We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Set default calendar permissions for distribution list members

February 18, 2021 Views: 5977

The script sets default calendar permissions for mailboxes who are members of a distribution list. To execute the script, you can create a custom command or a scheduled task configured for the Group object type.

Exchange On-Premises

Parameters:

  • $exchangeServer - Specifies the fully qualified domain name (FQDN) of the Exchange Server that will be used to perform the operation.
  • $accessRights - Specifies the user access rights to grant.
Edit Remove
PowerShell
$exchangeServer = "exchnageserver.domain.com" # TODO: modify me
$accessRights = "Reviewer" # TODO: modify me

function SearchObjects($filter, $properties)
{
    $searcher = $Context.BindToObject("Adaxes://rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SetPropertiesToLoad($properties)
    $searcher.VirtualRoot = $True
    
    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Get GUIDs of group members
try
{
    $membersGuidsBytes = $Context.TargetObject.GetEx("adm-DirectMembersGuid")
}
catch
{
    return # No members
}

# Find group members who have mailboxes
$filter = New-Object "System.Text.StringBuilder"
[void]$filter.Append("(&(sAMAccountType=805306368)(mailNickname=*)(homeMDB=*)(|")

foreach ($guidBytes in $membersGuidsBytes)
{
    [void]$filter.Append([Softerra.Adaxes.Ldap.FilterBuilder]::Create("ObjectGuid", $guidBytes))
}
[void]$filter.Append("))")

$searchResults = SearchObjects $filter.ToString() @("ObjectGUID", "sAMAccountName")

if ($searchResults -eq 0)
{
    return # No members with mailboxes
}

try
{
    # Create a remote PowerShell session to Exchange Server
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$exchangeServer/PowerShell
    Import-PSSession $session -DisableNameChecking -AllowClobber -CommandName "Get-MailboxFolderStatistics", "Get-MailboxFolderPermission", "Set-MailboxFolderPermission"
    
    foreach ($searchResult in $searchResults)
    {
        # Get Calendar Object Identity
        $guid = [Guid]$searchResult.Properties["ObjectGUID"].Value
        $calendarName = (Get-MailboxFolderStatistics -Identity $guid.ToString() -FolderScope Calendar | select -First 1).Name
        $userName = $searchResult.Properties["sAMAccountName"].Value
        $calendarIdentity = "$userName`:\$calendarName"
        
        # Get calendar permissions
        $calendarPermissions = Get-MailboxFolderPermission $calendarIdentity
        foreach ($permission in $calendarPermissions)
        {
            if ($permission.User.DisplayName -ne "Default")
            {
                continue
            }
            
            if ($permission.AccessRights -notcontains $accessRights)
            {
                Set-MailboxFolderPermission -User "Default" -AccessRights $accessRights -Identity $calendarIdentity
            }
            
            break
        }
    }
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession $session }
}

Exchange Hybrid

Parameter:

  • $accessRights - specifies the user access rights to grant.
Edit Remove
PowerShell
$accessRights = "Reviewer" # TODO: modify me

try
{
    # Connect to Exchange Online
    $session = $Context.CloudServices.CreateExchangeOnlinePSSession()
    Import-PSSession $session -DisableNameChecking -AllowClobber -CommandName "Get-MailboxFolderStatistics", "Get-MailboxFolderPermission", "Set-MailboxFolderPermission", "Get-DistributionGroupMember"
    
    try
    {
        [Object[]]$mailboxes = Get-DistributionGroupMember -Identity "%name%" -ErrorAction Stop | Where-Object {$_.RecipientType -eq "UserMailbox"}
    }
    catch
    {
        $Context.LogMessage("An error occurred when retrieving group members. Error: " + $_.Exception.Message, "Warning")
        return
    }
    
    if ($mailboxes -eq $NULL)
    {
        return # No members with mailboxes
    }
    
    foreach ($mailbox in $mailboxes)
    {
        # Get Calendar object identity
        $calendarName = (Get-MailboxFolderStatistics -Identity $mailbox.ExternalDirectoryObjectId -FolderScope Calendar | select -First 1).Name
        $calendarIdentity = "$($mailbox.SamAccountName)`:\$calendarName"
        
        # Get Calendar permissions
        $calendarPermissions = Get-MailboxFolderPermission $calendarIdentity
        foreach ($permission in $calendarPermissions)
        {
            if ($permission.User.DisplayName -ne "Default")
            {
                continue
            }
            
            if ($permission.AccessRights -notcontains $accessRights)
            {
                Set-MailboxFolderPermission -User "Default" -AccessRights $accessRights -Identity $calendarIdentity
            }
            
            break
        }
    }
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession $session }
}

Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers