Remove From My Forums

Calendar Permissions

Question
0

Sign in to vote

Hi,

Can you use 'Add-MailboxFolderPermission ' to allow an AD group to have say review rights over another AD group?

Lets say you have a group called Domain\ReadCalendar and another called Domain\GrandRead?

I don't want to have a list of people and go through each one like this..

Add-MailboxFolderPermission -identity “joe.bloggs:\calendar” –user “Domain\ReadCalendar” -AccessRights Reviewer

because as people get added to exchange I have to go back and run this every time. Not ideal in a large Org...

Could anyone help?
Thanks!

Monday, April 16, 2012 6:09 PM

Answers

0

Sign in to vote
Is your group an mail-enabled group?

The group ReadCalendar need to be an mail-enabled security group.

Thanks,

Evan

Evan Liu

TechNet Community Support
- Marked as answer by I-jam Tuesday, April 17, 2012 2:31 PM
Tuesday, April 17, 2012 1:19 PM

Moderator

All replies

0

Sign in to vote

Yes, you can grant permissions based on groups, but they have to be mail enabled universal distribution groups for this to work. I use this method in my current environment as a rule of thumb because it eases management to the point where you need only add users to a group and after replication occurs, that user has access to the calender (or any other folder for that matter). This method also works in the delegation of Room mailboxes, but be wary of using underscores (_) in the name, I have found that if an email address has underscore(s) in it, then the automatic provisioning of rights on a calendar of a Room mailbox when a delegate is added does not happen. If an alias is created for that group that has no underscores, then the group can be added with no issues.

The same works for Full Access rights, except the groups has to be mail enabled universal security groups.

Hope this helps.

Monday, April 16, 2012 6:59 PM
0

Sign in to vote

Hi

This sounds promising! I get the feeling my script above wont achieve this. Would you have the syntax at hand in order to grant 1 group access to another groups resource ?

Thanks

Monday, April 16, 2012 9:03 PM
0

Sign in to vote

Hi,

From your description, I understand that you want give group (ReadCalendar) Reviewer permission to users in group(GrantRead), right?

If so, you can follow this way to do that (ReadCalendar must be security group):

$Members=Get-DistributionGroupMember -identity GrantRead

$Members| foreach-object{

$path=$_.Name+":\Calendar"

Add-mailboxfolderpermission -identity $path -User ReadCalendar -AccessRights Reviewer}

Thanks,

Evan
Evan Liu

TechNet Community Support

Tuesday, April 17, 2012 8:53 AM

Moderator
0

Sign in to vote

Hi that looks good.

Just to confirm 'GrantRead' and 'ReadCalendar' both have to be security groups ?

Thanks

Tuesday, April 17, 2012 9:27 AM
0

Sign in to vote

No, only ReadCalendar group need to be security group.

Thanks,

Evan
Evan Liu

TechNet Community Support

Tuesday, April 17, 2012 9:47 AM

Moderator
0

Sign in to vote

I think there is a problem with this section..' -User ReadCalendar '

if I place an actual username here it runs ok but a global security group does not run. I get the following.

The user ReadCalendar is ether not a valid SMTP address, or there is no matching information.

I tried changing this to ' -Group ReadCalendar ' but no joy.

Tuesday, April 17, 2012 12:32 PM
0

Sign in to vote
Is your group an mail-enabled group?

The group ReadCalendar need to be an mail-enabled security group.

Thanks,

Evan

Evan Liu

TechNet Community Support
- Marked as answer by I-jam Tuesday, April 17, 2012 2:31 PM
Tuesday, April 17, 2012 1:19 PM

Moderator
0

Sign in to vote

Perfect, thank you for your help!

Cheers...

Tuesday, April 17, 2012 2:32 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Calendar Permissions

Question

Answers

All replies