzManagedServicesAuthorizationObject -PrincipalId $principalId -RoleDefinitionId $contributorRoleId

            $definition = New-AzManagedServicesDefinition `

                -Name $principalId `

                -RegistrationDefinitionName "$principalId as $contributorRoleName" `

                -ManagedByTenantId $managedByTenantId `

                -Authorization $auth `

                -Scope $subscriptionScope `

                -Description "$principalName ($principalId) as $contributorRoleName" `

                -ErrorAction Stop

            Write-Verbose "Created ManagedServicesDefinition for $principalName : $($definition.Id)."

        }

        Write-Verbose "Creating ManagedServicesAssignment for $principalName ..."

        $assignment = New-AzManagedServicesAssignment -Name $principalId -RegistrationDefinitionId $definition.Id -ErrorAction Stop

        Write-Verbose "Created ManagedServicesAssignment for $principalName : $($assignment.Id)."

    }

    else

    {

        Write-Verbose "Found ManagedServicesAssignment for $principalName."

    }

}

# SIG # Begin signature block

# MIIsGQYJKoZIhvcNAQcCoIIsCjCCLAYCAQExDzANBglghkgBZQMEAgEFADB5Bgor

# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG

# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCfLCJKn+Xk9RhM

# IfXGYeQWa6bQ97e3jYG6T41CYGxfDqCCEYcwggiXMIIHf6ADAgECAhM2AAACLAms

# 2/+Ttl/fAAIAAAIsMA0GCSqGSIb3DQEBCwUAMEExEzARBgoJkiaJk/IsZAEZFgNH

# QkwxEzARBgoJkiaJk/IsZAEZFgNBTUUxFTATBgNVBAMTDEFNRSBDUyBDQSAwMTAe

# Fw0yNTEwMjQxODQzMjFaFw0yNjA0MjcxODUzMjFaMC8xLTArBgNVBAMTJE1pY3Jv

# c29mdCBBenVyZSBEZXBlbmRlbmN5IENvZGUgU2lnbjCCASIwDQYJKoZIhvcNAQEB

# BQADggEPADCCAQoCggEBAMObgVZFDaw79JUDvqoXb/YbII6PQ2YcTxkZWLDO4Rku

# ikvCOn62N3ndwKMSTpi5tOjYJU3oHxO9eTs2RLelVxoECaqvrQHg/Fm+AYNnvBXI

# GouozKfvMUvTvu+NfwHUH1KNiEzjrh+ft7+9VByF1+EJOLdoq+0ZtRIBcGKfqjuD

# WKRidxWS9Y7N1rfGHYp9V/3KJNEocB2kJNdlnaF+zoV1MWq8usibztlciVhkzEG5

# p6uunWgBMGB9F4FXrE8jvKQdVvyWNAtuU0yjTMdRRA8NN4+lilsxhgrK4LSybiYC

# TPIVpg8bg2nZ6jihKSIXRF6JvYae/+IJytOzOL/mysUCAwEAAaOCBZgwggWUMCkG

# CSsGAQQBgjcVCgQcMBowDAYKKwYBBAGCN1sDATAKBggrBgEFBQcDAzA8BgkrBgEE

# AYI3FQcELzAtBiUrBgEEAYI3FQiGkOMNhNW0eITxiz6Fm90Wzp0SgWDigi2HkK4D

# AgFkAgEQMIICdgYIKwYBBQUHAQEEggJoMIICZDBiBggrBgEFBQcwAoZWaHR0cDov

# L2NybC5taWNyb3NvZnQuY29tL3BraWluZnJhL0NlcnRzL0JZMlBLSUNTQ0EwMS5B

# TUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAwMSgyKS5jcnQwUgYIKwYBBQUHMAKGRmh0

# dHA6Ly9jcmwxLmFtZS5nYmwvYWlhL0JZMlBLSUNTQ0EwMS5BTUUuR0JMX0FNRSUy

# MENTJTIwQ0ElMjAwMSgyKS5jcnQwUgYIKwYBBQUHMAKGRmh0dHA6Ly9jcmwyLmFt

# ZS5nYmwvYWlhL0JZMlBLSUNTQ0EwMS5BTUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAw

# MSgyKS5jcnQwUgYIKwYBBQUHMAKGRmh0dHA6Ly9jcmwzLmFtZS5nYmwvYWlhL0JZ

# MlBLSUNTQ0EwMS5BTUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAwMSgyKS5jcnQwUgYI

# KwYBBQUHMAKGRmh0dHA6Ly9jcmw0LmFtZS5nYmwvYWlhL0JZMlBLSUNTQ0EwMS5B

