Public/Set/Set-EmailAlias.ps1

function Set-EmailAlias {
    <#
    .SYNOPSIS
        Safely sets, removes, or promotes an SMTP alias on an on-prem AD user.
 
    .DESCRIPTION
        Adds an SMTP proxy address (secondary) or promotes one to primary. Ensures
        exactly one primary (uppercase 'SMTP:') exists after changes, prevents
        duplicates, validates email format and allowed domains, and avoids
        collisions with other AD objects. Idempotent: no change -> no write.
 
    .PARAMETER Identity
        User identity (samAccountName, DN, GUID, or UPN).
 
    .PARAMETER EmailAlias
        The SMTP alias to add or make primary (e.g., jane.doe@vadtek.com).
 
    .PARAMETER MakePrimary
        If specified, ensures EmailAlias is the *primary* (uppercase 'SMTP:').
 
    .PARAMETER Remove
        If specified, removes EmailAlias from proxyAddresses.
 
    .PARAMETER AllowedDomains
        Optional whitelist of domains permitted for aliases.
 
    .PARAMETER FailIfInUse
        If specified (default: $true), fails when EmailAlias already exists on a
        different AD object.
 
    .PARAMETER Credential
        PSCredential to run AD queries and updates under (e.g., your domain admin
        credential).
 
    .PARAMETER Server
        Optional Domain Controller to target (FQDN or hostname). Useful with
        -Credential to avoid referrals.
 
    .EXAMPLE
        # Prompt for domain admin and add secondary alias
        $cred = Get-Credential
        Set-EmailAlias -Identity jdoe -EmailAlias john.doe@ltlsupply.com -Credential $cred
 
    .EXAMPLE
        # Promote to primary with explicit DC
        Set-EmailAlias -Identity jdoe -EmailAlias john.doe@vadtek.com -MakePrimary -Credential $cred -Server 'dc01.vadtek.com'
 
    .LINK
        https://dan-damit.github.io/TechToolbox-Docs/Set-EmailAlias
    #>


    [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')]
    param(
        [Parameter(Mandatory)]
        [string]$Identity,

        [Parameter(Mandatory)]
        [string]$EmailAlias,

        [Parameter()]
        [switch]$MakePrimary,

        [Parameter()]
        [switch]$Remove,

        [Parameter()]
        [string[]]$AllowedDomains,

        [Parameter()]
        [bool]$FailIfInUse = $true,

        [Parameter()]
        [System.Management.Automation.PSCredential]$Credential,

        [Parameter()]
        [string]$Server
    )

    # --- Runtime & modules ----------------------------------------------------
    Initialize-TechToolboxRuntime
    Get-ActiveDirectoryModule -ErrorAction Stop

    # Build a common splat for AD cmdlets
    $adSplat = @{}
    if ($PSBoundParameters.ContainsKey('Credential')) { $adSplat.Credential = $Credential }
    if ($PSBoundParameters.ContainsKey('Server')) { $adSplat.Server = $Server }

    # --- Helpers --------------------------------------------------------------
    function Test-Email {
        param([string]$Address)
        $pattern = '^(?=.{3,254}$)(?!\.)[A-Za-z0-9._%+\''-]+(?<!\.)@[A-Za-z0-9.-]+\.[A-Za-z]{2,63}$'
        return [regex]::IsMatch($Address, $pattern)
    }

    function ConvertTo-LdapFilterEscaped {
        param([Parameter(Mandatory)][string]$Value)
        $sb = New-Object System.Text.StringBuilder
        foreach ($ch in $Value.ToCharArray()) {
            switch ($ch) {
                '\' { [void]$sb.Append('\5c') }
                '*' { [void]$sb.Append('\2a') }
                '(' { [void]$sb.Append('\28') }
                ')' { [void]$sb.Append('\29') }
                { [int]$_ -eq 0 } { [void]$sb.Append('\00') } # NUL
                default { [void]$sb.Append($ch) }
            }
        }
        $sb.ToString()
    }

    try {
        # Normalize and validate input
        $aliasLower = $EmailAlias.Trim().ToLowerInvariant()

        if (-not (Test-Email -Address $aliasLower)) {
            throw "Invalid email address format: '$EmailAlias'"
        }

