Calendar Permissions
Hi,
Can you use 'Add-MailboxFolderPermission ' to allow an AD group to have say review rights over another AD group?
Lets say you have a group called Domain\ReadCalendar and another called Domain\GrandRead?
I don't want to have a list of people and go through each one like this..
Add-MailboxFolderPermission -identity joe.bloggs:\calendar user Domain\ReadCalendar -AccessRights Reviewer
because as people get added to exchange I have to go back and run this every time. Not ideal in a large Org...
Could anyone help?
Thanks!
April 16th, 2012 2:09pm
Yes, you can grant permissions based on groups, but they have to be mail enabled universal distribution groups for this to work. I use this method in my current environment as a rule of thumb because it eases management to the point where you need
only add users to a group and after replication occurs, that user has access to the calender (or any other folder for that matter). This method also works in the delegation of Room mailboxes, but be wary of using underscores (_) in the name, I
have found that if an email address has underscore(s) in it, then the automatic provisioning of rights on a calendar of a Room mailbox when a delegate is added does not happen. If an alias is created for that group that has no underscores, then the group
can be added with no issues.
The same works for Full Access rights, except the groups has to be mail enabled universal security groups.
Hope this helps.
Free Windows Admin Tool Kit Click here and download it now
April 16th, 2012 2:59pm
Hi
This sounds promising! I get the feeling my script above wont achieve this. Would you have the syntax at hand in order to grant 1 group access to another groups resource ?
Thanks
April 16th, 2012 5:03pm
Hi,
From your description, I understand that you want give group (ReadCalendar) Reviewer permission to users in group(GrantRead), right?
If so, you can follow this way to do that (ReadCalendar must be security group):
$Members=Get-DistributionGroupMember -identity GrantRead
$Members| foreach-object{
$path=$_.Name+":\Calendar"
Add-mailboxfolderpermission -identity $path -User ReadCalendar -AccessRights Reviewer}
Thanks,
EvanEvan Liu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2012 4:53am
Hi that looks good.
Just to confirm 'GrantRead' and 'ReadCalendar' both have to be security groups ?
Thanks
April 17th, 2012 5:27am
No, only ReadCalendar group need to be security group.
Thanks,
EvanEvan Liu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2012 5:47am
I think there is a problem with this section..' -User ReadCalendar '
if I place an actual username here it runs ok but a global security group does not run. I get the following.
The user ReadCalendar is ether not a valid SMTP address, or there is no matching information.
I tried changing this to ' -Group ReadCalendar ' but no joy.
April 17th, 2012 8:32am
Is your group an mail-enabled group?
The group ReadCalendar need to be an mail-enabled security group.
Thanks,
Evan
Evan Liu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2012 9:19am
Perfect, thank you for your help!
Cheers...
April 17th, 2012 10:32am