# TUUuR0JMX0FNRSUyMENTJTIwQ0ElMjAwMSgyKS5jcnQwga0GCCsGAQUFBzAChoGg

# bGRhcDovLy9DTj1BTUUlMjBDUyUyMENBJTIwMDEsQ049QUlBLENOPVB1YmxpYyUy

# MEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9

# QU1FLERDPUdCTD9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlm

# aWNhdGlvbkF1dGhvcml0eTAdBgNVHQ4EFgQUfdQYmnrMmvU1nIYbtDIfOLPsk+Mw

# DgYDVR0PAQH/BAQDAgeAMFQGA1UdEQRNMEukSTBHMS0wKwYDVQQLEyRNaWNyb3Nv

# ZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxFjAUBgNVBAUTDTIzNjE2OSs1

# MDYwNTcwggHmBgNVHR8EggHdMIIB2TCCAdWgggHRoIIBzYY/aHR0cDovL2NybC5t

# aWNyb3NvZnQuY29tL3BraWluZnJhL0NSTC9BTUUlMjBDUyUyMENBJTIwMDEoMiku

# Y3JshjFodHRwOi8vY3JsMS5hbWUuZ2JsL2NybC9BTUUlMjBDUyUyMENBJTIwMDEo

# MikuY3JshjFodHRwOi8vY3JsMi5hbWUuZ2JsL2NybC9BTUUlMjBDUyUyMENBJTIw

# MDEoMikuY3JshjFodHRwOi8vY3JsMy5hbWUuZ2JsL2NybC9BTUUlMjBDUyUyMENB

# JTIwMDEoMikuY3JshjFodHRwOi8vY3JsNC5hbWUuZ2JsL2NybC9BTUUlMjBDUyUy

# MENBJTIwMDEoMikuY3JshoG9bGRhcDovLy9DTj1BTUUlMjBDUyUyMENBJTIwMDEo

# MiksQ049QlkyUEtJQ1NDQTAxLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2

# aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPUFNRSxEQz1HQkw/

# Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERp

# c3RyaWJ1dGlvblBvaW50MB8GA1UdIwQYMBaAFJZRhOBrb3v+2Aarw/KF5imuavnU

# MB8GA1UdJQQYMBYGCisGAQQBgjdbAwEGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUA

# A4IBAQBu2lzPUqwSdKnHGn+oZNbiBF0USXFYzjO7JcY1GFxzXCh8NGjWcrTv8xB3

# mLd/0mhXsi7HK4kFXdmvNt88WCA2hQh0rMoonCw2LAz3W9ju0qRduF6Bsr3MnEqQ

# Pkx7RJUQVeaGkpiK4jnP/8i/iGSyEl4ZqbQt0zxBlDDchczakArYd1G0Nnuffcii

# 6xQ+hcOnUGL3AOzEVi7fGxQlVFNip09Q8t1ukqyOk9xKOqXVARdkbq2KR/IIYoOv

# atxc4ywHgHCnXOvNPAaRl+k2UkWwZTrfznemVXwU0c5FyLLFZ/EwFMJPwMEZl/Hr

# 4FyPacAyktf/XcNNQjGD/so1rs0dMIII6DCCBtCgAwIBAgITHwAAAFHqj/accwyo

# OwAAAAAAUTANBgkqhkiG9w0BAQsFADA8MRMwEQYKCZImiZPyLGQBGRYDR0JMMRMw

# EQYKCZImiZPyLGQBGRYDQU1FMRAwDgYDVQQDEwdhbWVyb290MB4XDTIxMDUyMTE4

# NDQxNFoXDTI2MDUyMTE4NTQxNFowQTETMBEGCgmSJomT8ixkARkWA0dCTDETMBEG

# CgmSJomT8ixkARkWA0FNRTEVMBMGA1UEAxMMQU1FIENTIENBIDAxMIIBIjANBgkq

# hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZpSCX0Bno1W1yqXMhT6BUlJZWpa4p3x

# FeiTHO4vm2Q6C/azR5xwxnyYHrkSGDtS2P9X+KDE64V20mmEQkubxnPNeOVnE2Rv

# dPGxgwlq+BhS3ONdVsQPj79q7XgHM9HhzB9+qk0PC9KN1zm9p/seyiRS6JF1dbOq

# Rf1pUl7FAVxmgiCFgV8hHIb/rDPXig7FDi3S0yEx2CUDVpIq8jEhG8anUFE1WYxM

# +ni0S5KHwwKPKV4qyGDoDO+9AmDoma3Chyu5WDlW5cdtqXTWsGPE3umtnX6Amlld

# UFLms4OVR4guKf+n5LIBCC6bTiocfXPomqYjYTKx7AGMfaVLaaXmhQIDAQABo4IE

# 3DCCBNgwEgYJKwYBBAGCNxUBBAUCAwIAAjAjBgkrBgEEAYI3FQIEFgQUEmgkQiFH

# y9RrvjHPIKTACyN/P0cwHQYDVR0OBBYEFJZRhOBrb3v+2Aarw/KF5imuavnUMIIB

# BAYDVR0lBIH8MIH5BgcrBgEFAgMFBggrBgEFBQcDAQYIKwYBBQUHAwIGCisGAQQB

# gjcUAgEGCSsGAQQBgjcVBgYKKwYBBAGCNwoDDAYJKwYBBAGCNxUGBggrBgEFBQcD

# CQYIKwYBBQUIAgIGCisGAQQBgjdAAQEGCysGAQQBgjcKAwQBBgorBgEEAYI3CgME

# BgkrBgEEAYI3FQUGCisGAQQBgjcUAgIGCisGAQQBgjcUAgMGCCsGAQUFBwMDBgor

