Solved

Delegate a Leave calendar user mailbox in Exchange 2010.

Posted on 2014-03-10
15
661 Views
Last Modified: 2014-03-23
Hi All,

Some one requested me to create a Share mailbox and give only access to Calendar for a list of users (around 50 users).
I did create a mailbox and called it “Leave Calendar”.
My Question is what is the quickest way to give access to those users.
At the moment I logged in to Leave Calendar mailbox and delegate access to only calendar throught Outlook.

Is any way I can user Power Shell or  permission to do that .

Thanks you in advance.

Regards,
Rabih
0
Comment
Question by:Rabihhaj
  • 8
  • 7
15 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39919322
Hi,

First of all you will need a user that belongs to the following groups:

Organization Management
Recipient Management
Help Desk

Next the users need the same custom attribute, lets say group1 And if Mail Universal Security Group already exists with the primary SMTP address lets say leave.calendar@yourdomain.com

All you need is Get-mailbox -Filter {(CustomAttribute1 -eq "Group1")} | ForEach-Object {Add-MailboxFolderPermission $_":\Calendar" -User leave.calendar@yourdomain.com
-AccessRights Reviewer}

Try this for just one or two users if everything is working you can add the same Custom Attribute to the other users.

I think this will do the trick.

PS: For remove the permissions you have to do the following
Get-mailbox -Filter {(CustomAttribute1 -eq "Group1")} | ForEach-Object {Remove-MailboxFolderPermission $_":\Calendar" -User leave.calendar@yourdomain.com}

Hope this could help you.

Regards
0
 

Author Comment

by:Rabihhaj
ID: 39919391
Hi

Thanks for your quick response,

Could you please send me a link to do more reading on how to user these Groups Organization Management ,Recipient Management,Help Desk

As it is the first time for me,

I will appreciated your step by step instruction

Regards
Rabih
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39920197
Hi,


You can check and see all the role managemens here: Exchange 2010 Role Based Access Control

When I said that the user needs to belong to the management role groups its to ensure that you have permissions on the EMS to execute the powershell script against exchange.

Normaly if you are using an exchanger user admin, lets say the user that you use to install the exchange you will be fine, if you receive some errors on the powershell
command line you have to confirm that the user belongs to that groups. For that you need to log in with an account with permissions on the organization manager on the ECP.

You can see this on part 3 from the site posted above.

Regards
0
 

Author Comment

by:Rabihhaj
ID: 39921598
Hi,

I will do it today. And let you know.
Now, if I want to add all 50 users to custom attribute such as group1 is any Ps can do that instead going manually on each user and add it in their profile

Thank for your assistance

Rabih
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39922058
Hi,

First of all create a txt file, put there just a couple o names in case anything goes wrong you just need to change a few users, if everything runs like you want you can add all the users.

Do the following:
Create a file like Myscript.ps1 then copy the code below

$data = get-content “c:\pathtotxtfile\users.txt”
foreach($a in $data)
 {
Set-Mailbox -Identity $a -CustomAttribute1 attribvalue  ( Example Marketing )
 }

As for the text file be sure the names in your text file are in the following format with as many names as you require.  Then execute the script to modify the attribute of your choice.

Lastname, firstname
Lastname, firstname

Add a custom attribute for an individual user: Run the following command within the Exchange Management Shell

Set-Mailbox -Identity “lastname, firstname” -CustomAttribute1 attribvalue

Remove the custom attribute manually for an individual user:

Set-Mailbox -Identity “lastname, firstname” -CustomAttribute1 “”


Hope this helps.

Regards
0
 

Author Comment

by:Rabihhaj
ID: 39925629
Hi ,

I tried your Script , i am not sure what is wrong . please see the below error and advise


[PS] H:\>Get-mailbox -Filter {(CustomAttribute1 -eq "Group1")} | ForEach-Object {Add-MailboxFolderPermission $_":\Calendar" -User WaterOperationsLeave@MyDomain.local
>> -AccessRights Reviewer}
>>
Missing expression after unary operator '-'.
At line:2 char:2
+ - <<<< AccessRights Reviewer}
    + CategoryInfo          : ParserError: (-:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : MissingExpressionAfterOperator
0
 

Author Comment

by:Rabihhaj
ID: 39925647
I have tried this command , no success.

