Setting Default Calendar Permisions Globally

Posted on 2011-05-12
Medium Priority
Last Modified: 2012-06-27
I have an Exchange 2010 and Outlook 2010 environment and we need to make a globale change to calendar permissions for everyone.  I would like everyones defalut to be set to Free/Busy time.  I have downloaded and installed PFDAVAdmin but the two permissions that are missing Free/Busy Time and Free/Busy Time, subject location.  Is there a cmd in exchange 2010 that can do this.
Question by:stacystyles
  • 2

Accepted Solution

SaneshPC earned 2000 total points
ID: 35748455
With PFDAVadmin, you have two options:

1) script or 2) GUI


Here is the details for how to accomplish this with a script:

The command line for PFDAVadmin will look like this -


PFDAVadmin –import –s <mailbox server shortname> -f <filename.txt> -scope mailboxes [the username, password, GC are optional]


Depending on the Permissions Role you want to set, the <filename.txt> will contain entries like this:

SETACL Mailboxes\<username>\Freebusy Data                                       \Everyone           <Role Permission>     NO

SETACL Mailboxes\<username>\Top of Information Store\Calendar       \Everyone           <Role Permission>    NO


So, your script will need to create a .txt file enumerating all the <username> aliases existing for each mailbox server.  Once the files are created, the command line above will need to be run for each mailbox server.  Examples of <Role Permission> are: None, Reviewer, Author, etc.



Author Comment

ID: 35748476
Is there a way to do this via the Exchange command Shell?

Expert Comment

ID: 35755818
 I could not see any shell cmd for this................................................may below VB script will help you..........Please keep update.... its work for me

NOTE BEFORE: You should test this in a lab or similar first before using, I've used it successfully but I take no responsibility for what you do with my script, I share this as a solution because it's worked for me. If you can't use a lab then at the least test it against a single test user first.
 1. Pre-Requisites

Some working PowerShell Knowledge
A bit of knowledge on VBScript helps
ADSIEDIT experience helps too

2. Grant an account full mailbox permissions over the mailboxes you want to change calendar permissions on

Hint: You may have an account you can already use for this, or you can simply create an account just to set these permissions. IMPORTANT: the user must have the Domain Users and Exchange Recipients Administrator membership for this to work.

For example this command gives user domain\calendarpermissions full mailbox access permissions over all users of the specified OU 'Users' in the domain domain.com:

Get-Mailbox -OrganizationalUnit "OU=Users,DC=domain,DC=com" | Add-MailboxPermission -User "domain\calendarpermissions" -AccessRights "FullAccess"

If your users are split about a bit you may want to simply put together a CSV file with a column heading of 'User', then you could run something like this instead:

Import-CSV "C:\csvfile.csv" | % {Add-MailboxPermission -Identity $_.User -User "domain\calendarpermissions" -AccessRights "FullAccess"}

3. Run PowerShell to get the necessary properties

After setting permissions, you need to run this to get the output properties required, assuming same as above:

Get-Mailbox -OrganizationalUnit "OU=Users,DC=domain,DC=com" | Select Name, ServerName, WindowsEmailAddress | Export-CSV "C:\UserList.csv" –NoType

if using a CSV input you could run this instead:

Import-CSV "C:\csvfile.csv" | % {Get-Mailbox -Identity $_.User | Select Name, ServerName, WindowsEmailAddress | Export-CSV "C:\UserList.csv" –NoType}

After running the right command above you will have the relevant properties output into a file called C:\UserList.csv.

4. Compose VBScript to create the import file and formulate the command you need to run

On the server where you have installed PFDavAdmin, Create a folder called 'CalendarPermissions'. Create a blank notepad file in the folder, then take all the text below (between *** START *** and *** END *** exactly as is, and paste it into a notepad file you created. Save the file as 'CalendarPermissions.vbs'.

'*** START ***

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objSH = CreateObject("WScript.Shell")

CurrentDir = objFSO.GetAbsolutePathName("")
CurrentDir = CurrentDir & "\"


PFDavAdminSrc = "D:\Exchange Tools\PFDAVAdmin2.8\PFDAVAdmin.exe" 'Path to PFDavAdmin.exe file
CSVSrcFile = CurrentDir & "UserList.csv" 'Path to input CSV File
LogFileSrc = CurrentDir & "outputfile.txt" 'Path to logging output file
UserDN = "\Everyone" 'LegacyExchangeDN of the user that needs permissions set, leave on \Default to change permissions for the Default group
Username = Inputbox ("Username") 'Asks when script is executed
Password = Inputbox ("Password") 'Asks when script is executed
Domain = Inputbox ("Domain") 'Asks when script is executed
ServerName = "Enter Server Name here"
AccessRights = "Reviewer" 'Change to some other role if you want to change permissions to something over than reviewer.