# BgEEAYI3WwEBBgorBgEEAYI3WwIBBgorBgEEAYI3WwMBBgorBgEEAYI3WwUBBgor

# BgEEAYI3WwQBBgorBgEEAYI3WwQCMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBB

# MAsGA1UdDwQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFCle

# UV5krjS566ycDaeMdQHRCQsoMIIBaAYDVR0fBIIBXzCCAVswggFXoIIBU6CCAU+G

# MWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2lpbmZyYS9jcmwvYW1lcm9vdC5j

# cmyGI2h0dHA6Ly9jcmwyLmFtZS5nYmwvY3JsL2FtZXJvb3QuY3JshiNodHRwOi8v

# Y3JsMy5hbWUuZ2JsL2NybC9hbWVyb290LmNybIYjaHR0cDovL2NybDEuYW1lLmdi

# bC9jcmwvYW1lcm9vdC5jcmyGgapsZGFwOi8vL0NOPWFtZXJvb3QsQ049QU1FUm9v

# dCxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMs

# Q049Q29uZmlndXJhdGlvbixEQz1BTUUsREM9R0JMP2NlcnRpZmljYXRlUmV2b2Nh

# dGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCC

# AasGCCsGAQUFBwEBBIIBnTCCAZkwRwYIKwYBBQUHMAKGO2h0dHA6Ly9jcmwubWlj

# cm9zb2Z0LmNvbS9wa2lpbmZyYS9jZXJ0cy9BTUVSb290X2FtZXJvb3QuY3J0MDcG

# CCsGAQUFBzAChitodHRwOi8vY3JsMi5hbWUuZ2JsL2FpYS9BTUVSb290X2FtZXJv

# b3QuY3J0MDcGCCsGAQUFBzAChitodHRwOi8vY3JsMy5hbWUuZ2JsL2FpYS9BTUVS

# b290X2FtZXJvb3QuY3J0MDcGCCsGAQUFBzAChitodHRwOi8vY3JsMS5hbWUuZ2Js

# L2FpYS9BTUVSb290X2FtZXJvb3QuY3J0MIGiBggrBgEFBQcwAoaBlWxkYXA6Ly8v

# Q049YW1lcm9vdCxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049

# U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1BTUUsREM9R0JMP2NBQ2VydGlm

# aWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0G

# CSqGSIb3DQEBCwUAA4ICAQBQECO3Tw/o317Rrd7yadqcswPx1LvIYymkaTN6Kcmu

# Rt6HKa0Xe73Ux2/AQ30TfgA9GBJngweRykKBusRzyOU17iIubJvy3gA21dwtqtB0

# DsoEv1U/ptVu2v++doTCJ/i+GbssVXkgaX8H+6EOGEmT4evp4GbwR4HwWlc+Dvf8

# HH8PdUA2Z04CvcwIfckSipbNm84jxJ8XjmTFTWscldL9edj2NsY6iGnyJFIyur2P

# S7VRYyV3p1VAJp91gj1jRQtWEyCB8P5g9nE3z8u0ANaU/hjwEQCrdGyravWgnf2J

# tG+bT26YAokbc8m+32zUtXRO+NK3tAjhOu2FdsG3qNrF4sc7y37R/C+7Pcb/cFfh

# ttqsirepZii4xStcjMODYuXzGm3IJs0b0owHG6oKd7ZOGvHpmmh9K8/DLriD/sq8

# bURD10qi/wuW8zM7IpLg1vcR9dIK2mc0pj44pc6UX0XbttP/VEJgu3lT2eI9VjWt

# aKjx38xE9woSMyekPRtzTwgfuysF9DkJisr+yA4po/FPxpbBw9c/hBf32DH/GFxt

# eS2pmjgKIbMP8sDukmEq3lVvuWNJsybrZwQvQpvaM49fv+JKpLK5YWYEfwksYRR9

# wU8Hh/ID9hRCEkbUoQ2W7mMpsp2Nbp/kcn4ivfolUy3Q9Yf0scsQ6WTLYpm+AoCU

# JTGCGegwghnkAgEBMFgwQTETMBEGCgmSJomT8ixkARkWA0dCTDETMBEGCgmSJomT

# 8ixkARkWA0FNRTEVMBMGA1UEAxMMQU1FIENTIENBIDAxAhM2AAACLAms2/+Ttl/f

# AAIAAAIsMA0GCWCGSAFlAwQCAQUAoIGuMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3

# AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEi

# BCCtTxtIawNpMdG06ge1wmaW0GpewlZSzZW/Cmy0SCZzZzBCBgorBgEEAYI3AgEM

# MTQwMqAUgBIATQBpAGMAcgBvAHMAbwBmAHShGoAYaHR0cDovL3d3dy5taWNyb3Nv

# ZnQuY29tMA0GCSqGSIb3DQEBAQUABIIBAH5rYLkYherC0pQh5LqHNTGlc+MajRnn

# 1cpIla/2cyFsu/hmDVZc3xfni0mzqcQeBAzlRI43+sp3ILlYXMX+vLdOFuLV1+JG

# kU9r2Pewh3hkUlV5LJdCKbS86+q+KL6NMqolWmWar+wW6b/YgvMvONUBfytL3RbX

# 76mSMTboGBzGzZoGE5k5w3fy75e1vSFcVtmtzBtmMjFt110IWI8egpt3MyH131Xh

# E4/TlESM6AoLxuSp22F5SdO5+E6hvRqdhh6zltzQnjmgmbuSB4bP3YE55FflwEI2