        $domain = $aliasLower.Split('@')[-1]
        if ($AllowedDomains -and ($AllowedDomains -notcontains $domain)) {
            throw "Domain '$domain' is not in AllowedDomains: $($AllowedDomains -join ', ')"
        }

        # Load the user
        $user = Get-ADUser @adSplat -Identity $Identity -Properties proxyAddresses -ErrorAction Stop
        if ($null -eq $user) { throw "User '$Identity' not found." }

        # Current addresses as a modifiable list (PS5-safe)
        $current = New-Object 'System.Collections.Generic.List[string]'
        if ($user.proxyAddresses) {
            $current.AddRange([string[]]$user.proxyAddresses)
        }

        $secondaryForm = "smtp:$aliasLower"
        $primaryForm = "SMTP:$aliasLower"

        $escapedLower = ConvertTo-LdapFilterEscaped -Value $secondaryForm
        $escapedUpper = ConvertTo-LdapFilterEscaped -Value $primaryForm
        $filter = "(|(proxyAddresses=$escapedLower)(proxyAddresses=$escapedUpper))"

        $collision = Get-ADObject @adSplat -LDAPFilter $filter -Properties proxyAddresses -ErrorAction Stop |
        Where-Object { $_.DistinguishedName -ne $user.DistinguishedName } |
        Select-Object -First 1

        if ($collision -and $FailIfInUse) {
            throw "Alias '$aliasLower' already exists on another object: $($collision.DistinguishedName)"
        }

        # Case-insensitive set for dedupe (PS5-safe constructor taking comparer)
        $newSet = New-Object 'System.Collections.Generic.HashSet[string]' ([System.StringComparer]::OrdinalIgnoreCase)
        foreach ($addr in $current) { [void]$newSet.Add($addr) }

        $changed = $false

        if ($Remove) {
            if ($newSet.Remove($secondaryForm)) { $changed = $true }
            if ($newSet.Remove($primaryForm)) { $changed = $true }

            # If we removed a primary, we do not auto-promote another primary.

        }
        else {
            # Ensure alias exists (at least secondary)
            if (-not $newSet.Contains($secondaryForm) -and -not $newSet.Contains($primaryForm)) {
                [void]$newSet.Add($secondaryForm)
                $changed = $true
            }

            if ($MakePrimary) {
                # Demote any existing primaries
                $primaries = @($newSet | Where-Object { $_ -like 'SMTP:*' })
                foreach ($p in $primaries) {
                    $null = $newSet.Remove($p)
                    $null = $newSet.Add($p.ToLowerInvariant())  # 'smtp:'
                    $changed = $true
                }

                # Promote target
                if ($newSet.Remove($secondaryForm)) { $changed = $true }
                if (-not $newSet.Contains($primaryForm)) {
                    [void]$newSet.Add($primaryForm)
                    $changed = $true
                }
            }
            else {
                # Caller didn't ask to make primary: ensure it's not primary by accident
                if ($newSet.Contains($primaryForm)) {
                    $null = $newSet.Remove($primaryForm)
                    if (-not $newSet.Contains($secondaryForm)) {
                        [void]$newSet.Add($secondaryForm)
                    }
                    $changed = $true
                }
            }
        }

        if (-not $changed) {
            Write-Log -Level INFO -Message "No change needed for '$($user.SamAccountName)'; alias state already compliant."
            return [pscustomobject]@{
                Identity          = $user.SamAccountName
                DistinguishedName = $user.DistinguishedName
                EmailAlias        = $aliasLower
                Action            = if ($Remove) { 'NoOp-Remove' } elseif ($MakePrimary) { 'NoOp-MakePrimary' } else { 'NoOp-Add' }
                Changed           = $false
                ProxyAddresses    = [string[]]$current
            }
        }

