F from https://blogs.msmvps.com/acefekay/tag/get-mailboxfolderpermission/
Prologue
Ace Fekay here again.
You might say to yourself this is some really simple stuff. Sure, it might be, for the pro. As many of you know, I’m an avid Active Directory and Exchange server engineer/architect, and an MVP in Active Directory.
Therefore with AD, Exchange, and Office 365, you will find that scripting comes into play more and more with your daily tasks. The main reason I’m posting simple scripts is that to get the job done, I just needed an arsenal of simple quickie scripts when called upon a simple task, such as this one, dealing with mailbox permissions.
I hope this blog and my future scripts blogs, especially with Office 365, help you out.
Scope
These are a few examples of dealing with every day requests for calendar administration. Sure, you can do it from your web based, Office 365 tenant dashboard, but what fun is that?
And yes, this is simple stuff. The main reason I’m posting this, and I will be posting much more, including Office 365 scripts, is that I had to look it up. I’ve found various websites that provide how-tos, but when it comes to handling variables and piping, I’ve found there is no one place to get various examples and have found myself looking at multiple places to get this info, including my colleagues, who are extremely adept at scripting. With many place, I also see elaborate scripts that do more than what I need. They are fabulous blogs and websites, but sometimes I need the simple one-liners to perform day to day stuff.
Open PowerShell session and Login – Of course you first have to open a PowerShell session to your tenant account
Open a PowerShell window.
Run the following:
$MySession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $AceCred -Authentication Basic -AllowRedirection
This will prompt you to login using your credentials.
Then run:
import-pssession $MySession
To be able to run Start-OnlineCoexistenceSync Dirsync – on a DC
After you make any changes in your local AD, instead of waiting for the dirsync schedule to run, you can manually run a dirsync on your onprem AD to force a sync:
Command Prompt
cd “C:Program FilesMicrosoft Online Directory Sync”
Run:
.DirSyncConfigShell.psc1
Or just run:
“C:Program FilesMicrosoft Online Directory SyncDirSyncConfigShell.psc1”
Then run:
Start-OnlineCoexistenceSync or invoke-dirsync
To view the dirsync log, click on the DirSync icon in task bar that opens the Synchronization Service Manager. If it’s not on the task bar, it can be found in:
“C:Program FilesMicrosoft Online Directory SyncSYNCBUSSynchronization ServiceUIShellmiisclient.exe”
===========================================================
General Calendar Commands
To view the rights on a calendar:
get-mailboxfolderpermission MarySmith@contoso.com:Calendar
To add rights to a calendar for a user, JohnDoe, and providing him “Editor” access rights:
Add-MailboxFolderPermission -Identity Office.Vacation.Calendar@contoso.com:Calendar -User JohnDoe@contoso.com -AccessRights Editor
To remove JohnDoe’s rights from a calendar:
remove-mailboxfolderpermission -Identity Office.Vacation.Calendar@contoso.com:Calendar -User JohnDoe@contoso.com
Rule to move anything with subject, “Sent by Microsoft Exchange Server 2013” to a folder called, “Rejected Calendar Notifications”
New-InboxRule “Sent by Exchange 2013” -Mailbox MarySmith@contoso.com -MyNameInToBox $true -FlaggedForAction Any -SubjectOrBodyContainsWords “Sent by Microsoft Exchange Server 2013” -MoveToFolder “Rejected Calendar Notifications” -StopProcessingRules
New-InboxRule “SendOnBehalf Sent by Exchange 2013” -Mailbox JohnDoe -MyNameInToBox $true -FlaggedForAction Any -SubjectOrBodyContainsWords “Sent by Microsoft Exchange Server 2013” -MoveToFolder “Rejected Calendar Notifications” –StopProcessingRules
Create a shared calendar in Office 365 without creating it in our Active Directory so we don’t get charged for a license.
This is an example for creating a shared calendar called “Ace’s Cancelled Meetings” with a username of AceCancelledMeetings.
1. New-Mailbox -Name “AceCancelledMeetings” -DisplayName “Ace’s Cancelled Meetings” -Share
If required:
2. UserPrincipalName: AceCancelledMeetings@YourDomain.onmicrosoft.com
Give permissions for Mary Smith (MarySmith) to access the calendar.
3. Add-MailboxfolderPermission AceCancelledMeetings:Calendar -user “MarySmith” -AccessRights editor
Give permissions for John Doe (JohnDoe) to access the calendar.