# +YXLkg7ENi63g33HIShqFVWifOUmu/czgMRxX4jRSGAQVwzxfxMnWUyhghewMIIX

# rAYKKwYBBAGCNwMDATGCF5wwgheYBgkqhkiG9w0BBwKggheJMIIXhQIBAzEPMA0G

# CWCGSAFlAwQCAQUAMIIBWgYLKoZIhvcNAQkQAQSgggFJBIIBRTCCAUECAQEGCisG

# AQQBhFkKAwEwMTANBglghkgBZQMEAgEFAAQgFDaV6m4LBijZhBsL+yih7RT/rpkf

# eNqY2zPawsNhQ5ICBmlztT1UhxgTMjAyNjAyMTAwNTU1NTkuNzk1WjAEgAIB9KCB

# 2aSB1jCB0zELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV

# BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsG

# A1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMScwJQYD

# VQQLEx5uU2hpZWxkIFRTUyBFU046NDAxQS0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1p

# Y3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2WgghH+MIIHKDCCBRCgAwIBAgITMwAA

# AhlesthUdfSxjQABAAACGTANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzET

# MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV

# TWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1T

# dGFtcCBQQ0EgMjAxMDAeFw0yNTA4MTQxODQ4MjZaFw0yNjExMTMxODQ4MjZaMIHT

# MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk

# bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRN

# aWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5T

# aGllbGQgVFNTIEVTTjo0MDFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0

# IFRpbWUtU3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC

# ggIBAKahSMlJMyMsaS90NN1pi7suBvWCFEnM54Sq/nBzk/v7uz2q8SPeoMcW9Vq1

# rgMQfKoxi37GyJsfFd6LitZ1HH/kf57J12rOf4k4Ff05d0E0Rk9A3rlwTW6R6nPs

# AtTYk8gO+oC54q70gRKAc5a6TUBRJ7sHWzywi6U0tylkgruSdNm/kRVkf5HBc1cZ

# 4aBN4CGnlEbaxihgWRiiwV76oIJAxDbSpL7b0U99sS7wLy/0aUXruc9fGaIwrO9m

# UqGu+A8vGG2lrA5tzmTqSUWcWbDygh2esTaoBSn9MTR49Lfb9EN1vts+YAFWmrCS

# Qr0edkpdFydgDn95dC0nrV4FAOYA+SENUbxLJU5jZ0qLk6xiA9w9Z42O5gbtKboi

# HTytoyv9Vnnn9vmEeHEKVkJHgWZl4nYfQLlnZcMSkC9eSyeitncPMv7fzwYZi8re

# kAH9AnqVkXYGZzMrVQFLlh8JWUVfSS2O2l/A+eXi/fnDi6V92xjTpjduFKSFvKrW

# Wql2nrBbyDlttyTS4WmkFbzm69XruxhP+TJ+N3vvw27XWJf2yz9iENcWBCXUm3FJ

# AxX1typWRIfpwSg7WkZzUZG4CIMSGynU9/DikMGf2gOLkrIgIOpxD4lgRxrsrSKO

# cFO+TOVXY4RKqkx312LvASYuhk871k/vXpHzF3s6gpJLMWhvAgMBAAGjggFJMIIB

# RTAdBgNVHQ4EFgQUgGjqOR1mrTc6mZ9SBdX3A+p69yEwHwYDVR0jBBgwFoAUn6cV

# XQBeYl2D9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5t

# aWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUy

# MFBDQSUyMDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQ

# aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQl

# MjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADAW

# BgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcN

# AQELBQADggIBAF8c1WSy1wRX6Aggk4mOzB13W+3IryUk36x2CQuTpNjTe+Tac0zE

# /Vdk3CEI30NwBVG4dTQQGLTFLsMQug+HHhFxuZVwJ275AvWI3i1Q0ciJl2GJn7e8

# /kKZfbdwv/GtLYqpzs/FHvPw2C7TE4L1jJ7KizYyCw2iJjn5xyN+kywoxhXvEWC1

# xnQlHTi5XwHTBnj8UkwN0wADnPhkG5j1o64Li1m8b55dzVY0b6wWVZMRTKFWR9H+

# 6hsAzkoY6Z7+Z2J0OPLny9Lgc+dkWzxnV+Bb/flBjqwaa5nB85iLrRbSXnNmOJLo