        $newArray = @()
        foreach ($addr in @($newSet)) { $newArray += [string]$addr }
        $newArray = [string[]]$newArray

        if ($PSCmdlet.ShouldProcess($user.SamAccountName, "Update proxyAddresses (count $($current.Count) -> $($newArray.Count))")) {
            Set-ADUser @adSplat -Identity $user.DistinguishedName -Replace @{ proxyAddresses = $newArray } -ErrorAction Stop
            Write-Log -Level OK -Message ("Updated proxyAddresses for '{0}': {1}" -f $user.SamAccountName, ($newArray -join '; '))
        }

        return [pscustomobject]@{
            Identity          = $user.SamAccountName
            DistinguishedName = $user.DistinguishedName
            EmailAlias        = $aliasLower
            Action            = if ($Remove) { 'Remove' } elseif ($MakePrimary) { 'MakePrimary' } else { 'AddOrEnsureSecondary' }
            Changed           = $true
            ProxyAddresses    = $newArray
        }
    }
    catch {
        Write-Log -Level ERROR -Message "Failed to set email alias for '$Identity' → '$EmailAlias': $_"
        throw
    }
}

# SIG # Begin signature block
# MIIfAgYJKoZIhvcNAQcCoIIe8zCCHu8CAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBf3rIuozPyImbb
# UEr0t05f5rmLSoU9bDv7lyeNZWxriaCCGEowggUMMIIC9KADAgECAhAR+U4xG7FH
# qkyqS9NIt7l5MA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNVBAMME1ZBRFRFSyBDb2Rl
# IFNpZ25pbmcwHhcNMjUxMjE5MTk1NDIxWhcNMjYxMjE5MjAwNDIxWjAeMRwwGgYD
# VQQDDBNWQURURUsgQ29kZSBTaWduaW5nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
# MIICCgKCAgEA3pzzZIUEY92GDldMWuzvbLeivHOuMupgpwbezoG5v90KeuN03S5d
# nM/eom/PcIz08+fGZF04ueuCS6b48q1qFnylwg/C/TkcVRo0WFcKoFGT8yGxdfXi
# caHtapZfbSRh73r7qR7w0CioVveNBVgfMsTgE0WKcuwxemvIe/ptmkfzwAiw/IAC
# Ib0E0BjiX4PySbwWy/QKy/qMXYY19xpRItVTKNBtXzADUtzPzUcFqJU83vM2gZFs
# Or0MhPvM7xEVkOWZFBAWAubbMCJ3rmwyVv9keVDJChhCeLSz2XR11VGDOEA2OO90
# Y30WfY9aOI2sCfQcKMeJ9ypkHl0xORdhUwZ3Wz48d3yJDXGkduPm2vl05RvnA4T6
# 29HVZTmMdvP2475/8nLxCte9IB7TobAOGl6P1NuwplAMKM8qyZh62Br23vcx1fXZ
# TJlKCxBFx1nTa6VlIJk+UbM4ZPm954peB/fIqEacm8LkZ0cPwmLE5ckW7hfK4Trs
# o+RaudU1sKeA+FvpOWgsPccVRWcEYyGkwbyTB3xrIBXA+YckbANZ0XL7fv7x29hn
# gXbZipGu3DnTISiFB43V4MhNDKZYfbWdxze0SwLe8KzIaKnwlwRgvXDMwXgk99Mi
# EbYa3DvA/5ZWikLW9PxBFD7Vdr8ZiG/tRC9I2Y6fnb+PVoZKc/2xsW0CAwEAAaNG
# MEQwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB0GA1UdDgQW
# BBRfYLVE8caSc990rnrIHUjoB7X/KjANBgkqhkiG9w0BAQsFAAOCAgEAiGB2Wmk3
