Solved

How to share outlook calendar to users in specific OU

Posted on 2011-09-30
10
1,204 Views
Last Modified: 2012-05-12
I have an Exchange server 2010 and users running Outlook 2007. And I have 2 different OU, one for administrative users and external users. All users in the administrative OU should be able to see each others calendar, while all external users need to get permission to view calendars. How can I setup this on the Exchange server?

I've been using ExFolders to give permission to everyone, could I just set this permission to be on the administrative OU?
0
Comment
Question by:Mr Woober
10 Comments
 

Expert Comment

by:phunkodelic
ID: 36891500
I don't believe you can do this though group policy.  Each user will have to do it on there own by doing the following:

1. Login into Outlook 2007
2. Change to folder view.
3. Right click on the calandar and choose "Share Calendar" and follow the prompts.
4. To give the user additionall permssions Right click on calendar again, go to properties, and then  to Permissions Tab and adjust as needed.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891518
No you can not use OU's to set calendar permissions. You would need to script this in powershell is about the only way I can think of.
0
 
LVL 7

Expert Comment

by:ComputerBeast
ID: 36891525
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891580
That does not allow you to share with the OU.  The whole point I would imagine is to make the process automated and simple without the END USER being involved.

10 more mins and I'll have the script for you.
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36891751
Great, thanks alot :)
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891975
Phew!

Ok i have used the Quest commandlets on a few lines as i find them easier. But this works fine for me in my lab exchange setup

Do you have a test lab? If not create a test OU with a few users in.

Its not pretty but will do a "Poshed up" version later

You could schedule this to run one a day or however often you like so that if you move some into an OU it updates them
# EE ID: 27373731

#Load Exchange Server 2010 Management Shell if not loaded. You may delete/comment out this step if you are running the script from the Exchange Management Shell
if (-not (Get-PSSnapin | Where-Object {$_.Name -like "Microsoft.Exchange.Management.PowerShell.E2010"})){
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
}
#Load Quest Activeroles Management Shell if not loaded.
if (-not (Get-PSSnapin | Where-Object {$_.Name -like "Quest.Activeroles.admanagement"})){
Add-PSSnapin Quest.Activeroles.admanagement
}

#Variables
$SearchRoot = "OU=ME-Systemtest,OU=STAFF,OU=ERH,DC=MyDomain,DC=COM" # Set to the OU you are running on

$AccessRights = "LimitedDetails" # See http://technet.microsoft.com/en-us/library/ff522363.aspx

$Users = Get-QADUser -SearchRoot $SearchRoot #Get all users in the OU

foreach ($user in $Users )
{
	$mailbox = Get-Mailbox $user.logonname
	$calendar = (($mailbox.SamAccountName)+ ":\" + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Calendar | Select-Object -First 1).Name)
    Set-MailboxFolderPermission -User "Default" -AccessRights "None" -Identity $calendar # Deny deafult user access
	foreach ($otherUser in $Users)
	{
	    if ( $user -ne $otheruser )
		{
			$Error.Clear 
			$ErrorActionPreference = "silentlycontinue"
			Set-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar
			if (!$?)
				{
				add-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar
				if (!$?)
					{
					$Error
					}
				$Error.Clear 
				}
		}
	}
}

Open in new window

0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36891988
Ps
ignore all the $error bits, i'll tidy for a published version later.

HTH
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 36892570
Heres a better version, commented and without the Quest cammandlets.

 
#-----------------------------------------------------
#-	EE ID: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27373731.html  
#-	How to share outlook calendar to users in specific OU
#-	Add calendar permissions on every user in the OU to every other user in the OU
#-	Deny default user
#-	(C) Neil Russell - feel free to use
#-----------------------------------------------------

#Load Exchange Server 2010 Management Shell if not loaded. You may delete/comment out this step if you are running the script from the Exchange Management Shell
if (-not (Get-PSSnapin | Where-Object {$_.Name -like "Microsoft.Exchange.Management.PowerShell.E2010"})){
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
}

#Variables
$SearchRoot = "OU=ME-Systemtest,OU=STAFF,OU=ERH,DC=xshis,DC=nhs,DC=uk" # Set to the OU you are running on
$AccessRights = "LimitedDetails" # See http://technet.microsoft.com/en-us/library/ff522363.aspx 

#-----------------------------------------------------
# Read all mail enabled users from the $SearchRoot OU
#-----------------------------------------------------
$Users = Get-Mailbox -OrganizationalUnit $SearchRoot


foreach ($mailbox in $Users )
{
#-	Get the Calendar for this Mailbox
	$calendar = (($mailbox.SamAccountName)+ ":\" + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Calendar | Select-Object -First 1).Name)

#-	Set the Default user to have NONE permission on the Calendar
	Set-MailboxFolderPermission -User "Default" -AccessRights "None" -Identity $calendar

#-	Iterate through all the mailboxes
	foreach ($otherUser in $Users)
	{

#-	Dont do anything to users OWN mailbox
		if ( ($mailbox).SamAccountName -ne ($otheruser).SamAccountName  )
		{
		Write-Host $calendar " -- Permissions for :"  ($otheruser).SamAccountName
			$Error.Clear 
			$ErrorActionPreference = "silentlycontinue"

#-	See if we can set rights on an already existing relationship for the calendar
			Set-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar

#-	If an error occured due to no rights already existing then ADD those rights
			if (!$?)
				{
#-	Add a new rights relationship on the calendar for $OtherUser
				$Error.Clear 
				add-MailboxFolderPermission -User "$otherUser" -AccessRights $AccessRights -Identity $calendar
				if (!$?)
					{
#-	Something went wrong, need to add handler for this
					Write-Host "Couldnt set or add calendar permissions for user $otheruser on $Calendar"
					$Error.Clear 
					
					}
				}
		}
	}
}

Open in new window


Let me know how you get on?
0
 
LVL 1

Author Comment

by:Mr Woober
ID: 36902359
Thanks alot, great work! I will test this today :)
0
 
LVL 1

Author Closing Comment

by:Mr Woober
ID: 36902400
What a great script, thanks alot! Great work mate :)
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
If you don't know how to downgrade, my instructions below should be helpful.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now