Set LogFile = ObjFSO.CreateTextFile(LogFileSrc, 1)

Const adOpenStatic = 3
Const adLockOptimistic = 3
Const adCmdText = &H0001

Set objConnection = CreateObject("ADODB.Connection")
Set objRecordSetCSV = CreateObject("ADODB.Recordset")

objConnection.Open "Provider=Microsoft.Jet.OLEDB.4.0;" & _
"Data Source=" & CurrentDir & ";" & _
"Extended Properties=""text;HDR=YES;FMT=Delimited"""

objRecordSetCSV.Open "SELECT * FROM " & CSVSrcFile , _
objConnection, adOpenStatic, adLockOptimistic, adCmdText


'Generate ACL File
ACLFileSrc = CurrentDir & "aclfile.txt"

Set ACLFile = ObjFSO.CreateTextFile(ACLFileSrc, 1)

Do Until objRecordSetCSV.EOF

    strName = objRecordSetCSV.Fields.Item("Name")
    strServerName = objRecordSetCSV.Fields.Item("ServerName")
    strWindowsEmailAddress = objRecordSetCSV.Fields.Item("WindowsEmailAddress")

    ACLFile.writeline "SETACL" & VbTab & "http://" & strServerName & "/exchange/" & strWindowsEmailAddress & "/Calendar/" & VbTab & UserDN & VbTab & AccessRights

StrName = ""
StrServerName = ""
StrUserPrincipalName = ""



PFDavAdminCommand = Chr(34) & PFDavAdminSrc & chr(34) & " -import -s " & ServerName & " -f " & ACLFileSrc & " -scope mailboxes -user " & Username & " -password " & Password & " -domain " & Domain

logfile.writeline PFDavAdminCommand

'*** END ***

5. Edit VBScript customisation content

In your VBScript file, edit it and change the section under Customisation to suit your needs:


PFDavAdminSrc = "D:\Exchange Tools\PFDAVAdmin2.8\PFDAVAdmin.exe" 'Path to PFDavAdmin.exe file
CSVSrcFile = CurrentDir & "UserList.csv" 'Path to input CSV File
LogFileSrc = CurrentDir & "outputfile.txt" 'Path to logging output file
UserDN = "LegacyExchangeDN of the user that needs permissions set"
Username = Inputbox ("Username") 'Asks when script is executed
Password = Inputbox ("Password") 'Asks when script is executed
Domain = Inputbox ("Domain") 'Asks when script is executed
ServerName = "Enter Server Name here"
AccessRights = "Reviewer" 'Change to some other role if you want to change permissions to something over than reviewer.


PFDAvAdminSrc file is the location of the PFDavAdmin.exe file on the local server.
CSVSrcFile is the location of the CSV src file which was exported in step 3 above. Script assumes this is in the same directory, but you can change this if you want.
LogFileSrc is the location of the log file that gets created when the script is run. I simply set this to the same directory as the script is run in by default.
UserDN is the LegacyExchangeDN name of the user you want to give permissions to. I normally give a group permissions on calendars so I would use ADSIEDIT to pull back the LegacyExchangeDN of the group. HOWEVER you can also just set this \Everyone and this will change/update the 'Default' permissions.
Username, Password, Domain fields should be self explanatory, you will need to use an account that has permissions over the mailbox. You can hardcode these fields in, but I find it safer to leave the password field set to prompt on script run.
ServerName is the name of any of your Exchange 2007 mailbox servers, doesn't seem to matter what I put in here as long as it's a valid server, even if users are on other servers.
AccessRights is the level of access you want to give the UserDN object to the calendar.

6. Run the VBScript

Now that the VBScript should be customised, you can now run it. simply double click it and it will prompt you for the username password and domain of your account if you haven't added them to the code.

Once finished you will have two new files created in the directory, one is aclfile.txt, this contains the permissions to be updated based on the list of users in the input CSV file. The other is the outputfile.txt file.

7. Turn Logging on in PFDavAdmin

I Recommend this because it's good to see what PFDavAdmin is actually doing.

Load PFDavAdmin, go to Tools >> Options >> Ensure Logging parameters are set to enabled and you know where the log files are going.

8. Run the PFDavAdmin calendar permissions update command

Copy the command out of the outputfile.txt and then run this in command prompt. Mine looks something like this:

"D:\Exchange Tools\PFDAVAdmin2.8\PFDAVAdmin.exe" -import -s %ExchangeServerName% -f D:\Scripts\PFDavAdminCalendarPermissions\aclfile.txt -scope mailboxes -user %UserName% -password %Password% -domain %Domain%

Obviously i've replaced the fields with %Variable% names, in reality these would be based on whatever you had in the VBScript.

9. Check PFDavAdmin output

Now you can check the log files from PFDavAdmin and see what the outputs are, make sure it all looks good etc

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
I came across an unsolved Outlook issue and here is my solution.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question