# QBtd1LcynmxHzmu+X4Y5DIpMMNC2ahsqZtPUVcGqmb5IFbVuAdQphL6PSrDjaAR8
# 1S8uTfUnMa119LmIb7di7TlH2F5K3530h5x8JMj5EErl0xmZyJtSg7BTiBA/UrMz
# 6WCf8wWIG2/4NbV6aAyFwIojfAcKoO8ng44Dal/oLGzLO3FDE5AWhcda/FbqVjSJ
# 1zMfiW8odd4LgbmoyEI024KkwOkkPyJQ2Ugn6HMqlFLazAmBBpyS7wxdaAGrl18n
# 6bS7QuAwCd9hitdMMitG8YyWL6tKeRSbuTP5E+ASbu0Ga8/fxRO5ZSQhO6/5ro1j
# PGe1/Kr49Uyuf9VSCZdNIZAyjjeVAoxmV0IfxQLKz6VOG0kGDYkFGskvllIpQbQg
# WLuPLJxoskJsoJllk7MjZJwrpr08+3FQnLkRuisjDOc3l4VxFUsUe4fnJhMUONXT
# Sk7vdspgxirNbLmXU4yYWdsizz3nMUR0zebUW29A+HYme16hzrMPOeyoQjy4I5XX
# 3wXAFdworfPEr/ozDFrdXKgbLwZopymKbBwv6wtT7+1zVhJXr+jGVQ1TWr6R+8ea
# tIOFnY7HqGaxe5XB7HzOwJKdj+bpHAfXft1vUoiKr16VajLigcYCG8MdwC3sngO3
# JDyv2V+YMfsYBmItMGBwvizlQ6557NbK95EwggWNMIIEdaADAgECAhAOmxiO+dAt
# 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV
# BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa
# Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
# dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD
# ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
# ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E
# MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy
# unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF
# xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1
# 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB
# MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR
# WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6
# nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB
# YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S
# UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x
# q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB
# NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP
# TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC
# AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
# Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv
# bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0
# aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB
# LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc
# Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov
# Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy
# oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW
# juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF
# mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z
# twGpn1eqXijiuZQwgga0MIIEnKADAgECAhANx6xXBf8hmS5AQyIMOkmGMA0GCSqG
# SIb3DQEBCwUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx
# GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRy
# dXN0ZWQgUm9vdCBHNDAeFw0yNTA1MDcwMDAwMDBaFw0zODAxMTQyMzU5NTlaMGkx
# CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4
# RGlnaUNlcnQgVHJ1c3RlZCBHNCBUaW1lU3RhbXBpbmcgUlNBNDA5NiBTSEEyNTYg
# MjAyNSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0eDHTCphB
# cr48RsAcrHXbo0ZodLRRF51NrY0NlLWZloMsVO1DahGPNRcybEKq+RuwOnPhof6p
# vF4uGjwjqNjfEvUi6wuim5bap+0lgloM2zX4kftn5B1IpYzTqpyFQ/4Bt0mAxAHe
# HYNnQxqXmRinvuNgxVBdJkf77S2uPoCj7GH8BLuxBG5AvftBdsOECS1UkxBvMgEd
# gkFiDNYiOTx4OtiFcMSkqTtF2hfQz3zQSku2Ws3IfDReb6e3mmdglTcaarps0wjU
# jsZvkgFkriK9tUKJm/s80FiocSk1VYLZlDwFt+cVFBURJg6zMUjZa/zbCclF83bR
# VFLeGkuAhHiGPMvSGmhgaTzVyhYn4p0+8y9oHRaQT/aofEnS5xLrfxnGpTXiUOeS
# LsJygoLPp66bkDX1ZlAeSpQl92QOMeRxykvq6gbylsXQskBBBnGy3tW/AMOMCZIV
# NSaz7BX8VtYGqLt9MmeOreGPRdtBx3yGOP+rx3rKWDEJlIqLXvJWnY0v5ydPpOjL
# 6s36czwzsucuoKs7Yk/ehb//Wx+5kMqIMRvUBDx6z1ev+7psNOdgJMoiwOrUG2Zd
# SoQbU2rMkpLiQ6bGRinZbI4OLu9BMIFm1UUl9VnePs6BaaeEWvjJSjNm2qA+sdFU
# eEY0qVjPKOWug/G6X5uAiynM7Bu2ayBjUwIDAQABo4IBXTCCAVkwEgYDVR0TAQH/
# BAgwBgEB/wIBADAdBgNVHQ4EFgQU729TSunkBnx6yuKQVvYv1Ensy04wHwYDVR0j
# BBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1Ud
# JQQMMAoGCCsGAQUFBwMIMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0
# cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0
# cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8E
# PDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVz
# dGVkUm9vdEc0LmNybDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEw
# DQYJKoZIhvcNAQELBQADggIBABfO+xaAHP4HPRF2cTC9vgvItTSmf83Qh8WIGjB/
# T8ObXAZz8OjuhUxjaaFdleMM0lBryPTQM2qEJPe36zwbSI/mS83afsl3YTj+IQhQ
# E7jU/kXjjytJgnn0hvrV6hqWGd3rLAUt6vJy9lMDPjTLxLgXf9r5nWMQwr8Myb9r
# EVKChHyfpzee5kH0F8HABBgr0UdqirZ7bowe9Vj2AIMD8liyrukZ2iA/wdG2th9y
# 1IsA0QF8dTXqvcnTmpfeQh35k5zOCPmSNq1UH410ANVko43+Cdmu4y81hjajV/gx
# dEkMx1NKU4uHQcKfZxAvBAKqMVuqte69M9J6A47OvgRaPs+2ykgcGV00TYr2Lr3t
# y9qIijanrUR3anzEwlvzZiiyfTPjLbnFRsjsYg39OlV8cipDoq7+qNNjqFzeGxcy
# tL5TTLL4ZaoBdqbhOhZ3ZRDUphPvSRmMThi0vw9vODRzW6AxnJll38F0cuJG7uEB
# YTptMSbhdhGQDpOXgpIUsWTjd6xpR6oaQf/DJbg3s6KCLPAlZ66RzIg9sC+NJpud
# /v4+7RWsWCiKi9EOLLHfMR2ZyJ/+xhCx9yHbxtl5TPau1j/1MIDpMPx0LckTetiS
# uEtQvLsNz3Qbp7wGWqbIiOWCnb5WqxL3/BAPvIXKUjPSxyZsq8WhbaM2tszWkPZP