4. Add-MailboxfolderPermission AceCancelledMeetings:Calendar -user “JohnDoe” -AccessRights editor
Give permissions for John Smith (JohnSmith) to access the calendar:
5. Add-MailboxfolderPermission AceCancelledMeetings:Calendar -user “JohnSmith” -AccessRights editor
Get permissions Examples for a calendar:
PS C:Windows> (Get-MailboxFolderPermission JohnDoe:Calendar) | select user
Output:
User
—-
Default
User One
User Two
User Three
User Four
User Five
User Six
User Seven
User Eight
To display the accessrights for a calendar:
PS C:> (Get-MailboxFolderPermission JohnDoe:Calendar) | select user,accessrights
User AccessRights
—- ————
Default {AvailabilityOnly}
User One {Reviewer}
User Two {Reviewer}
User Three {Reviewer}
User Four {Reviewer}
User Five {Reviewer}
User Six {Editor}
User Seven {Editor}
User Eight {Editor}
User Nine {Owner}
PS C:> get-MailboxFolderPermission -Identity ConfRoom1:Calendar
FolderName User AccessRights
———- —- ————
Calendar Default {AvailabilityOnly}
Calendar Anonymous {None}
Calendar Ace Fekay {Editor}
Calendar User One {PublishingEditor}
Calendar User Two {PublishingEditor}
Calendar User Three {PublishingEditor}
Calendar User Four {PublishingEditor}
Calendar User Five {Editor}
Office 365 Alias issues
If the user’s alias, such as “JohnDoe,” doesn’t work, run the following to find and use the identifier Microsoft assigned to the user:
get-mailbox JohnDoe@contoso.com
For example, the above query returned:
JohnDoe_8672d315f2
Therefore, I had to run the following command to add permissions for that user:
Add-MailboxFolderPermission -Identity ConfRoom22:Calendar -User “JohnDoe_8672d315f2” -AccessRights Reviewer
Command to Add permissions to one Calendar for multiple users (list of users) importing a list of users in a text file and piping the command:
Get-Content c:Scriptsusers.txt | foreach {Add-MailboxFolderPermission -Identity Classroom2:calendar -User $_ -AccessRights Editor}
Content of “users.txt:”
UserOne@contoso.com
UserTwo@contoso.com
UserThree@contoso.com
UserFour@contoso.com
UserFive@contoso.com
UserSix@contoso.com
UserSeven@contoso.com
UserEight@contoso.com
If you need to change the permissions on the calendar for a set of user, use the same format except use the ‘set-calendar’ command:
Get-Content c:Scriptsusers.txt | foreach {Set-MailboxFolderPermission -Identity Classroom2:calendar -User $_ -AccessRights Editor}
If you need to give a single user permissions to multiple calendars:
This is giving MikeSmith@contoso.com access to multiple calendars
Get-Content C:ScriptsListOfCalendars.txt | foreach {Add-MailboxFolderPermission -Identity $_ -User MikeSmith@contoso.com -AccessRights Editor}
Content of “ListOfCalendars.txt:”
HospitalFloor1West@contoso.com:Calendar
HospitalFloor1East@contoso..com:Calendar
HospitalFloor1South@contoso..com:Calendar
HospitalFloor1North@contoso..com:Calendar
HospitalFloor2West@contoso..com:Calendar
HospitalFloor2East@contoso..com:Calendar
HospitalFloor2South@contoso..com:Calendar
HospitalFloor2North@contoso..com:Calendar
To provide permissions to multiple calendars for a list of users.
There are two variables in this scenario.
