Setting Default Calendar Permisions Globally

Posted on 2011-05-12
Last Modified: 2012-06-27
I have an Exchange 2010 and Outlook 2010 environment and we need to make a globale change to calendar permissions for everyone.  I would like everyones defalut to be set to Free/Busy time.  I have downloaded and installed PFDAVAdmin but the two permissions that are missing Free/Busy Time and Free/Busy Time, subject location.  Is there a cmd in exchange 2010 that can do this.
Question by:stacystyles
    LVL 2

    Accepted Solution

    With PFDAVadmin, you have two options:

    1) script or 2) GUI


    Here is the details for how to accomplish this with a script:

    The command line for PFDAVadmin will look like this -


    PFDAVadmin –import –s <mailbox server shortname> -f <filename.txt> -scope mailboxes [the username, password, GC are optional]


    Depending on the Permissions Role you want to set, the <filename.txt> will contain entries like this:

    SETACL Mailboxes\<username>\Freebusy Data                                       \Everyone           <Role Permission>     NO

    SETACL Mailboxes\<username>\Top of Information Store\Calendar       \Everyone           <Role Permission>    NO


    So, your script will need to create a .txt file enumerating all the <username> aliases existing for each mailbox server.  Once the files are created, the command line above will need to be run for each mailbox server.  Examples of <Role Permission> are: None, Reviewer, Author, etc.



    Author Comment

    Is there a way to do this via the Exchange command Shell?
    LVL 2

    Expert Comment

     I could not see any shell cmd for this................................................may below VB script will help you..........Please keep update.... its work for me

    NOTE BEFORE: You should test this in a lab or similar first before using, I've used it successfully but I take no responsibility for what you do with my script, I share this as a solution because it's worked for me. If you can't use a lab then at the least test it against a single test user first.
     1. Pre-Requisites

    Some working PowerShell Knowledge
    A bit of knowledge on VBScript helps
    ADSIEDIT experience helps too

    2. Grant an account full mailbox permissions over the mailboxes you want to change calendar permissions on

    Hint: You may have an account you can already use for this, or you can simply create an account just to set these permissions. IMPORTANT: the user must have the Domain Users and Exchange Recipients Administrator membership for this to work.

    For example this command gives user domain\calendarpermissions full mailbox access permissions over all users of the specified OU 'Users' in the domain

    Get-Mailbox -OrganizationalUnit "OU=Users,DC=domain,DC=com" | Add-MailboxPermission -User "domain\calendarpermissions" -AccessRights "FullAccess"

    If your users are split about a bit you may want to simply put together a CSV file with a column heading of 'User', then you could run something like this instead:

    Import-CSV "C:\csvfile.csv" | % {Add-MailboxPermission -Identity $_.User -User "domain\calendarpermissions" -AccessRights "FullAccess"}

    3. Run PowerShell to get the necessary properties

    After setting permissions, you need to run this to get the output properties required, assuming same as above:

    Get-Mailbox -OrganizationalUnit "OU=Users,DC=domain,DC=com" | Select Name, ServerName, WindowsEmailAddress | Export-CSV "C:\UserList.csv" –NoType

    if using a CSV input you could run this instead:

    Import-CSV "C:\csvfile.csv" | % {Get-Mailbox -Identity $_.User | Select Name, ServerName, WindowsEmailAddress | Export-CSV "C:\UserList.csv" –NoType}

    After running the right command above you will have the relevant properties output into a file called C:\UserList.csv.

    4. Compose VBScript to create the import file and formulate the command you need to run

    On the server where you have installed PFDavAdmin, Create a folder called 'CalendarPermissions'. Create a blank notepad file in the folder, then take all the text below (between *** START *** and *** END *** exactly as is, and paste it into a notepad file you created. Save the file as 'CalendarPermissions.vbs'.

    '*** START ***

    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objSH = CreateObject("WScript.Shell")

    CurrentDir = objFSO.GetAbsolutePathName("")
    CurrentDir = CurrentDir & "\"


    PFDavAdminSrc = "D:\Exchange Tools\PFDAVAdmin2.8\PFDAVAdmin.exe" 'Path to PFDavAdmin.exe file
    CSVSrcFile = CurrentDir & "UserList.csv" 'Path to input CSV File
    LogFileSrc = CurrentDir & "outputfile.txt" 'Path to logging output file
    UserDN = "\Everyone" 'LegacyExchangeDN of the user that needs permissions set, leave on \Default to change permissions for the Default group
    Username = Inputbox ("Username") 'Asks when script is executed
    Password = Inputbox ("Password") 'Asks when script is executed
    Domain = Inputbox ("Domain") 'Asks when script is executed
    ServerName = "Enter Server Name here"
    AccessRights = "Reviewer" 'Change to some other role if you want to change permissions to something over than reviewer.


