Solved

How to share outlook calendar to users in specific OU

Posted on 2011-09-30
10
1,272 Views
Last Modified: 2012-05-12
I have an Exchange server 2010 and users running Outlook 2007. And I have 2 different OU, one for administrative users and external users. All users in the administrative OU should be able to see each others calendar, while all external users need to get permission to view calendars. How can I setup this on the Exchange server?

I've been using ExFolders to give permission to everyone, could I just set this permission to be on the administrative OU?
0
Comment
Question by:Mr Woober
10 Comments
 

Expert Comment

by:phunkodelic
ID: 36891500
I don't believe you can do this though group policy.  Each user will have to do it on there own by doing the following:

1. Login into Outlook 2007
2. Change to folder view.
3. Right click on the calandar and choose "Share Calendar" and follow the prompts.
4. To give the user additionall permssions Right click on calendar again, go to properties, and then  to Permissions Tab and adjust as needed.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891518
No you can not use OU's to set calendar permissions. You would need to script this in powershell is about the only way I can think of.
0
 
LVL 7

Expert Comment

by:ComputerBeast
ID: 36891525
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891580
That does not allow you to share with the OU.  The whole point I would imagine is to make the process automated and simple without the END USER being involved.

10 more mins and I'll have the script for you.
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36891751
Great, thanks alot :)
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891975
Phew!

Ok i have used the Quest commandlets on a few lines as i find them easier. But this works fine for me in my lab exchange setup

Do you have a test lab? If not create a test OU with a few users in.

Its not pretty but will do a "Poshed up" version later

You could schedule this to run one a day or however often you like so that if you move some into an OU it updates them
# EE ID: 27373731

#Load Exchange Server 2010 Management Shell if not loaded. You may delete/comment out this step if you are running the script from the Exchange Management Shell
if (-not (Get-PSSnapin | Where-Object {$_.Name -like "Microsoft.Exchange.Management.PowerShell.E2010"})){
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
}
#Load Quest Activeroles Management Shell if not loaded.
if (-not (Get-PSSnapin | Where-Object {$_.Name -like "Quest.Activeroles.admanagement"})){
Add-PSSnapin Quest.Activeroles.admanagement
}

#Variables
$SearchRoot = "OU=ME-Systemtest,OU=STAFF,OU=ERH,DC=MyDomain,DC=COM" # Set to the OU you are running on

$AccessRights = "LimitedDetails" # See http://technet.microsoft.com/en-us/library/ff522363.aspx

$Users = Get-QADUser -SearchRoot $SearchRoot #Get all users in the OU

foreach ($user in $Users )
{
	$mailbox = Get-Mailbox $user.logonname
	$calendar = (($mailbox.SamAccountName)+ ":\" + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Calendar | Select-Object -First 1).Name)
    Set-MailboxFolderPermission -User "Default" -AccessRights "None" -Identity $calendar # Deny deafult user access
	foreach ($otherUser in $Users)
	{
	    if ( $user -ne $otheruser )
		{
			$Error.Clear 
			$ErrorActionPreference = "silentlycontinue"
			Set-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar
			if (!$?)
				{
				add-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar
				if (!$?)
					{
					$Error
					}
				$Error.Clear 
				}
		}
	}
}

Open in new window

0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891988
Ps
ignore all the $error bits, i'll tidy for a published version later.

HTH
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 36892570
Heres a better version, commented and without the Quest cammandlets.

 
#-----------------------------------------------------
#-	EE ID: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27373731.html  
#-	How to share outlook calendar to users in specific OU
#-	Add calendar permissions on every user in the OU to every other user in the OU
#-	Deny default user
#-	(C) Neil Russell - feel free to use
#-----------------------------------------------------

#Load Exchange Server 2010 Management Shell if not loaded. You may delete/comment out this step if you are running the script from the Exchange Management Shell
if (-not (Get-PSSnapin | Where-Object {$_.Name -like "Microsoft.Exchange.Management.PowerShell.E2010"})){
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
}

#Variables
$SearchRoot = "OU=ME-Systemtest,OU=STAFF,OU=ERH,DC=xshis,DC=nhs,DC=uk" # Set to the OU you are running on
$AccessRights = "LimitedDetails" # See http://technet.microsoft.com/en-us/library/ff522363.aspx 

#-----------------------------------------------------
# Read all mail enabled users from the $SearchRoot OU
#-----------------------------------------------------
$Users = Get-Mailbox -OrganizationalUnit $SearchRoot


foreach ($mailbox in $Users )
{
#-	Get the Calendar for this Mailbox
	$calendar = (($mailbox.SamAccountName)+ ":\" + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Calendar | Select-Object -First 1).Name)

#-	Set the Default user to have NONE permission on the Calendar
	Set-MailboxFolderPermission -User "Default" -AccessRights "None" -Identity $calendar

#-	Iterate through all the mailboxes
	foreach ($otherUser in $Users)
	{

#-	Dont do anything to users OWN mailbox
		if ( ($mailbox).SamAccountName -ne ($otheruser).SamAccountName  )
		{
		Write-Host $calendar " -- Permissions for :"  ($otheruser).SamAccountName
			$Error.Clear 
			$ErrorActionPreference = "silentlycontinue"

#-	See if we can set rights on an already existing relationship for the calendar
			Set-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar

#-	If an error occured due to no rights already existing then ADD those rights
			if (!$?)
				{
#-	Add a new rights relationship on the calendar for $OtherUser
				$Error.Clear 
				add-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar
				if (!$?)
					{
#-	Something went wrong, need to add handler for this
					Write-Host "Couldnt set or add calendar permissions for user $otheruser on $Calendar"
					$Error.Clear 
					
					}
				}
		}
	}
}

Open in new window


Let me know how you get on?
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36902359
Thanks alot, great work! I will test this today :)
0
 
LVL 1

Author Closing Comment

by:Mr Woober
ID: 36902400
What a great script, thanks alot! Great work mate :)
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question