First you must bring in the list of users into memory. In this case, the users are in filename, “ListOfUsers.txt.” Now run the following to bring the users
Pull the list into memory:
PS C:> $users= get-content C:ScriptsListOfUsers.txt
If you like, you can double check and see what’s in the file you just pulled in by simply typing in the variable name and hit enter:
PS C:> $users
UserOne@contoso.com
UserTwo@contoso.com
UserThree@contoso.com
UserFour@contoso.com
UserFive@contoso.com
UserSix@contoso.com
UserSeven@contoso.com
UserEight@contoso.com
etc
You can also run the following format to get the same info on the file:
PS C:> $users | get-member
UserOne@contoso.com
UserTwo@contoso.com
UserThree@contoso.com
UserFour@contoso.com
UserFive@contoso.com
UserSix@contoso.com
UserSeven@contoso.com
UserEight@contoso.com
etc
Then you bring the list of rooms into memory, “ListOfRooms.txt”
PS C:> $resources = get-content c:ScriptsListOfRooms.txt
Then to see what’s in the file, run:
PS C:> $resources
ConfRoom1
ConfRoom2
ConfRoom3
ConfRoom4
ConfRoom5
ConfRoom6
ConfRoom7
ConfRoom8
etc
Now let’s take a look at what the calendar processsing is for one of the rooms:
PS C:> Get-CalendarProcessing ConfRoom1
Identity AutomateProcessing
——– ——————
ConfRoom1 AutoUpdate
To get more information about the calendar processing data for the room:
PS C:> Get-CalendarProcessing ConfRoom1 | fl
RunspaceId : <snipped>
AutomateProcessing : AutoUpdate
AllowConflicts : False
BookingWindowInDays : 180
MaximumDurationInMinutes : 1440
AllowRecurringMeetings : True
EnforceSchedulingHorizon : True
ScheduleOnlyDuringWorkHours : False
ConflictPercentageAllowed : 0
MaximumConflictInstances : 0
ForwardRequestsToDelegates : True
DeleteAttachments : True
DeleteComments : True
RemovePrivateProperty : True
DeleteSubject : True
AddOrganizerToSubject : True
DeleteNonCalendarItems : True
TentativePendingApproval : True
EnableResponseDetails : True
OrganizerInfo : True
ResourceDelegates : {}
RequestOutOfPolicy : {}
AllRequestOutOfPolicy : False
BookInPolicy : {}
AllBookInPolicy : True
RequestInPolicy : {}
AllRequestInPolicy : False
AddAdditionalResponse : False
AdditionalResponse :
RemoveOldMeetingMessages : True
AddNewRequestsTentatively : True
ProcessExternalMeetingMessages : False
RemoveForwardedMeetingNotifications : False
MailboxOwnerId : ConfRoom1
Identity : ConfRoom1
IsValid : True
ObjectState : Changed
And now the moment you’ve been waiting for: Run the following command to set Calenar Processing settings for multiple users for multiple calendars:
PS C:> $resources | foreach {Set-CalendarProcessing $_ -AutomateProcessing autoaccept -bookinpolicy $users}
Another example providing Editor rights to a list of calendars
This is for the IT-Rooms where we must give a list of users “Editor” permissions to a list mailbox Calendars.
List of users are in file: c:ScriptsListOfUsers.txt
List of mailbox room calendars c:ListOfRooms.txt
=====
1. Pull the list of users into memory first:
$users= get-content c:ScriptsListOfUsers.txt
Run $users to see what’s in the file to be sure:
$users
or
$users | get-member
=====
2. Pull in the rooms or calendars into memory:
$resources = get-content c:ListOfRooms.txt
If you want, run this to see what’s in that file:
$resources
or
$resources | get-member
If you want, run this to see what calendar processing is currently set on one of the rooms:
get-CalendarProcessing ConfRoom1 | fl
=====
3. Run it:
$resources | foreach {Add-MailboxFolderPermission -Identity $_:calendar -User $Users -AccessRights Editor}
=====
Or just create a DL, and add the list of users to the DL, then run the following:
This gives the group ConfRoomSchedulers@contoso.com “Editor” access rights on the rooms listed in the file ListOfRooms.txt:
Get-Content ListOfRooms.txt | foreach {Add-MailboxFolderPermission -Identity $_ -User ConfRoomSchedulers@contoso.com -AccessRights Editor}
ListOfRooms.txt contains:
ConfRoom1@contoso.com:calendar
ConfRoom2@contoso.com:calendar
ConfRoom3@contoso.com:calendar
ConfRoom4@contoso.com:calendar
ConfRoom5@contoso.com:calendar
Change the “Default” user on a list of calendars (rroms) or users to “None.”
Get-Content c:ScriptsListOfRooms.txt | foreach {Set-MailboxFolderPermission -Identity $_:Calendar -User Default -AccessRights None}
Removing Permissions for a folder (calendar in this example)
Remove-MailboxFolderPermission -Identity <mailbox>:Calendar –User <Mailbox-that-will-be-removed-from-Calendar-Permissions>
remove-MailboxfolderPermission ConferenceRoom1 -user “John Doe” -AccessRights editor
remove-MailboxfolderPermission ConferenceRoom1:Calendar -user “JohnDoe”
Then confirm with:
get-MailboxFolderPermission -Identity ConferenceRoom1:Calendar
Create a conference room. Do not allow anyone to book the room other than the people that have access rights to the room:
Set-Calendarprocessing VeryImportantConfRoom7thFloor@contoso.com -AddAdditionalResponse $true -AdditionalResponse “<p><strong><font color=red
size=4>Scheduling request denied.</strong><font></p><p><font color=blue size=4>Reason code: You are not authorized to schedule meetings or
appointments in the Very Important Conference Room 7th Floor. If you must book an entry in the room, please submit a request to either Mary Smith,
John Doe, or Robert Redford. Thank you.</p><p>Your Company’s IT Department.</font></p>”
More to come…
Comments are welcomed.
==================================================================