Solved

How to share outlook calendar to users in specific OU

Posted on 2011-09-30
10
1,292 Views
Last Modified: 2012-05-12
I have an Exchange server 2010 and users running Outlook 2007. And I have 2 different OU, one for administrative users and external users. All users in the administrative OU should be able to see each others calendar, while all external users need to get permission to view calendars. How can I setup this on the Exchange server?

I've been using ExFolders to give permission to everyone, could I just set this permission to be on the administrative OU?
0
Comment
Question by:Mr Woober
10 Comments
 

Expert Comment

by:phunkodelic
ID: 36891500
I don't believe you can do this though group policy.  Each user will have to do it on there own by doing the following:

1. Login into Outlook 2007
2. Change to folder view.
3. Right click on the calandar and choose "Share Calendar" and follow the prompts.
4. To give the user additionall permssions Right click on calendar again, go to properties, and then  to Permissions Tab and adjust as needed.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891518
No you can not use OU's to set calendar permissions. You would need to script this in powershell is about the only way I can think of.
0
 
LVL 7

Expert Comment

by:ComputerBeast
ID: 36891525
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891580
That does not allow you to share with the OU.  The whole point I would imagine is to make the process automated and simple without the END USER being involved.

10 more mins and I'll have the script for you.
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36891751
Great, thanks alot :)
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891975
Phew!

Ok i have used the Quest commandlets on a few lines as i find them easier. But this works fine for me in my lab exchange setup

Do you have a test lab? If not create a test OU with a few users in.

Its not pretty but will do a "Poshed up" version later

You could schedule this to run one a day or however often you like so that if you move some into an OU it updates them
# EE ID: 27373731

#Load Exchange Server 2010 Management Shell if not loaded. You may delete/comment out this step if you are running the script from the Exchange Management Shell
if (-not (Get-PSSnapin | Where-Object {$_.Name -like "Microsoft.Exchange.Management.PowerShell.E2010"})){
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
}
#Load Quest Activeroles Management Shell if not loaded.
if (-not (Get-PSSnapin | Where-Object {$_.Name -like "Quest.Activeroles.admanagement"})){
Add-PSSnapin Quest.Activeroles.admanagement
}

#Variables
$SearchRoot = "OU=ME-Systemtest,OU=STAFF,OU=ERH,DC=MyDomain,DC=COM" # Set to the OU you are running on

$AccessRights = "LimitedDetails" # See http://technet.microsoft.com/en-us/library/ff522363.aspx

$Users = Get-QADUser -SearchRoot $SearchRoot #Get all users in the OU

foreach ($user in $Users )
{
	$mailbox = Get-Mailbox $user.logonname
	$calendar = (($mailbox.SamAccountName)+ ":\" + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Calendar | Select-Object -First 1).Name)
    Set-MailboxFolderPermission -User "Default" -AccessRights "None" -Identity $calendar # Deny deafult user access
	foreach ($otherUser in $Users)
	{
	    if ( $user -ne $otheruser )
		{
			$Error.Clear 
			$ErrorActionPreference = "silentlycontinue"
			Set-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar
			if (!$?)
				{
				add-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar
				if (!$?)
					{
					$Error
					}
				$Error.Clear 
				}
		}
	}
}

Open in new window

0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891988
Ps
ignore all the $error bits, i'll tidy for a published version later.

HTH
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 36892570
Heres a better version, commented and without the Quest cammandlets.

 
#-----------------------------------------------------
#-	EE ID: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27373731.html  
#-	How to share outlook calendar to users in specific OU
#-	Add calendar permissions on every user in the OU to every other user in the OU
#-	Deny default user
#-	(C) Neil Russell - feel free to use
#-----------------------------------------------------

#Load Exchange Server 2010 Management Shell if not loaded. You may delete/comment out this step if you are running the script from the Exchange Management Shell
if (-not (Get-PSSnapin | Where-Object {$_.Name -like "Microsoft.Exchange.Management.PowerShell.E2010"})){
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
}

#Variables
$SearchRoot = "OU=ME-Systemtest,OU=STAFF,OU=ERH,DC=xshis,DC=nhs,DC=uk" # Set to the OU you are running on
$AccessRights = "LimitedDetails" # See http://technet.microsoft.com/en-us/library/ff522363.aspx 

#-----------------------------------------------------
# Read all mail enabled users from the $SearchRoot OU
#-----------------------------------------------------
$Users = Get-Mailbox -OrganizationalUnit $SearchRoot


foreach ($mailbox in $Users )
{
#-	Get the Calendar for this Mailbox
	$calendar = (($mailbox.SamAccountName)+ ":\" + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Calendar | Select-Object -First 1).Name)

#-	Set the Default user to have NONE permission on the Calendar
	Set-MailboxFolderPermission -User "Default" -AccessRights "None" -Identity $calendar

#-	Iterate through all the mailboxes
	foreach ($otherUser in $Users)
	{

#-	Dont do anything to users OWN mailbox
		if ( ($mailbox).SamAccountName -ne ($otheruser).SamAccountName  )
		{
		Write-Host $calendar " -- Permissions for :"  ($otheruser).SamAccountName
			$Error.Clear 
			$ErrorActionPreference = "silentlycontinue"

#-	See if we can set rights on an already existing relationship for the calendar
			Set-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar

#-	If an error occured due to no rights already existing then ADD those rights
			if (!$?)
				{
#-	Add a new rights relationship on the calendar for $OtherUser
				$Error.Clear 
				add-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar
				if (!$?)
					{
#-	Something went wrong, need to add handler for this
					Write-Host "Couldnt set or add calendar permissions for user $otheruser on $Calendar"
					$Error.Clear 
					
					}
				}
		}
	}
}

Open in new window


Let me know how you get on?
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36902359
Thanks alot, great work! I will test this today :)
0
 
LVL 1

Author Closing Comment

by:Mr Woober
ID: 36902400
What a great script, thanks alot! Great work mate :)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question