Script Repository

Set default calendar permissions for distribution list members

February 18, 2021 Views: 5977
Exchange Group Membership Microsoft 365 (Office 365)

The script sets default calendar permissions for mailboxes who are members of a distribution list. To execute the script, you can create a custom command or a scheduled task configured for the Group object type.

Exchange On-Premises

Parameters:

  • $exchangeServer - Specifies the fully qualified domain name (FQDN) of the Exchange Server that will be used to perform the operation.
  • $accessRights - Specifies the user access rights to grant.
Edit Remove
PowerShell
$exchangeServer = "exchnageserver.domain.com" # TODO: modify me
$accessRights = "Reviewer" # TODO: modify me

function SearchObjects($filter, $properties)
{
    $searcher = $Context.BindToObject("Adaxes://rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SetPropertiesToLoad($properties)
    $searcher.VirtualRoot = $True
    
    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Get GUIDs of group members
try
{
    $membersGuidsBytes = $Context.TargetObject.GetEx("adm-DirectMembersGuid")
}
catch
{
    return # No members
}

# Find group members who have mailboxes
$filter = New-Object "System.Text.StringBuilder"
[void]$filter.Append("(&(sAMAccountType=805306368)(mailNickname=*)(homeMDB=*)(|")

foreach ($guidBytes in $membersGuidsBytes)
{
    [void]$filter.Append([Softerra.Adaxes.Ldap.FilterBuilder]::Create("ObjectGuid", $guidBytes))
}
[void]$filter.Append("))")

$searchResults = SearchObjects $filter.ToString() @("ObjectGUID", "sAMAccountName")

if ($searchResults -eq 0)
{
    return # No members with mailboxes
}

try
{
    # Create a remote PowerShell session to Exchange Server
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$exchangeServer/PowerShell
    Import-PSSession $session -DisableNameChecking -AllowClobber -CommandName "Get-MailboxFolderStatistics", "Get-MailboxFolderPermission", "Set-MailboxFolderPermission"
    
    foreach ($searchResult in $searchResults)
    {
        # Get Calendar Object Identity
        $guid = [Guid]$searchResult.Properties["ObjectGUID"].Value
        $calendarName = (Get-MailboxFolderStatistics -Identity $guid.ToString() -FolderScope Calendar | select -First 1).Name
        $userName = $searchResult.Properties["sAMAccountName"].Value
        $calendarIdentity = "$userName`:\$calendarName"
        
        # Get calendar permissions
        $calendarPermissions = Get-MailboxFolderPermission $calendarIdentity
        foreach ($permission in $calendarPermissions)
        {
            if ($permission.User.DisplayName -ne "Default")
            {
                continue
            }
            
            if ($permission.AccessRights -notcontains $accessRights)
            {
                Set-MailboxFolderPermission -User "Default" -AccessRights $accessRights -Identity $calendarIdentity
            }
            
            break
        }
    }
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession $session }
}

Exchange Hybrid

Parameter:

  • $accessRights - specifies the user access rights to grant.
Edit Remove
PowerShell
$accessRights = "Reviewer" # TODO: modify me

try
{
    # Connect to Exchange Online
    $session = $Context.CloudServices.CreateExchangeOnlinePSSession()
    Import-PSSession $session -DisableNameChecking -AllowClobber -CommandName "Get-MailboxFolderStatistics", "Get-MailboxFolderPermission", "Set-MailboxFolderPermission", "Get-DistributionGroupMember"
    
    try
    {
        [Object[]]$mailboxes = Get-DistributionGroupMember -Identity "%name%" -ErrorAction Stop | Where-Object {$_.RecipientType -eq "UserMailbox"}
    }
    catch
    {
        $Context.LogMessage("An error occurred when retrieving group members. Error: " + $_.Exception.Message, "Warning")
        return
    }
    
    if ($mailboxes -eq $NULL)
    {
        return # No members with mailboxes
    }
    
    foreach ($mailbox in $mailboxes)
    {
        # Get Calendar object identity
        $calendarName = (Get-MailboxFolderStatistics -Identity $mailbox.ExternalDirectoryObjectId -FolderScope Calendar | select -First 1).Name
        $calendarIdentity = "$($mailbox.SamAccountName)`:\$calendarName"
        
        # Get Calendar permissions
        $calendarPermissions = Get-MailboxFolderPermission $calendarIdentity
        foreach ($permission in $calendarPermissions)
        {
            if ($permission.User.DisplayName -ne "Default")
            {
                continue
            }
            
            if ($permission.AccessRights -notcontains $accessRights)
            {
                Set-MailboxFolderPermission -User "Default" -AccessRights $accessRights -Identity $calendarIdentity
            }
            
            break
        }
    }
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession $session }
}

Comments 0
Leave a comment
Related Scripts

Got questions?

Support Questions & Answers