Link to home
Create AccountLog in
Avatar of doctorbill
doctorbillFlag for United Kingdom of Great Britain and Northern Ireland

asked on

powershell calendars

I have a lot of users who have shared their calendars with all the users in the same organisation

I need to run a powershell command that will change the current share permissions of all users Calendars to "LimitedAccess" for All the users who are accessing the shared Calendars without having to reshare

Is this possible?

Avatar of Qlemo
Qlemo
Flag of Germany image

You are using O365 with Exchange Online (in the Cloud) or on premise?

Avatar of doctorbill

ASKER

I am using exchange online and access the Microsoft 365 portal via powershell:
Connect-ExchangeOnline
.........
Any update on this please?
try the below

$AllUsers = Get-Mailbox -resultsize Unlimited | ?{$_RecipientTypeDetails -eq "UserMailbox"} | Select primarysmtpaddress

Get-Mailbox -resultsize Unlimited | ?{$_RecipientTypeDetails -eq "UserMailbox"} | Select primarysmtpaddress | %{remove-MailboxFolderPermission "$_.primarysmtpaddress:\calendar" -user $AllUsers -Confirm:$false}

Get-Mailbox -resultsize Unlimited | ?{$_RecipientTypeDetails -eq "UserMailbox"} | Select primarysmtpaddress | %{Set-MailboxFolderPermission "$_.primarysmtpaddress:\calendar" -user Default -AccessRights Reviewer}
Have you tested this?

No, that won't work. Removing the permissions to your own calendar is certainly doing no good. Anyway, you can only supply a single user to set the permissions, no array. This might work:

$AllUsers = Get-Mailbox -resultsize Unlimited | ?{$_RecipientTypeDetails -eq "UserMailbox"} | Select -Expand primarysmtpaddress
for ($user in $AllUsers) {
$AllUsers | ? { $_ -ne $user } | % { Remove-MailboxFolderPermission "$user:\calendar" -user $_ -Confirm:$false -ea SilentlyContinue } Set-MailBoxFolderPermission "$user:\calendar" -user Default -AccessRights Reviewer }

Open in new window

You can add -WhatIf to the Remove/Set cmdlets to see what it would do, or set the confirm switch to true to require confirmation for testing purposes. Or set $AllUsers to two or three mailboxes only.

I will give it a go
Where exactly do I put the -Whatif switch?

-WhatIf can be provided to almost all cmdlets applying changes, to only show what they would try to change. In this particular case if makes sense to add to both cmdlets:

$AllUsers = Get-Mailbox -resultsize Unlimited | ?{$_RecipientTypeDetails -eq "UserMailbox"} | Select -Expand primarysmtpaddress

for ($user in $AllUsers) {
  $AllUsers | ? { $_ -ne $user } |
    % { Remove-MailboxFolderPermission "$user:\calendar" -user $_ -Confirm:$false -ea SilentlyContinue -WhatIf }
  Set-MailBoxFolderPermission "$user:\calendar" -user Default -AccessRights Reviewer -WhatIf
}

Open in new window

For testing, I would fill $AllUsers with a small subset of users first (at least 2, better 3), and then check if the changes work as expected:

$AllUsers = 'user1@company.com', 'user2@company.com', 'user3@company.com'

for ($user in $AllUsers) {
  $AllUsers | ? { $_ -ne $user } |
    % { Remove-MailboxFolderPermission "$user:\calendar" -user $_ -Confirm:$false -ea SilentlyContinue }
  Set-MailBoxFolderPermission "$user:\calendar" -user Default -AccessRights Reviewer
}

Open in new window


Awesome - I will try this and report back
I tried the script with the Whatif and get:

At line:1 char:12
+ for ($user in $AllUsers) {
+            ~~
Unexpected token 'in' in expression or statement.
At line:3 char:41
+     % { Remove-MailboxFolderPermission "$user:\calendar" -user $_ -Co ...
+                                         ~~~~~~
Variable reference is not valid. ':' was not followed by a valid variable name character. Consider using ${} to delimit the name.
At line:4 char:32
+   Set-MailBoxFolderPermission "$user:\calendar" -user Default -Access ...
+                                ~~~~~~
Variable reference is not valid. ':' was not followed by a valid variable name character. Consider using ${} to delimit the name.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

Sorry for that.

$AllUsers = Get-Mailbox -resultsize Unlimited | ?{$_RecipientTypeDetails -eq "UserMailbox"} | Select -Expand primarysmtpaddress

foreach ($user in $AllUsers) {
  $AllUsers | ? { $_ -ne $user } |
    % { Remove-MailboxFolderPermission "${user}:\calendar" -user $_ -Confirm:$false -ea SilentlyContinue -WhatIf }
  Set-MailBoxFolderPermission "${user}:\calendar" -user Default -AccessRights Reviewer -WhatIf
}

Open in new window


Ok - that works, but it only changes to permissions of the default for the selected users
This is my problem:
Example, One user (User A)has access to multiple calendars via shares (see attached file)
Is it possible to change the permissions of all the existing shares so that the user  (User A) sees all the shared Calendars as a changed permission (ie, from Reviewer to Limited Access)?User generated imageUser generated imageUser generated imageUser generated image
doctorbill
If your desire is to change everyone's permission on those calendars to limiteddetails please run the following command for each calendar in question

