The following instructions describe how to centrally customize calendar permissions on an Exchange server from 2010 to 2019 using PowerShell. This saves you time by allowing you to assign rights without having to access the calendar owner's PC or Outlook.

Roland Eich

Roland Eich is an IT specialist for system integration and has been working in IT for over 10 years as a system administrator. His areas of expertise are Windows Server and IT infrastructures. Certifications: MCITP EA, MCSA and MCSE.

Calendar permissions are granted so that employees or managers can coordinate their appointments. For example, the managing director of a company would like to grant his secretary access to his Outlook calendar so that she can organize his appointments.

Assigning permissions in the management shell ^

In my example, the user "a.musterfrau" should be allowed access to the calendar of "m.mustermann." The permissions are configured via the Exchange management shell.

You can grant a.musterfrau rights to the m.mustermann calendar using the following command:

Granting access to a calendar with Add MailboxFolderPermission

Granting access to a calendar with Add MailboxFolderPermission

Using the "AccessRights" parameter, we have defined which permissions a.musterfrau should be granted on the m.mustermann calendar. If we then look in the authorizations of the calendar, we see that a.musterfrau has been assigned the role of "Editor". Older versions of Outlook might show numeric values instead; 6 corresponds to the expected right as an editor.

Exchange provides several authorization levels. These range from 1 to 8; 8 is intended for the owner.

  • Level 1 = Contributor
  • Level 2 = Reviewer
  • Level 3 = NonEditingAuthor
  • Level 4 = Author
  • Level 5 = PublishingAuthor
  • Level 6 = Editor
  • Level 7 = PublishingEditor
  • Level 8 = Owner

Each of these roles has one or more of 10 read, write, or delete rights. For a detailed overview, see this TechNet page.

Displaying calendar permissions in Outlook

Displaying calendar permissions in Outlook

There will also be instances where other users would need to have access to the calendar of "m.mustermann"; however, they should only be allowed to view the appointments, not change them. In this case, they would be assigned the role of "Reviewer" instead of "Editor."

Showing rights for calendar ^

How can the administrator determine who has which permissions on the calendar of "m.mustermann" without looking directly into the user's Outlook?

There is also a corresponding command for this:

Showing permissions in the Exchange calendar with Get MailboxFolderPermission

Showing permissions in the Exchange calendar with Get MailboxFolderPermission

Under AccessRights, you can see which role the corresponding user has.

Withdrawing rights for users ^

Finally, the question arises: How can I give an existing user more rights or withdraw them? There is a command for this as well:

In the example above, I decided to take the rights away from "a.musterfrau" as Editor and assign her the rights as Reviewer (level 2).

To completely remove all calendar permissions for a user, the cmdlet Remove-MailboxFolderPermission will do the job.

Removing calendar permissions for a specific user with PowerShell

Removing calendar permissions for a specific user with PowerShell

Troubleshooting ^

Occasionally, the following message appears in a shared calendar, even if you created the item and/or you have the necessary permission for the calendar:

"You do not have permission to delete this item."

Upon analyzing the error, you will probably notice that this does not occur anymore as soon as you share the complete mailbox for the calendar in question. However, this solution is usually not desired.

The better remedy here would be to set an authorization on the recycle bin of the corresponding mailbox instead.

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!

1+
Share
2 Comments
  1. S. Kim 5 months ago

    Excellent write-up, thanks for that.

    In the organisation I'm employed, we've been using this technique as well. By default, we wish for "everyone" to have access to "everyone's" Calendar with the "Free/Busy time, subject, location" setting, which is named "LimitedDetails" in EMS.

    However, we sometimes experience problems when a user tries to access another user's calendar, with an error worded something like "You do not have permission to view this calendar". When checking the permissions in EMS, there's nothing out of the ordinary - so the problem is not caused by the user having manually added the other, with fewer details.

    The only workaround we've found so far, is to tick the "Folder Visible" checkbox under "Other" in the Outlook client. While this does work, I have not found a way to fix this server-side. It appears to be random where the problem occurs, and it's not affecting everyone.
    All clients run cached mode and we use Exchange 2016 onprem.

    Does anyone have any hints on either how to manage this setting serverside - or maybe what the root cause could be?
    Any help, hints or tips will be greatly appreciated.

    0

  2. Marc 5 months ago

    Great thanks for the share wayyyyyy faster!

     

    Cheers,
    Marc

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account