- Synchronize password hashes using Azure Active Directory Connect (AAD Connect) - Mon, Aug 3 2020
- Install PowerShell for Exchange (Online) on a workstation - Mon, May 11 2020
- Microsoft Exchange: repair broken calendar items - Tue, Apr 14 2020
Calendar permissions are granted so that employees or managers can coordinate their appointments. For example, the managing director of a company would like to grant his secretary access to his Outlook calendar so that she can organize his appointments.
Assigning permissions in the management shell ^
In my example, the user "a.musterfrau" should be allowed access to the calendar of "m.mustermann." The permissions are configured via the Exchange management shell.
You can grant a.musterfrau rights to the m.mustermann calendar using the following command:
Add-MailboxFolderPermission -Identity m.mustermann:\calendar `
-User a.musterfrau -AccessRights Editor
Using the "AccessRights" parameter, we have defined which permissions a.musterfrau should be granted on the m.mustermann calendar. If we then look in the authorizations of the calendar, we see that a.musterfrau has been assigned the role of "Editor". Older versions of Outlook might show numeric values instead; 6 corresponds to the expected right as an editor.
Exchange provides several authorization levels. These range from 1 to 8; 8 is intended for the owner.
- Level 1 = Contributor
- Level 2 = Reviewer
- Level 3 = NonEditingAuthor
- Level 4 = Author
- Level 5 = PublishingAuthor
- Level 6 = Editor
- Level 7 = PublishingEditor
- Level 8 = Owner
Each of these roles has one or more of 10 read, write, or delete rights. For a detailed overview, see this TechNet page.
There will also be instances where other users would need to have access to the calendar of "m.mustermann"; however, they should only be allowed to view the appointments, not change them. In this case, they would be assigned the role of "Reviewer" instead of "Editor."
Showing rights for calendar ^
How can the administrator determine who has which permissions on the calendar of "m.mustermann" without looking directly into the user's Outlook?
There is also a corresponding command for this:
Get-MailboxFolderPermission -Identity m.mustermann:\calendar -User a.musterfrau.
Under AccessRights, you can see which role the corresponding user has.
Withdrawing rights for users ^
Finally, the question arises: How can I give an existing user more rights or withdraw them? There is a command for this as well:
Set-MailboxFolderPermission -Identity m.mustermann:\calendar `
-User a.musterfrau -AccessRights Reviewer
In the example above, I decided to take the rights away from "a.musterfrau" as Editor and assign her the rights as Reviewer (level 2).
To completely remove all calendar permissions for a user, the cmdlet Remove-MailboxFolderPermission will do the job.
Occasionally, the following message appears in a shared calendar, even if you created the item and/or you have the necessary permission for the calendar:
"You do not have permission to delete this item."
Upon analyzing the error, you will probably notice that this does not occur anymore as soon as you share the complete mailbox for the calendar in question. However, this solution is usually not desired.
The better remedy here would be to set an authorization on the recycle bin of the corresponding mailbox instead.