# zbUytsARoFrHBDlYRYmlXY3vFSyezFTShOU5rLhjN40y69Z7keQBRrN1CpD+4N3E

# A+HByu13S4k5u3utOkCflqnkLAA2BPXb1PcCFGyPQ5eFHCBKxcPhR2lkk65HyeEr

# y5oSp5eZIYaSdbBd8+ntQcXqVJYlx6s0S4h1ooViFhEhfCBxJRdzzsWz+FSahwYm

# L2lzFdEskYMKA+s13XW1J1/VkeiS9gZagI4x8SDcHpbKf1YcQFk4c7jAOfC8bxP1

# QM43xReFpu2tWQC5iVcN6C/7P7saNTqeLXE/oX2fbjdYbQtSTeA7kahXy7bY7qAJ

# lEKGzuc1BUc7wp/ApP4Yjvm80debKpI5cSzMjI6ZHP3n+ElFIpA+OvL1MIIHcTCC

# BVmgAwIBAgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDEL

# MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v

# bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWlj

# cm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMw

# MTgyMjI1WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK

# V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0

# IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg

# MjAxMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzntHIhC3mi

# y9ckeb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+

# Slr+uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3

# oAo4bo3t1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+

# tuhiJdxqD89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0

# hyTD4MmPfrVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLN

# ueKNiOSWrAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZ

# nkXftnIv231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n

# 6Jl8P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC

# 4jMYctenIPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vc

# G9H9stQcxWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtF

# tvUeh17aj54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEE

# BQIDAQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNV

# HQ4EFgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3

# TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br

# aW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkG

# CSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8E

# BTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRP

# ME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1

# Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEww

# SgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMv

# TWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCd

# VX38Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQ

# dTltuw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnu

# e99qb74py27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYo

# VSfQJL1AoL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlC

# GVJ1ijbCHcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZ

# lvSP9pEB9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/

# ZPkkvnNtyo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtq

# RRFHqfG3rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+

# y/g75LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgk

