Remove From My Forums

Exchange 2010 Adding Mailbox Calendar permissions using PowerShell for an AD Group

Question
0

Sign in to vote

I need a script that can set calender permissions for one AD group.

For example:

I have an AD group called 'sales'. All users from the group 'sales' need permission to view calender details from the other users in 'sales'. I'm new to powershell and I found a lot of examples, but not quit what I need. Also when in the future new users are added to the group sales they need to have the permissions to the other users calender.

Is this possible? And if so, how? Maybe there is someone out there that wants to help me in the right direction?

Tuesday, May 29, 2012 10:08 PM

Answers

0

Sign in to vote
Hi,

Set-MailboxFolderPermission is the cmdlet you're looking for.
You have to set each member from sales group, for example:

Set-MailboxFolderPermission -Identity "sales.user1:\Calendar" -User "sales" -AccessRights "ReadItems"

Regards,

Martin
- Proposed as answer by Fiona_Liao Wednesday, May 30, 2012 11:23 AM
- Marked as answer by Mike Crowley Tuesday, January 15, 2013 12:23 AM
Wednesday, May 30, 2012 8:42 AM

All replies

0

Sign in to vote
Hi,

Set-MailboxFolderPermission is the cmdlet you're looking for.
You have to set each member from sales group, for example:

Set-MailboxFolderPermission -Identity "sales.user1:\Calendar" -User "sales" -AccessRights "ReadItems"

Regards,

Martin
- Proposed as answer by Fiona_Liao Wednesday, May 30, 2012 11:23 AM
- Marked as answer by Mike Crowley Tuesday, January 15, 2013 12:23 AM
Wednesday, May 30, 2012 8:42 AM
0

Sign in to vote
Hello Martin,

Thanks for your reply! I was able to alter the MailboxFolderPermission using the cmdlet you mentioned. But I think I need to go a little bit further then this... Let's say that the AD Group 'Sales' has over a hundred members... I will need to run this command at least a hundred times per member of the group?

Because when I try this:

Set-MailboxFolderPermission -Identity "sales.user1:\Calendar" -User "sales" -AccessRights "ReadItems"

It results in this error: The user "sales" is either not valid SMTP address, or there is no matching information.

So, I think i need a loop mechanism to run trough all the users of a AD GROUP (twice: in -Identity & -User) ?
- Marked as answer by Mike Crowley Tuesday, January 15, 2013 12:23 AM
- Unmarked as answer by Mike Crowley Tuesday, January 15, 2013 12:23 AM
Wednesday, May 30, 2012 9:51 AM

Hi,

be sure that the distributiongroup is also a security group. The "Set-MailboxFolderPermission" command only works when permissions are already set for calendar. For adding a new group/user you must use the "Add-MailboxFolderPermission".

I've wrote a short script which get all members of a distributiongroup and adds/sets permission for this distributiongroup on all groupmember-calendars:

# change to prefered accessrights (see "Get-Help Set-MailboxFolderPermission -Parameter AccessRights")
$accessrights = "ReadItems"

# set Identity to distributiongroup alias
$distributiongroup = Get-DistributionGroup -Identity sales

# normally no changing after this line
$groupmembers = Get-DistributionGroupMember -Identity $distributiongroup | Where-Object { $_.RecipientType -eq "UserMailbox" }
foreach ( $member in $groupmembers )
{
	$permissions = ""
	$mailbox = Get-Mailbox -Identity $member.alias
	$calendar = (($mailbox.SamAccountName) + ":\" + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Calendar | Select-Object -First 1).Name)

	foreach ( $perm in ( Get-MailboxFolderPermission -Identity $calendar ))
	{
		$permissions += @($perm.User.DisplayName)
	}
	
	if ( $permissions -contains $distributiongroup.Name )
	{
		# Distributiongroup already has permission groupmember calendar
		Set-MailboxFolderPermission -Identity $calendar -User $distributiongroup -AccessRights $accessrights
	}
	else
	{
		# Distributiongroup has no permission to groupmember calendar
		Add-MailboxFolderPermission -Identity $calendar -User $distributiongroup -AccessRights $accessrights
	}
}

Save as powershell-script and change it for your needs before you run it!

It seems you've got a big exchange environment, so it's no bad idea to get in touch with powershell. Can save a lot of time! ;-)

Regards

Martin

Wednesday, May 30, 2012 2:45 PM

0

Sign in to vote

any progress?

Wednesday, June 6, 2012 6:41 AM

I know this is a fairly major necro, but I'm curious about utilizing this to do something similar, but I have one security group of executives, and a second group of assistants that need access to each of the executives calendar's for scheduling.