Get-MailboxFolderPermission "emailaddressofthemailbox:\calendar"  | Select User | %{Set-MailboxFolderPermission -User $_.User -AccessRights LimitedDetails}

example:
Get-MailboxFolderPermission "Sales@yourdomain.com:\calendar"  | Select User | %{Set-MailboxFolderPermission -User $_.User -AccessRights LimitedDetails}
Will give it a go
I get this - it doesn't recognise the email address:

cmdlet Set-MailboxFolderPermission at command pipeline position 1
Supply values for the following parameters:
Identity:
Verify that you don't have a typo in your command...paste your complete command here hiding the domain if you have to
Get-MailboxFolderPermission "xxx@xxx.com:\calendar"  | Select User | %{Set-MailboxFolderPermission -AccessRights LimitedDetails}
Looks good. Where does the mailbox sit, in O365? If so make sure you are running the command in powershell for Exchange online.
Yes - that's where it is running
Go back and look at my command it looks like you left out -User $_.User
So what is the full command?
Get-MailboxFolderPermission "Sales@yourdomain.com:\calendar"  | Select User | %{Set-MailboxFolderPermission -User $_.User -AccessRights LimitedDetails}
Same issue
I am asked for the following:

cmdlet Set-MailboxFolderPermission at command pipeline position 1
Supply values for the following parameters:
Identity:
Something is wrong with your syntax.  Let's try another way then. Make sure you have a folder named temp on your c drive.

Get-MailboxFolderPermission "Sales@yourdomain.com:\calendar"  | Select User | export-csv c:\temp\users.csv -nti

Import-csv c:\temp\users.csv | %{Set-MailboxFolderPermission -User $_.User -AccessRights LimitedDetails}
Something is wrong with your syntax.  Let's try another way then. Make sure you have a folder named temp on your c drive.

Get-MailboxFolderPermission "Sales@yourdomain.com:\calendar"  | Select User | export-csv c:\temp\users.csv -nti

Import-csv c:\temp\users.csv | %{Set-MailboxFolderPermission -User $_.User -AccessRights LimitedDetails}
Set-MailboxFolderPermission -Identity xxx@xxx.com:\Calendar -User xxx.xxx -AccessRights Reviewer
Get-MailboxFolderPermission -Identity xxx@xxx.com:\Calendar

FolderName           User                 AccessRights                                          SharingPermissionFlags
----------           ----                 ------------                                          ----------------------
Calendar             Default              {LimitedDetails}
Calendar             Anonymous            {None}
Calendar             ExchangePublished... {Reviewer}
Calendar             Mary Appleton        {Editor}
You are still doing something wrong.  You stated you want everyone to have LImitedDetails

you will run 2 commands
the first command pulls all the  users who have calendar permissions set. Anonymous has no rights set so we will omit that user

Get-MailboxFolderPermission "Sales@yourdomain.com:\calendar"  | ?{$_.AccessRights -ne "None"} | Select User | export-csv c:\temp\users.csv -nti

The next command will reset all the rights to LimitedDetails

Import-csv c:\temp\users.csv | %{Set-MailboxFolderPermission -User $_.User -AccessRights LimitedDetails}

Yes but maybe I am not being clear (my fault):

This manager has all the following users with access rights to his (I assume) calendar:
Get-MailboxFolderPermission -Identity manager@xxx.com:\Calendar

FolderName           User                 AccessRights                                          SharingPermissionFlags
----------           ----                 ------------                                          ----------------------
Calendar             user a               {LimitedDetails}
Calendar             user b                    {None}
Calendar             ExchangePublished... {Reviewer}
Calendar             user c                  {Reviewer}
Calendar             user d                  {Reviewer}
Calendar             user e                 {Reviewer}
Calendar             user f               {Reviewer}
Calendar             user g                {Reviewer}
Calendar             user h               {Reviewer}
Calendar             user i               {Reviewer}
Calendar             user j              {Reviewer}
Calendar             user k               {Reviewer}
Calendar             user l              {Reviewer}
Calendar             user m               {Reviewer}
Calendar             user n               {Reviewer}
Calendar             user o                  {Reviewer}
Calendar             user p               {Reviewer}
Calendar             user q                  {Reviewer}
Calendar             user r               {Reviewer}
Calendar             user s               {Reviewer}
Calendar             user t               {Reviewer}

Is it possible to change all these permissions to LimitedAccess via powershell, such that they all say LimitedAccess, or do I need to do it per individual and get them to reshare
Also. what is ExchangePublished...?
ExchangePublished is a user who has external access.  If you want to see the email address

Get-MailboxFolderPermission manager@xxx.com:\Calendar | fl
Let's change them all to Limited access except for exchangePublished

Get-MailboxFolderPermission -Identity manager@xxx.com:\Calendar | ?{$_.User -ne "ExchangePublished"} | Select User | %{Set-MailboxFolderPermission -User $_.user -AccessRights LimitedDetails}

Perfect - that did it
Using the "Get-MailboxFolderPermission manager@xxx.com:\Calendar | fl" gave me the Identity details of the users
I am now changing the permissions successfully
Is it possible to do it as an all in one
At the present time I get it prompt to it for each user at a time
Otherwise it works exactly as I wanted it to
ASKER CERTIFIED SOLUTION
Avatar of FOX
FOX
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Thanks so much
You are a real star !!!!!