# NWcr4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqK

# Oghif9lwY1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCA1kwggJBAgEBMIIBAaGB

# 2aSB1jCB0zELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV

# BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsG

# A1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMScwJQYD

# VQQLEx5uU2hpZWxkIFRTUyBFU046NDAxQS0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1p

# Y3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVADF2Kf1q

# qncm9Hp4oKy38ZdCJwM+oIGDMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT

# Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m

# dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB

# IDIwMTAwDQYJKoZIhvcNAQELBQACBQDtNUTcMCIYDzIwMjYwMjEwMDU0NzA4WhgP

# MjAyNjAyMTEwNTQ3MDhaMHcwPQYKKwYBBAGEWQoEATEvMC0wCgIFAO01RNwCAQAw

# CgIBAAICE1UCAf8wBwIBAAICE5owCgIFAO02llwCAQAwNgYKKwYBBAGEWQoEAjEo

# MCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG

# 9w0BAQsFAAOCAQEAUnQ5Ck0yw26Z10KHmH+j3a6oA7YmWFhMPEoiXBl6uYqn1+qs

# bhYizAlX9Wxl5LVnmZw4KqnmkOcN7+WD5j7O1YTnhzqgw3nSnu6gFebHA7z3d68H

# zd4ZoGp8uE2mJKbL3OGrAVbzy3uevG9tL5GR5IU0XEyOfbB9m64eLI0wKlsur10S

# B9SCi48+1xJIsQ1Srk5zf3YAtuhDePcLveCKiyWvxwpmov153kYoequT4+TP4W9G

# 9J3VRdkIZiZmY1l3kl8fC74mT31GRAk32m199zYAzTcZojqn0r3o3F54zkJiMDVD

# Z2l99A0eC1IWE+Jsp9rD3QEwgDL8Ny1GaofF0TGCBA0wggQJAgEBMIGTMHwxCzAJ

# BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k

# MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jv

# c29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAACGV6y2FR19LGNAAEAAAIZMA0G

# CWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJ

# KoZIhvcNAQkEMSIEIA/RUNOXW9w6aO/KY9Vatfcw4XxsdZF1fXyybVRdcho6MIH6

# BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQg3JF+t9xNctRBd9ldfM0HK7II8yPf

# ty3u5pb5Njnm7YYwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz

# aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv

# cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx

# MAITMwAAAhlesthUdfSxjQABAAACGTAiBCDxYMo0B09hZ8EdgX6z4Re0rPJe9BKb

# DSCbfTFJPkUwEDANBgkqhkiG9w0BAQsFAASCAgAOK7xHN0RgGLZSCih4WxPoxolp

# uf9BCOIj3DinZ2ZBtYHQViyCajKdCB2KmzV6v2HGPdL7e5szJ9temBL4scd2PFSC

# okF8yYPheVrBThhq+y7Xhw/q/+UmTaY3jX0pIGyIWglfTnc8US+/QXxrJ+lz8LHJ

# QoXCJm6uv1kKk57E9m5RYStJf6Z+y6W8eH6/hTFuOxSq6zO1dE1sPZODO2xaADZx

# DqjZD60nL3x67n2ntV6n5vqqf4UomIbe8t7wYn2rQgkpd90i5u0X3xNoDyuHGZsl

# qbSEMxKpAJM3YNJqtk3HhAyfCLkKU/z8DRTYnh11y28xFTAnzLTH999AmZlO0JrV

# h9NVyNzd2bD9gcRNp8QKGHFUQ2zmF+5Fdg3l11UEtyqJn+RUBZxuw/3bCBqJtWdF

# mG/XZ4oIl148YpIn4o2aWOoU8TEaUcKWugMZysmoZnuVA31m6AiaE1qUxy28mb6I

# xWoBe9nKZNTcJhtys3y2n7+d47clRQdYuJ8a44c+kppepanGhFLW0Ajj7L2hneiA

# /z3uUv57i03OthvbyZVs9liBpRWR0FwRzuss1eKDbAZh8A587QV+G7sjZgNMw8Ju

# XUdn7w9FkEppmWvt1ULBjfXHUAeD1uL5senJLN8SsyHlCo/ysPEgG4tbmTaWxMRH

# oZoCYMZMf55sBiEJ2Q==

# SIG # End signature block