Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 623
  • Last Modified:

Adding calendar permissions to a group for a group in Exchange 2010

Hi all,

We are looking for a way to persistently add calendar permissions to a group ("sales") for a group ("managers").  I found a script that would work, but it needs to be run every time a user is added to or removed from the groups in question. Is there way to get these groups to behave as AD groups do so that we don't have that additional step of running the script?

The script that I found looks like this:
Get-DistributionGroupMember sales | Foreach-Object {
    Add-MailboxFolderPermission ($_.Alias + ":\Calendar") -User managers -AccessRights Editor
}

Open in new window

0
OAC Technology
Asked:
OAC Technology
  • 2
  • 2
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
No, it isn't possible.
I usually have the script run on a schedule, usually once a day. That means that any one who removes the permission gets it back, and anyone knew get the permission applied.

If you are concerned about the permission being removed, then you will have to double script it, once to remove the permission and then once to include it. The remove step will probably have to be global.

Simon.
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
Hi Simon,

OK, that's kind of what I had suspected. Nice hint on the scheduled script, I'll be sure to use that once I find a script that works. Or perhaps we can fix the one I found to work.

The script that I've found doesn't appear to be working out the way I hoped. Whenever I run the script in tests, I've received both of these errors at the same time:
Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.
    + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [],
   PSInvalidOperationException
    + FullyQualifiedErrorId : RemotePipelineExecutionFailed

Open in new window

An existing permission entry was found for user: managers.
    + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], UserAlreadyExis...nEntryException
    + FullyQualifiedErrorId : 4A6FBBC8,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission

Open in new window

When I test the outcome, the permissions do not stick unless they already existed, which is what I think the second error is telling me. We had been doing this manually on a per-user basis, which is why some of these permissions exist on some (but not all) users. When I change "add-mailboxfolderpermission" to "set-mailboxfolderpermission" I receive the first error along with a few lines that say the command was successful but no changes were made. As you can maybe guess, the few lines that were successful are the same users that had the permissions already added.
0
 
Simon Butler (Sembee)ConsultantCommented:
If the user already exists then you need to use set-mailboxfolderpermission - add-mailboxfolderpermission.
If you are running a script then you will probably have to use remove-mailboxfolderpermission (so that the change caused by being removed from the group takes effect), then add-mailboxfolderpermission to put it back.

Simon.
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
Thanks for pointing me in the right direction. Once I fine-tuned the script I set it on a schedule and we're good to go. Final script looks like this:
$sales = Get-DistributionGroupMember sales

$sales | Foreach-Object {
    Add-MailboxFolderPermission ($_.Alias + ":\Calendar") -User UserOrGroupName -AccessRights Editor
}

Open in new window

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now