Solved

Adding calendar permissions to a group for a group in Exchange 2010

Posted on 2014-04-09
4
600 Views
Last Modified: 2014-04-15
Hi all,

We are looking for a way to persistently add calendar permissions to a group ("sales") for a group ("managers").  I found a script that would work, but it needs to be run every time a user is added to or removed from the groups in question. Is there way to get these groups to behave as AD groups do so that we don't have that additional step of running the script?

The script that I found looks like this:
Get-DistributionGroupMember sales | Foreach-Object {
    Add-MailboxFolderPermission ($_.Alias + ":\Calendar") -User managers -AccessRights Editor
}

Open in new window

0
Comment
Question by:OAC Technology
  • 2
  • 2
4 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39989233
No, it isn't possible.
I usually have the script run on a schedule, usually once a day. That means that any one who removes the permission gets it back, and anyone knew get the permission applied.

If you are concerned about the permission being removed, then you will have to double script it, once to remove the permission and then once to include it. The remove step will probably have to be global.

Simon.
0
 
LVL 2

Author Comment

by:OAC Technology
ID: 39989844
Hi Simon,

OK, that's kind of what I had suspected. Nice hint on the scheduled script, I'll be sure to use that once I find a script that works. Or perhaps we can fix the one I found to work.

The script that I've found doesn't appear to be working out the way I hoped. Whenever I run the script in tests, I've received both of these errors at the same time:
Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.
    + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [],
   PSInvalidOperationException
    + FullyQualifiedErrorId : RemotePipelineExecutionFailed

Open in new window

An existing permission entry was found for user: managers.
    + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], UserAlreadyExis...nEntryException
    + FullyQualifiedErrorId : 4A6FBBC8,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission

Open in new window

When I test the outcome, the permissions do not stick unless they already existed, which is what I think the second error is telling me. We had been doing this manually on a per-user basis, which is why some of these permissions exist on some (but not all) users. When I change "add-mailboxfolderpermission" to "set-mailboxfolderpermission" I receive the first error along with a few lines that say the command was successful but no changes were made. As you can maybe guess, the few lines that were successful are the same users that had the permissions already added.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39992622
If the user already exists then you need to use set-mailboxfolderpermission - add-mailboxfolderpermission.
If you are running a script then you will probably have to use remove-mailboxfolderpermission (so that the change caused by being removed from the group takes effect), then add-mailboxfolderpermission to put it back.

Simon.
0
 
LVL 2

Author Closing Comment

by:OAC Technology
ID: 40001844
Thanks for pointing me in the right direction. Once I fine-tuned the script I set it on a schedule and we're good to go. Final script looks like this:
$sales = Get-DistributionGroupMember sales

$sales | Foreach-Object {
    Add-MailboxFolderPermission ($_.Alias + ":\Calendar") -User UserOrGroupName -AccessRights Editor
}

Open in new window

0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question