# ubdcMIIG7TCCBNWgAwIBAgIQCoDvGEuN8QWC0cR2p5V0aDANBgkqhkiG9w0BAQsF
# ADBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNV
# BAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hB
# MjU2IDIwMjUgQ0ExMB4XDTI1MDYwNDAwMDAwMFoXDTM2MDkwMzIzNTk1OVowYzEL
# MAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJE
# aWdpQ2VydCBTSEEyNTYgUlNBNDA5NiBUaW1lc3RhbXAgUmVzcG9uZGVyIDIwMjUg
# MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANBGrC0Sxp7Q6q5gVrMr
# V7pvUf+GcAoB38o3zBlCMGMyqJnfFNZx+wvA69HFTBdwbHwBSOeLpvPnZ8ZN+vo8
# dE2/pPvOx/Vj8TchTySA2R4QKpVD7dvNZh6wW2R6kSu9RJt/4QhguSssp3qome7M
# rxVyfQO9sMx6ZAWjFDYOzDi8SOhPUWlLnh00Cll8pjrUcCV3K3E0zz09ldQ//nBZ
# ZREr4h/GI6Dxb2UoyrN0ijtUDVHRXdmncOOMA3CoB/iUSROUINDT98oksouTMYFO
# nHoRh6+86Ltc5zjPKHW5KqCvpSduSwhwUmotuQhcg9tw2YD3w6ySSSu+3qU8DD+n
# igNJFmt6LAHvH3KSuNLoZLc1Hf2JNMVL4Q1OpbybpMe46YceNA0LfNsnqcnpJeIt
# K/DhKbPxTTuGoX7wJNdoRORVbPR1VVnDuSeHVZlc4seAO+6d2sC26/PQPdP51ho1
# zBp+xUIZkpSFA8vWdoUoHLWnqWU3dCCyFG1roSrgHjSHlq8xymLnjCbSLZ49kPmk
# 8iyyizNDIXj//cOgrY7rlRyTlaCCfw7aSUROwnu7zER6EaJ+AliL7ojTdS5PWPsW
# eupWs7NpChUk555K096V1hE0yZIXe+giAwW00aHzrDchIc2bQhpp0IoKRR7YufAk
# prxMiXAJQ1XCmnCfgPf8+3mnAgMBAAGjggGVMIIBkTAMBgNVHRMBAf8EAjAAMB0G
# A1UdDgQWBBTkO/zyMe39/dfzkXFjGVBDz2GM6DAfBgNVHSMEGDAWgBTvb1NK6eQG
# fHrK4pBW9i/USezLTjAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYB
# BQUHAwgwgZUGCCsGAQUFBwEBBIGIMIGFMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
# cC5kaWdpY2VydC5jb20wXQYIKwYBBQUHMAKGUWh0dHA6Ly9jYWNlcnRzLmRpZ2lj
# ZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFRpbWVTdGFtcGluZ1JTQTQwOTZTSEEy
# NTYyMDI1Q0ExLmNydDBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vY3JsMy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRUaW1lU3RhbXBpbmdSU0E0MDk2U0hB
# MjU2MjAyNUNBMS5jcmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcB
# MA0GCSqGSIb3DQEBCwUAA4ICAQBlKq3xHCcEua5gQezRCESeY0ByIfjk9iJP2zWL
# pQq1b4URGnwWBdEZD9gBq9fNaNmFj6Eh8/YmRDfxT7C0k8FUFqNh+tshgb4O6Lgj
# g8K8elC4+oWCqnU/ML9lFfim8/9yJmZSe2F8AQ/UdKFOtj7YMTmqPO9mzskgiC3Q
# YIUP2S3HQvHG1FDu+WUqW4daIqToXFE/JQ/EABgfZXLWU0ziTN6R3ygQBHMUBaB5
# bdrPbF6MRYs03h4obEMnxYOX8VBRKe1uNnzQVTeLni2nHkX/QqvXnNb+YkDFkxUG
# tMTaiLR9wjxUxu2hECZpqyU1d0IbX6Wq8/gVutDojBIFeRlqAcuEVT0cKsb+zJNE
# suEB7O7/cuvTQasnM9AWcIQfVjnzrvwiCZ85EE8LUkqRhoS3Y50OHgaY7T/lwd6U
# Arb+BOVAkg2oOvol/DJgddJ35XTxfUlQ+8Hggt8l2Yv7roancJIFcbojBcxlRcGG
# 0LIhp6GvReQGgMgYxQbV1S3CrWqZzBt1R9xJgKf47CdxVRd/ndUlQ05oxYy2zRWV