MyScripts.PS1
$data = get-content “H:\users.txt”
foreach($a in $data)
{
Set-Mailbox -Identity $a -CustomAttribute1 attribvalue (Group1)
}

Users.txt
Lastname, firstname
Test 2,Blackberry
Test1,Blackberry

that what i got

[PS] H:\>.\MyScript.ps1
The term 'Group1' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spel
ling of the name, or if a path was included, verify that the path is correct and try again.
At H:\MyScript.ps1:4 char:63
+ Set-Mailbox -Identity $a -CustomAttribute1 attribvalue (Group1 <<<< )
    + CategoryInfo          : ObjectNotFound: (Group1:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Please help
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39925956
This is wrong Set-Mailbox -Identity $a -CustomAttribute1 attribvalue (Group1)

Must be Set-Mailbox -Identity $a -CustomAttribute1 Group1

This Set-Mailbox -Identity $a -CustomAttribute1 attribvalue (Group1) was just an example for the attribvalue

Change the attribvalue for the customattribute1 that the users will have, this must be the same for the group of users that  you want to delegate the calendar.

Regards
0
 

Author Comment

by:Rabihhaj
ID: 39925975
And how about first script please
[PS] H:\>Get-mailbox -Filter {(CustomAttribute1 -eq "Group1")} | ForEach-Object {Add-MailboxFolderPermission $_":\Calendar" -User WaterOperationsLeave@MyDomain.local

What is wrong?

Is that should be without quotation

Thanks
Rabih
0
 
LVL 12

Accepted Solution

by:
David Paris Vicente earned 500 total points
ID: 39927099
Hi,

Sorry for the late response.

We have to tweak a little beat the powershell command.

1- Set custom attribute on the users that you want to give permissions to access the other user Calendar. For example set CustomAttribute1 “Group1”  

2- Get-mailbox -Filter {(CustomAttribute1 -eq "Group1")} | select-Object Samaccountname  | Export-Csv C:\Users.csv

3- Open up users.csv file and remove the first line which would be “#TYPE Selected.Microsoft.Exchange.Data.Directory.Management.User” and save file

4- Import-csv C:\users.csv | foreach-object {Add-MailboxFolderPermission -identity WaterOperationsLeave@MyDomain.local:\Calendar -User $_.Samaccountname -AccessRights "Reviewer"}

This will do the the trick and all the users inside the csv will have permissions of reviewer or other that you define to the wateroperationsleave@mydomain.local:\Calendar.

Let me know.

Regards
0
 

Author Comment

by:Rabihhaj
ID: 39927607
Thanks, I will test it, and let you know today.

Thanks
Rabih
0
 

Author Comment

by:Rabihhaj
ID: 39927917
Hi ,

It is working now, good work.

Now, if I want to add all 50 users to custom attribute such as group1 is any PS can do that instead going manually on each user and add it in their profile

I tried the below still not working
$data = get-content “H:\usersadda.csv”
foreach($a in $data)
{
Set-Mailbox -Identity $a -CustomAttribute2 usersadda
}

usersadda.csv
Lastname, firstname
Blackberry, Test 2
Blackberry, Test1

Even this one
Set-Mailbox -Identity “Test1, Blackberry” -CustomAttribute1 Group1

please help
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39928064
OK great.

Now lets create a txt file and  call it something like user_to_delegate.txt on your c: drive

Inside this file lets use the alias name or the identity of the mailbox instead of the lastname, firstname.
Check the example on the attached file with the name user_to_delegate.txt, as you can see I have an alias called Anna, Axel, David etc this are the Alias names of the users that I want to add the attribute value, delete the names that I provide and put the alias names of the users that you want to add the attribute value.

Now open your EMS with run as admin and execute the script that I provide in the attachement with name script_to_delegate.txt, you have to change the extension of this file to ps1

Thats it.
 I hope this what you want.

Regards.
user-to-delegate.txt
script-to-delegate.txt
0
 

Author Comment

by:Rabihhaj
ID: 39928165
I have to changed the exctension from user-to-delegate.txt to user-to-delegate.CSV and all works .

but i got the below error do i have to worry about it ,
[PS] H:\>.\Script-to-delegate.ps1
The operation couldn't be performed because object ' ' couldn't be found on Exchange.domain.local'.
    + CategoryInfo          : NotSpecified: (0:Int32) [Set-Mailbox], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : D32400A3,Microsoft.Exchange.Management.RecipientTasks.SetMailbox

WARNING: The command completed successfully but no settings of 'Domain.local/User Accounts/Win7 Users/Tier 1/BBTest2'
have been modified.
WARNING: The command completed successfully but no settings of 'Domain.local/User Accounts/Win7 Users/Tier 1/Test1
Blackberry' have been modified.
[PS] H:\>

how do i fix the above error.

Can i user email address in the user-to-delegate.CSV  instead Alias

Thank you in Advance

Rabih
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39928863
The Warnings it´s because the user already have some attribute define on that particular attribute field
The Error its because you have some empty line or other character.

Can you put here your files?

I didn't test with the email address, so I can't confirm that will work.

Beside that did you accomplish what you wanted?

Regards
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now