Grant group Read access to ALL mailbox calendars

Management would like visibility of all our mailbox calendars
How can I do this quickly and easily?
antoniokingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Version of Exchange?
This is something that has to be set per mailbox, so it cannot be set to inherit on new mailboxes.
Therefore once the version of Exchange has been established, you would need to have a script running each night (For example) to apply the permissions for anyone new or has removed the permission.

Simon.
0
antoniokingAuthor Commented:
Sorry, running version 2010.
Thanks Simon
0
Simon Butler (Sembee)ConsultantCommented:
Create a security group, mail enable it.
Put all people who need access in to the group.
If you have an existing mail enabled security group with the required permissions, then you can use that. You can also hide the group after setting the permissions.

Then you will need to use this command to add the permissions:

Get-mailbox | Foreach-Object { Add-MailboxFolderPermission ($_.Alias + ":\Calendar") -User view.only.calendars@example.com -AccessRights Reviewer}

You can check the permissions with this command:

get-MailboxFolderPermission -Identity 'username:\Calendar'

(where username is the name of the user you want to check).

You will get a couple of errors, as there are some system mailboxes the above command picks up, but you cannot set the permissions on.

Simon.

where view.only.calendars@example.com is the email address on the group.
Depending on the number of users, it can take a while to go through, and you need to allow time to replicate.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

antoniokingAuthor Commented:
Hi Simon
Unfortunately the code error-ed out straight away

Get-mailbox : The term 'Get-mailbox' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ Get-mailbox | Foreach-Object { Add-MailboxFolderPermission ($_.Alias + ":\Calend ...
+ ~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Get-mailbox:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
0
Simon Butler (Sembee)ConsultantCommented:
You were running that from EMS and not plain Powershell?
I tested it before I posted it and it worked fine.

Simon.
0
antoniokingAuthor Commented:
Sure from EMS
Odd. I'm out of my office now until monday but will try again then
0
antoniokingAuthor Commented:
Hi Simon
I have tried again but same error, even when entering the code in to the Exchange Management Shell.

Regards
0
Simon Butler (Sembee)ConsultantCommented:
Get-Mailbox is a core Exchange command.
The line I gave you I know works as I tested it before posting.

You either don't have the permissions to run the commands or are not using EMS despite what you may think.

Simon.
0
antoniokingAuthor Commented:
Stupidly logged in as an administrator without a mailbox.
This worked once logged in as a different admin.

Thanks!
0
antoniokingAuthor Commented:
Hi Simon
I have ran your code and now checking random mailboxes (using code get-MailboxFolderPermission -Identity 'username:\Calendar') to see if the permissions have applied however some mailboxes haven't.

It appears if the mailbox already has some custom permissions setup from the default then the new permissions have not been added.
0
Simon Butler (Sembee)ConsultantCommented:
There can be some delays in the changes showing up due to replication within the domain.
Custom permissions shouldn't be a problem UNLESS you are using an account (also a group) that already has permissions. In that case you have to use set- rather than add- because you are changing the permission.

Simon.
0
antoniokingAuthor Commented:
Hi Simon
I have tried the command with Set and Add but there are a number of maibloxes where the new permissions are not appearing.
Ihave waited until the next day to check permissions.
0
Simon Butler (Sembee)ConsultantCommented:
You shouldn't need to wait a day, the permission should show within a few minutes.
Are you sure the end users aren't taking the permissions out?
Check also that permission inheritance is enabled on the user account in ADUC.

Simon.
0
antoniokingAuthor Commented:
Thanks for your help with this!

I need to set these permissions because our users don't know how to it themselves, so I am confident it's not them changing them back.

Where do I check permission inheritance in AD?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.