# FjF7mcr4C34Mj3ocCVccAvlKV9jEnstrniLvUxxVZE/rptb7IRE2lskKPIJgbaP5
# t2nGj/ULLi49xTcBZU8atufk+EMF/cWuiC7POGT75qaL6vdCvHlshtjdNXOCIUjs
# arfNZzGCBg4wggYKAgEBMDIwHjEcMBoGA1UEAwwTVkFEVEVLIENvZGUgU2lnbmlu
# ZwIQEflOMRuxR6pMqkvTSLe5eTANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3
# AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisG
# AQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCDMg4ZH/CSn
# ZfYn7EOC+30uloVY+MvqAIZIZHGcjL0AyTANBgkqhkiG9w0BAQEFAASCAgDeSjcj
# MdSlf5+EmQZKXHm2oBWkp5wj4V3ubOwJ/kMQA1kjCBenhscZdYaLPUi9ZUfx5C8A
# uZM0IfWNu1h67WsnIk/x02iQ/VqXryBH/c9h6BqDbVRncfO5TJcIIy1iRvCNg3Qx
# /YV1B40GshvmPwtHcLn1j6vIwmnedRTlViwGKbrU0eoaw2UDCsNPizj/u2bKp9xQ
# ZsjV0xFMCtHAEaqA8mdLhCDbNYAT9sGHI2kkIimLPl6eyuikDaJN3WZg7hGno1V4
# MCa3LJuropUxSyoQsAGhmQNQ5gVio4rs7Rcba7J/8TGzHotiGPlzuy9/YmayxqJX
# Vv8G6Cx5iH7XT3c7MocdIJPom3eiXwtY5YDm/b8vo45h6KlGvC+nXH1fcDKQFVAt
# eUEAc6Gu1WlkGOQOfCLUCrfobiVtvUBK/nhiZnRNEMFWldOD+dKEoT1bKKw0NGd9
# JRuQmBAl9DPEPIZl93Rf0bYqyAdELolAbCnSQj4hqau5muA8ke2CXaaJj/vRaE4b
# dDzRSJNqFkqTo+vjdu8q3a5hlKvYNZzO7BwmBgiLBOViL7+ki/gqwYa7ryvuKkFr
# 2NW5PSiLUitHlfNrgVc1+cT3lqlBi3C32Lj94MaYPqw1bVuvtMN0QYdDlZJ1yD/N
# bSCaL5x4UqFwo7HFyUJEslM7Q8p5X+yyQHFI26GCAyYwggMiBgkqhkiG9w0BCQYx
# ggMTMIIDDwIBATB9MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwg
# SW5jLjFBMD8GA1UEAxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBUaW1lU3RhbXBpbmcg
# UlNBNDA5NiBTSEEyNTYgMjAyNSBDQTECEAqA7xhLjfEFgtHEdqeVdGgwDQYJYIZI
# AWUDBAIBBQCgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
# BTEPFw0yNjA3MDEwMzEzNTlaMC8GCSqGSIb3DQEJBDEiBCC+WvQ6wUb0zlPpHg0A
# Ywa09zlBhmrYmm/AqWCMPnALVzANBgkqhkiG9w0BAQEFAASCAgAMthG4VPJ+sj/d
# ZiK4/UZAXsaTm0qEi4HpQJighBpKLXAvJkGxxCCBJEmRfo+l9Y5O3PDRXYz7daXb
# aK9mfm/KcoMJ+ocGoDBPhQ2BE5OPHLsGfTAohAYYzB4EPhlAiZJnwE7feg4rQL3K
# Kth1Z/IMRvWQXRTGtcDAL5ijRjpUUsNPfm6SJGLk+c/qURHDp/qGw6s+9YVC9m/3
# EimvxMCRO2xC50yP+UKrT6vX30SYy9rLKL06x5FXlTes8ik+9pO0HPaUX2eBZZ8h
# DtAqd8RGIvRPSejJYr88iqRdqdjIlfDV75Zwzqvs5A2IC3YalJ/Ri18ZM8d62ZgS
# UABzomdQKfW3NCaDKdF+/nCM8VH3IHZOobdRjob8OmwTKfRr+cKL4f48tZ+YyG2O
# 0cwej+pgS8jwIxbKvyAbP5PYJgIsU2mQV0hphl9wwPhwgI+FO2LCDtpJi9gju3aw
# wXfis2Ox502VzJRb/5Rs2tLU2iSyRNDADU4+uNaDYzjrMiHWxGga9XLHZx5V9S+J
# 2h+DoNF9enaSgdsrm5lY5ncD9fv3eWcN4YsmWtj65PJTht40kNhjxmsEJvSA91IQ
# /z/57N6VYGMAfFGjTjh6Icv4mUzw2iye2rEUg4fU8M/+8W9y9qZLFyD95FCbdnx/
# pF3V5OOgEMSujzbQ/4MSKxYZ1UW3Lg==
# SIG # End signature block