I'd like some comments\guidance on the minor modifications I've made before I get too far down the rabbit hole:

# change to prefered accessrights (see "Get-Help Set-MailboxFolderPermission -Parameter AccessRights")
$accessrights = "Editor"
# set Identity to distributiongroup alias
$distributiongroup1 = Get-DistributionGroup -Identity Assistants
$distributiongroup2 = Get-DistributionGroup -Identity Executives
# normally no changing after this line
$groupmembers = Get-DistributionGroupMember -Identity $distributiongroup2 | Where-Object { $_.RecipientType -eq "UserMailbox" }
foreach ( $member in $groupmembers )
{
	$permissions = ""
	$mailbox = Get-Mailbox -Identity $member.alias
	$calendar = (($mailbox.SamAccountName) + ":\" + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Calendar | Select-Object -First 1).Name)
	foreach ( $perm in ( Get-MailboxFolderPermission -Identity $calendar ))
	{
		$permissions += @($perm.User.DisplayName)
	}
	
	if ( $permissions -contains $distributiongroup1.Name )
	{
		# Distributiongroup already has permission groupmember calendar
		Set-MailboxFolderPermission -Identity $calendar -User $distributiongroup1 -AccessRights $accessrights
	}
	else
	{
		# Distributiongroup has no permission to groupmember calendar
		Add-MailboxFolderPermission -Identity $calendar -User $distributiongroup1 -AccessRights $accessrights
	}
}

Tuesday, April 22, 2014 10:57 PM

0

Sign in to vote
Hi,

i gave your script a short look. It seems fine to me.

If you're not sure just add " -Whatif" at the end of the lines "Set-MailboxFolderPermission..." and "Add-MailboxFolderPermission...".

That way Powershell won't make any changes to your Mailboxes but tells you what permissions will be set without "-Whatif".

Regards,

Martin
- Edited by MaddiN78 Wednesday, April 23, 2014 6:51 AM
Wednesday, April 23, 2014 6:50 AM
0

Sign in to vote

The primary issue I'm running against is a $null value being generated for the variable $calendar, unless I'm only using 1 distribution group.

Thursday, April 24, 2014 10:16 PM

do you get the mailboxes of all distributiongroup-members?

$distributiongroup2 = Get-DistributionGroup -Identity Executives
$groupmembers = Get-DistributionGroupMember -Identity $distributiongroup2 | Where-Object { $_.RecipientType -eq "UserMailbox" }

foreach ( $member in $groupmembers )
{
	$mailbox = Get-Mailbox -Identity $member.alias
	$mailbox
}

Friday, April 25, 2014 6:43 AM

0

Sign in to vote

That portion in and of itself works yes.

Monday, May 5, 2014 2:29 PM

Got it working on my test groups finally. Wound up having to simply a number of the arguments from the original script, and adding an additional foreach section.

Add-PSSNapin -Name Microsoft.Exchange.Management.PowerShell.E2010

#Yes, I know the snapin was already loaded!
clear


# change to prefered accessrights (see "Get-Help Set-MailboxFolderPermission -Parameter AccessRights")
$accessrights = "Editor"

# set Identity to distributiongroup alias
$distributiongroup1 = Get-DistributionGroup -Identity Assistants 
$distributiongroup2 = Get-DistributionGroup -Identity Executives

# normally no changing after this line
$groupmembers1 = Get-DistributionGroupMember -Identity $distributiongroup1 | Select "Alias", "Name", "samAccountName", "DisplayName"
$groupmembers2 = Get-DistributionGroupMember -Identity $distributiongroup2

foreach ( $member2 in $groupmembers2 )
{
	$permissions = ""
	$mailbox2 = Get-Mailbox -Identity $member2.alias
	$calendar = (($mailbox2.alias) + ":\calendar")
	

	ForEach ( $perm in ( Get-MailboxFolderPermission -Identity $calendar ))
	{
		$permissions += @($perm.User.DisplayName)
	}
	ForEach ( $member1 in $groupmembers1 )
	{	
	if ( $permissions += @($member1))
	{
		# Distributiongroup already has permission groupmember calendar
		Set-MailboxFolderPermission -Identity $calendar -User $member1.Alias -AccessRights $accessrights
	}
	else
	{
		# Distributiongroup has no permission to groupmember calendar
		Add-MailboxFolderPermission -Identity $calendar -User $member1.Alias -AccessRights $accessrights
	}
}}

Tuesday, May 6, 2014 12:23 AM

0

Sign in to vote

I get an error message stating Set-MailboxFolderPermission is not a valid cmdlet

Tuesday, December 6, 2016 3:04 PM
0

Sign in to vote

Did you use the Exchange Management Shell (EMS) to launch that cmdlet? Do you have the required rights to execute this cmdlet? Check https://technet.microsoft.com/en-us/library/ff522363(v=exchg.141).aspx

Wednesday, December 7, 2016 12:30 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Exchange 2010 Adding Mailbox Calendar permissions using PowerShell for an AD Group

Question

Answers

All replies