Solved

Adding calendar permissions to a group for a group in Exchange 2010

Posted on 2014-04-09
4
596 Views
Last Modified: 2014-04-15
Hi all,

We are looking for a way to persistently add calendar permissions to a group ("sales") for a group ("managers").  I found a script that would work, but it needs to be run every time a user is added to or removed from the groups in question. Is there way to get these groups to behave as AD groups do so that we don't have that additional step of running the script?

The script that I found looks like this:
Get-DistributionGroupMember sales | Foreach-Object {
    Add-MailboxFolderPermission ($_.Alias + ":\Calendar") -User managers -AccessRights Editor
}

Open in new window

0
Comment
Question by:OAC Technology
  • 2
  • 2
4 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39989233
No, it isn't possible.
I usually have the script run on a schedule, usually once a day. That means that any one who removes the permission gets it back, and anyone knew get the permission applied.

If you are concerned about the permission being removed, then you will have to double script it, once to remove the permission and then once to include it. The remove step will probably have to be global.

Simon.
0
 
LVL 2

Author Comment

by:OAC Technology
ID: 39989844
Hi Simon,

OK, that's kind of what I had suspected. Nice hint on the scheduled script, I'll be sure to use that once I find a script that works. Or perhaps we can fix the one I found to work.

The script that I've found doesn't appear to be working out the way I hoped. Whenever I run the script in tests, I've received both of these errors at the same time:
Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.
    + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [],
   PSInvalidOperationException
    + FullyQualifiedErrorId : RemotePipelineExecutionFailed

Open in new window

An existing permission entry was found for user: managers.
    + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], UserAlreadyExis...nEntryException
    + FullyQualifiedErrorId : 4A6FBBC8,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission

Open in new window

When I test the outcome, the permissions do not stick unless they already existed, which is what I think the second error is telling me. We had been doing this manually on a per-user basis, which is why some of these permissions exist on some (but not all) users. When I change "add-mailboxfolderpermission" to "set-mailboxfolderpermission" I receive the first error along with a few lines that say the command was successful but no changes were made. As you can maybe guess, the few lines that were successful are the same users that had the permissions already added.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39992622
If the user already exists then you need to use set-mailboxfolderpermission - add-mailboxfolderpermission.
If you are running a script then you will probably have to use remove-mailboxfolderpermission (so that the change caused by being removed from the group takes effect), then add-mailboxfolderpermission to put it back.

Simon.
0
 
LVL 2

Author Closing Comment

by:OAC Technology
ID: 40001844
Thanks for pointing me in the right direction. Once I fine-tuned the script I set it on a schedule and we're good to go. Final script looks like this:
$sales = Get-DistributionGroupMember sales

$sales | Foreach-Object {
    Add-MailboxFolderPermission ($_.Alias + ":\Calendar") -User UserOrGroupName -AccessRights Editor
}

Open in new window

0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
how to add IIS SMTP to handle application/Scanner relays into office 365.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now