Managing calendar permissions in Exchange Server 2010

In legacy versions of Exchange Server we could use PFDAVAdmin to manage calendar permissions, or alternatively the 3rd party tool SetPerm.
With Exchange Server 2010 calendar permissions can be managed using the *-MailboxFolderPermission cmdlets. While these cmdlets can be used to manage permissions on any mailbox folder, we`ll focus on calendar permissions.

In fact we got 4 *-MailboxFolderPermission cmdlets in Exchange Server 2010:

Since I`ll be focusing on managing default permissions , which is an existing ACL on the calendar folder, we need to use the Set-MailboxFolderPermission cmdlet:

image

To grant “Reviewer”-permissions for the “Default” user, we would run the following:

image

Some companies have a policy that everyone must share their calendars with all users. Since it`s now possible to manage calendar permissions using PowerShell, I`ve written a script to accomplish this task; Set-CalendarPermissions.ps1.

While this script could be scheduled to run on a regular basis, a better approach for managing calendar permissions for new mailboxes are the use of the Scripting Agent which is a part of the Cmdlet Extension Agents, a very useful feature introduced in Exchange Server 2010.

Pat Richards has posted an excellent post on how to automatically modify new mailboxes using the Scripting Agent.

25 thoughts on “Managing calendar permissions in Exchange Server 2010

  1. Is there a way to use this to set custom permissions? I need to set the default permission on all clanders to be Reviewer but not full details. I need the Read Level to be Free/Busy time, Subject, location.

  2. Pingback: Set Calendar Permissions » My Life in IT

  3. Thank you for this post! I’ve been looking for something like this for quite some time.

    Exchange PowerShell initially told me that Set-MailboxFolderPermission wasn’t a valid command. After some digging, I discovered that these commands were introduced with Exchange 2010 SP1–they’re not part of Exchange 2010 RTM. I hope that saves someone else some time.

  4. Hello,

    great blog, i have followed the instructions above and the permissions are successfully applied, however when i attempt to open another users calendar through OWA i received an error stating that “You don’t have permission to view this content. To get permission, contact the owner of the content” Permissions have been set successfully so unsure why i am receiving this error?

    I have tried everything i can think of, do you have any suggestions?

    Thank you

  5. Hello, thanks for the script. I have been looking for this for a couple of hours.

    All seem to work, but the only thing what’s happening now, after adding a shared calender to a user, a popup shows up in the right corner of the screen with the message “U’r not authorized to a create submap in this folder”. This message seems to return everytime a user clicks on his calender button in outlook.

    Any idea whats causing this?

    Thank you

    • I have this same problem. Running Exchange 2010 SP2 with Outlook 2007 Clients. The calendars still open to view the Free/Busy info, but every user still gets the “You do not have sufficient permission to perform this operation on this object”. I’m wondering if this is a compatbility issue between the two. Can’t seem to find any viable workaround. Thanks!

  6. can you provide any help on the cmdlet extension agents implementation of setting the default permissions to reviewer.
    basically i have done it but it only works if i create the mailbox directly on the mailbox server and not from any of my CAS servers and since i do not have any exchange servers with both the mamilbox and CAS role installed on a single server I have no idea how to get around this if infact there is a way. thanks

  7. Hi!
    When i use the script you refer to “Set-CalendarPermissions.ps1″ i get an error

    Unexpected token ‘in $mailboxes’ in expression or statement.
    At C:scriptsTrioRightsOnCalendar-Try2.ps1:38 char:32
    + foreach ($mailbox in $mailboxes <<<< ) {
    + CategoryInfo : ParserError: (in $mailboxes:String) [], ParseException
    + FullyQualifiedErrorId : UnexpectedToken
    "
    The script is run on a Exchange 2010 mailboxserver, Win 2008 R2 (Got 3 MB and 2 HT/CA.)

    I have changed the get $mailboxes to: Get-Mailbox -ResultSize Unlimited -Filter {(CustomAttribute8 -eq "TrioUser")} but i wont work when i use $mailboxes = Get-Mailbox -Database "SXXXXX"  either.

    Have tried google but cant figure it out, got any nice ideas? =)

      • Hi, changed the script. Quite a bit, this is what i use now and it works. Thanx for the replay =)

        $mailboxes = Get-Mailbox -ResultSize Unlimited | Where-Object{$_.ObjectClass -eq “User” -and $_.CustomAttribute8 -ne “XXXXX”}
        $AccessRights = “publishingEditor”
        $CustomAtt = “XXXXX”

        #Loop through all mailboxes
        foreach ($mailbox in $mailboxes) {

        Write-Host “XXXXX $mailbox” -ForegroundColor Yellow

        #Retrieve name of the user`s calendar, depending on langugage (Love this one, saved looots of time)
        $calendar = (($mailbox.SamAccountName)+ “:” + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Calendar | Select-Object -First 1).Name)

        #Check if calendar-permission for user “XXXXX” is set to the default permission of “publishingEditor”
        if (((Get-MailboxFolderPermission $calendar | Where-Object {$_.User -like “XXXXX”}).AccessRights) -ne “publishingEditor” ) {

        Write-Host “Updating calendar permission and adding Costum attribute for $mailbox…” -ForegroundColor Green

        #Set calendar-permission for user “XXXXX” to value defined in variable $AccessRights
        Add-MailboxFolderPermission -User “XXXXX” -AccessRights $AccessRights -Identity $calendar

        Thnx again.

        //Sigge

  8. Is there a script to Remove-MailboxFolderPermission recursively. I’m trying to remove all mailbox folder permissions for a user but havent found an easy way to do it in Powershell. We are using Exchange 2010 SP1

  9. I have a question.

    A user removed Anonymous from his calender and now all meeting requests are going straight into his calender. He can decline/accept meetings from the calender but not in the original invite sent.

    will this fix my issues??

    Set-MailboxFolderPermission -Identify username:Calender -user Anonymous -AccessRights None

  10. The script works perfectly on Calendar items, but could we get a similar script that shows, where one should change the script to correspond to a localized exchange environment ?. For instance in Denmark the outlook is localized so the Calendar is called Kalender instead.

    thank you.
    //SC

  11. Could we get a script for localized installations, where forinstance the Calender is called Kalender instead ? where would one have to make changes to your current script to reflect such changes ?That would really help out in localized environments. Great script though for English installations it works like a charm.

  12. Pingback: Group Policy and Outlook - Admins Goodies

  13. Hi
    Many thanks for the script.
    I am a newbie and want to know how to include multiple mailboxdatabases to search were calendar permissions.

    Thanks

  14. Hi I’ve just been looking at your code above to add reviewer for a user is there a way to add reviewer for all users not just the specified one? I want to be able to add for all users in one go?

    Thanks

    James