    Set LogFile = ObjFSO.CreateTextFile(LogFileSrc, 1)

    Const adOpenStatic = 3
    Const adLockOptimistic = 3
    Const adCmdText = &H0001

    Set objConnection = CreateObject("ADODB.Connection")
    Set objRecordSetCSV = CreateObject("ADODB.Recordset")

    objConnection.Open "Provider=Microsoft.Jet.OLEDB.4.0;" & _
    "Data Source=" & CurrentDir & ";" & _
    "Extended Properties=""text;HDR=YES;FMT=Delimited"""

    objRecordSetCSV.Open "SELECT * FROM " & CSVSrcFile , _
    objConnection, adOpenStatic, adLockOptimistic, adCmdText


    'Generate ACL File
    ACLFileSrc = CurrentDir & "aclfile.txt"

    Set ACLFile = ObjFSO.CreateTextFile(ACLFileSrc, 1)

    Do Until objRecordSetCSV.EOF

        strName = objRecordSetCSV.Fields.Item("Name")
        strServerName = objRecordSetCSV.Fields.Item("ServerName")
        strWindowsEmailAddress = objRecordSetCSV.Fields.Item("WindowsEmailAddress")

        ACLFile.writeline "SETACL" & VbTab & "http://" & strServerName & "/exchange/" & strWindowsEmailAddress & "/Calendar/" & VbTab & UserDN & VbTab & AccessRights

    StrName = ""
    StrServerName = ""
    StrUserPrincipalName = ""



    PFDavAdminCommand = Chr(34) & PFDavAdminSrc & chr(34) & " -import -s " & ServerName & " -f " & ACLFileSrc & " -scope mailboxes -user " & Username & " -password " & Password & " -domain " & Domain

    logfile.writeline PFDavAdminCommand

    '*** END ***

    5. Edit VBScript customisation content

    In your VBScript file, edit it and change the section under Customisation to suit your needs:


    PFDavAdminSrc = "D:\Exchange Tools\PFDAVAdmin2.8\PFDAVAdmin.exe" 'Path to PFDavAdmin.exe file
    CSVSrcFile = CurrentDir & "UserList.csv" 'Path to input CSV File
    LogFileSrc = CurrentDir & "outputfile.txt" 'Path to logging output file
    UserDN = "LegacyExchangeDN of the user that needs permissions set"
    Username = Inputbox ("Username") 'Asks when script is executed
    Password = Inputbox ("Password") 'Asks when script is executed
    Domain = Inputbox ("Domain") 'Asks when script is executed
    ServerName = "Enter Server Name here"
    AccessRights = "Reviewer" 'Change to some other role if you want to change permissions to something over than reviewer.


    PFDAvAdminSrc file is the location of the PFDavAdmin.exe file on the local server.
    CSVSrcFile is the location of the CSV src file which was exported in step 3 above. Script assumes this is in the same directory, but you can change this if you want.
    LogFileSrc is the location of the log file that gets created when the script is run. I simply set this to the same directory as the script is run in by default.
    UserDN is the LegacyExchangeDN name of the user you want to give permissions to. I normally give a group permissions on calendars so I would use ADSIEDIT to pull back the LegacyExchangeDN of the group. HOWEVER you can also just set this \Everyone and this will change/update the 'Default' permissions.
    Username, Password, Domain fields should be self explanatory, you will need to use an account that has permissions over the mailbox. You can hardcode these fields in, but I find it safer to leave the password field set to prompt on script run.
    ServerName is the name of any of your Exchange 2007 mailbox servers, doesn't seem to matter what I put in here as long as it's a valid server, even if users are on other servers.
    AccessRights is the level of access you want to give the UserDN object to the calendar.

    6. Run the VBScript

    Now that the VBScript should be customised, you can now run it. simply double click it and it will prompt you for the username password and domain of your account if you haven't added them to the code.

    Once finished you will have two new files created in the directory, one is aclfile.txt, this contains the permissions to be updated based on the list of users in the input CSV file. The other is the outputfile.txt file.

    7. Turn Logging on in PFDavAdmin

    I Recommend this because it's good to see what PFDavAdmin is actually doing.

    Load PFDavAdmin, go to Tools >> Options >> Ensure Logging parameters are set to enabled and you know where the log files are going.

    8. Run the PFDavAdmin calendar permissions update command

    Copy the command out of the outputfile.txt and then run this in command prompt. Mine looks something like this:

    "D:\Exchange Tools\PFDAVAdmin2.8\PFDAVAdmin.exe" -import -s %ExchangeServerName% -f D:\Scripts\PFDavAdminCalendarPermissions\aclfile.txt -scope mailboxes -user %UserName% -password %Password% -domain %Domain%

    Obviously i've replaced the fields with %Variable% names, in reality these would be based on whatever you had in the VBScript.

    9. Check PFDavAdmin output

    Now you can check the log files from PFDavAdmin and see what the outputs are, make sure it all looks good etc

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
    This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now