locked
Calendar Permissions RRS feed

  • Question

  • Hi,


    Can you use 'Add-MailboxFolderPermission ' to allow an AD group to have say review rights over another AD group?

    Lets say you have a group called Domain\ReadCalendar  and another called Domain\GrandRead?

    I don't want to have a list of people and go through each one like this..

    Add-MailboxFolderPermission -identity “joe.bloggs:\calendar” –user “Domain\ReadCalendar” -AccessRights Reviewer


    because as people get added to exchange I have to go back and run this every time. Not ideal in a large Org...

    Could anyone help?
    Thanks!

    Monday, April 16, 2012 6:09 PM

Answers

  • Is your group an mail-enabled group?

    The group ReadCalendar need to be an mail-enabled security group.

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    • Marked as answer by I-jam Tuesday, April 17, 2012 2:31 PM
    Tuesday, April 17, 2012 1:19 PM
    Moderator

All replies

  • Yes, you can grant permissions based on groups, but they have to be mail enabled universal distribution groups for this to work.  I use this method in my current environment as a rule of thumb because it eases management to the point where you need only add users to a group and after replication occurs,  that user has access to the calender (or any other folder for that matter).  This method also works in the delegation of Room mailboxes, but be wary of using underscores (_) in the name, I have found that if an email address has underscore(s) in it, then the automatic provisioning of rights on a calendar of a Room mailbox when a delegate is added does not happen.  If an alias is created for that group that has no underscores, then the group can be added with no issues.

    The same works for Full Access rights, except the groups has to be mail enabled universal security groups.

    Hope this helps.

    Monday, April 16, 2012 6:59 PM
  • Hi

    This sounds promising! I get the feeling my script above wont achieve this. Would you have the syntax at hand in order to grant 1 group access to another groups resource ?

    Thanks

    Monday, April 16, 2012 9:03 PM
  • Hi,

    From your description, I understand that you want give group (ReadCalendar) Reviewer permission to users in group(GrantRead), right?

    If so, you can follow this way to do that (ReadCalendar must be security group):

    $Members=Get-DistributionGroupMember -identity GrantRead

    $Members| foreach-object{

    $path=$_.Name+":\Calendar"

    Add-mailboxfolderpermission -identity $path -User ReadCalendar -AccessRights Reviewer}

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    Tuesday, April 17, 2012 8:53 AM
    Moderator
  • Hi that looks good.

    Just to confirm 'GrantRead' and 'ReadCalendar' both have to be security groups ?

    Thanks


    Tuesday, April 17, 2012 9:27 AM
  • No, only ReadCalendar group need to be security group.

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    Tuesday, April 17, 2012 9:47 AM
    Moderator
  • I think there is a problem with this section..' -User ReadCalendar '

     if I place an actual username here it runs ok but a global security group does not run. I get the following. 

    The user ReadCalendar is ether not a valid SMTP address, or there is no matching information. 

    I tried changing this to ' -Group ReadCalendar ' but no joy. 

     

    Tuesday, April 17, 2012 12:32 PM
  • Is your group an mail-enabled group?

    The group ReadCalendar need to be an mail-enabled security group.

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    • Marked as answer by I-jam Tuesday, April 17, 2012 2:31 PM
    Tuesday, April 17, 2012 1:19 PM
    Moderator
  • Perfect, thank you for your help!

    Cheers...

    Tuesday, April 17, 2012 2:32 PM