The script sets default calendar permissions for mailboxes who are members of a distribution list. To execute the script, you can create a custom command or a scheduled task configured for the Group object type.
Exchange On-Premises
Parameters:
- $exchangeServer - Specifies the fully qualified domain name (FQDN) of the Exchange Server that will be used to perform the operation.
- $accessRights - Specifies the user access rights to grant.
PowerShell
$exchangeServer = "exchnageserver.domain.com" # TODO: modify me
$accessRights = "Reviewer" # TODO: modify me
function SearchObjects($filter, $properties)
{
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.SearchFilter = $filter
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad($properties)
$searcher.VirtualRoot = $True
try
{
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
return ,$searchResults
}
finally
{
# Release resources
if ($searchResultIterator){ $searchResultIterator.Dispose() }
}
}
# Get GUIDs of group members
try
{
$membersGuidsBytes = $Context.TargetObject.GetEx("adm-DirectMembersGuid")
}
catch
{
return # No members
}
# Find group members who have mailboxes
$filter = New-Object "System.Text.StringBuilder"
[void]$filter.Append("(&(sAMAccountType=805306368)(mailNickname=*)(homeMDB=*)(|")
foreach ($guidBytes in $membersGuidsBytes)
{
[void]$filter.Append([Softerra.Adaxes.Ldap.FilterBuilder]::Create("ObjectGuid", $guidBytes))
}
[void]$filter.Append("))")
$searchResults = SearchObjects $filter.ToString() @("ObjectGUID", "sAMAccountName")
if ($searchResults -eq 0)
{
return # No members with mailboxes
}
try
{
# Create a remote PowerShell session to Exchange Server
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$exchangeServer/PowerShell
Import-PSSession $session -DisableNameChecking -AllowClobber -CommandName "Get-MailboxFolderStatistics", "Get-MailboxFolderPermission", "Set-MailboxFolderPermission"
foreach ($searchResult in $searchResults)
{
# Get Calendar Object Identity
$guid = [Guid]$searchResult.Properties["ObjectGUID"].Value
$calendarName = (Get-MailboxFolderStatistics -Identity $guid.ToString() -FolderScope Calendar | select -First 1).Name
$userName = $searchResult.Properties["sAMAccountName"].Value
$calendarIdentity = "$userName`:\$calendarName"
# Get calendar permissions
$calendarPermissions = Get-MailboxFolderPermission $calendarIdentity
foreach ($permission in $calendarPermissions)
{
if ($permission.User.DisplayName -ne "Default")
{
continue
}
if ($permission.AccessRights -notcontains $accessRights)
{
Set-MailboxFolderPermission -User "Default" -AccessRights $accessRights -Identity $calendarIdentity
}
break
}
}
}
finally
{
# Close the remote session and release resources
if ($session) { Remove-PSSession $session }
}
Exchange Hybrid
Parameter:
- $accessRights - specifies the user access rights to grant.
PowerShell
$accessRights = "Reviewer" # TODO: modify me
try
{
# Connect to Exchange Online
$session = $Context.CloudServices.CreateExchangeOnlinePSSession()
Import-PSSession $session -DisableNameChecking -AllowClobber -CommandName "Get-MailboxFolderStatistics", "Get-MailboxFolderPermission", "Set-MailboxFolderPermission", "Get-DistributionGroupMember"
try
{
[Object[]]$mailboxes = Get-DistributionGroupMember -Identity "%name%" -ErrorAction Stop | Where-Object {$_.RecipientType -eq "UserMailbox"}
}
catch
{
$Context.LogMessage("An error occurred when retrieving group members. Error: " + $_.Exception.Message, "Warning")
return
}
if ($mailboxes -eq $NULL)
{
return # No members with mailboxes
}
foreach ($mailbox in $mailboxes)
{
# Get Calendar object identity
$calendarName = (Get-MailboxFolderStatistics -Identity $mailbox.ExternalDirectoryObjectId -FolderScope Calendar | select -First 1).Name
$calendarIdentity = "$($mailbox.SamAccountName)`:\$calendarName"
# Get Calendar permissions
$calendarPermissions = Get-MailboxFolderPermission $calendarIdentity
foreach ($permission in $calendarPermissions)
{
if ($permission.User.DisplayName -ne "Default")
{
continue
}
if ($permission.AccessRights -notcontains $accessRights)
{
Set-MailboxFolderPermission -User "Default" -AccessRights $accessRights -Identity $calendarIdentity
}
break
}
}
}
finally
{
# Close the remote session and release resources
if ($session) { Remove-PSSession $session }
}