Adding calendar permissions to a group for a group in Exchange 2010

Hi all,

We are looking for a way to persistently add calendar permissions to a group ("sales") for a group ("managers").  I found a script that would work, but it needs to be run every time a user is added to or removed from the groups in question. Is there way to get these groups to behave as AD groups do so that we don't have that additional step of running the script?

The script that I found looks like this:
Get-DistributionGroupMember sales | Foreach-Object {
    Add-MailboxFolderPermission ($_.Alias + ":\Calendar") -User managers -AccessRights Editor
}

Open in new window

LVL 2
OAC TechnologyProfessional NerdsAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
No, it isn't possible.
I usually have the script run on a schedule, usually once a day. That means that any one who removes the permission gets it back, and anyone knew get the permission applied.

If you are concerned about the permission being removed, then you will have to double script it, once to remove the permission and then once to include it. The remove step will probably have to be global.

Simon.
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
Hi Simon,

OK, that's kind of what I had suspected. Nice hint on the scheduled script, I'll be sure to use that once I find a script that works. Or perhaps we can fix the one I found to work.

The script that I've found doesn't appear to be working out the way I hoped. Whenever I run the script in tests, I've received both of these errors at the same time:
Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.
    + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [],
   PSInvalidOperationException
    + FullyQualifiedErrorId : RemotePipelineExecutionFailed

Open in new window

An existing permission entry was found for user: managers.
    + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], UserAlreadyExis...nEntryException
    + FullyQualifiedErrorId : 4A6FBBC8,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission

Open in new window

When I test the outcome, the permissions do not stick unless they already existed, which is what I think the second error is telling me. We had been doing this manually on a per-user basis, which is why some of these permissions exist on some (but not all) users. When I change "add-mailboxfolderpermission" to "set-mailboxfolderpermission" I receive the first error along with a few lines that say the command was successful but no changes were made. As you can maybe guess, the few lines that were successful are the same users that had the permissions already added.
0
 
Simon Butler (Sembee)ConsultantCommented:
If the user already exists then you need to use set-mailboxfolderpermission - add-mailboxfolderpermission.
If you are running a script then you will probably have to use remove-mailboxfolderpermission (so that the change caused by being removed from the group takes effect), then add-mailboxfolderpermission to put it back.

Simon.
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
Thanks for pointing me in the right direction. Once I fine-tuned the script I set it on a schedule and we're good to go. Final script looks like this:
$sales = Get-DistributionGroupMember sales

$sales | Foreach-Object {
    Add-MailboxFolderPermission ($_.Alias + ":\Calendar") -User UserOrGroupName -AccessRights Editor
}

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.