Script Repository


Set default calendar permissions for distribution list members

April 24, 2017
1285

The script sets default calendar permissions for mailboxes who are members of a distribution list.

To set the permissions with the help of the script, you can create a Custom Command for Group objects and run it on the Distribution List you need. To apply the permissions on a certain schedule, you can create a Scheduled Task and include the necessary group in the Activity Scope.

To add the script to a Custom Command or Scheduled Task, use the Run a program or PowerShell script action.

Exchange On-Premises

This script sets default permissions in an Exchange On-Premises environment.

Parameters:

  • $exchangeServer - specifies the fully qualified domain name (FQDN) of the Exchange Server that will be used to perform the operation;
  • $accessRights - specifies the user access rights to grant.
Edit Remove
PowerShell
$exchangeServer = "exchnageserver.domain.com" # TODO: modify me
$accessRights = "Reviewer" # TODO: modify me

function SearchObjects($filter, $properties)
{
    $searcher = $Context.BindToObject("Adaxes://rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SetPropertiesToLoad($properties)
    $searcher.VirtualRoot = $True
    
    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Get GUIDs of group members
try
{
    $membersGuidsBytes = $Context.TargetObject.GetEx("adm-DirectMembersGuid")
}
catch
{
    return # No members
}

# Find group members who have mailboxes
$filter = New-Object "System.Text.StringBuilder"
[void]$filter.Append("(&(sAMAccountType=805306368)(mailNickname=*)(homeMDB=*)(|")

foreach ($guidBytes in $membersGuidsBytes)
{
    [void]$filter.Append([Softerra.Adaxes.Ldap.FilterBuilder]::Create("ObjectGuid", $guidBytes))
}
[void]$filter.Append("))")

$searchResults = SearchObjects $filter.ToString() @("ObjectGUID", "sAMAccountName")

if ($searchResults -eq 0)
{
    return # No members with mailboxes
}

try
{
    # Create a remote PowerShell session to Exchange Server
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$exchangeServer/PowerShell
    Import-PSSession $session -DisableNameChecking -AllowClobber -CommandName "Get-MailboxFolderStatistics", "Get-MailboxFolderPermission", "Set-MailboxFolderPermission"
    
    foreach ($searchResult in $searchResults)
    {
        # Get Calendar Object Identity
        $guid = [Guid]$searchResult.Properties["ObjectGUID"].Value
        $calendarName = (Get-MailboxFolderStatistics -Identity $guid.ToString() -FolderScope Calendar | select -First 1).Name
        $userName = $searchResult.Properties["sAMAccountName"].Value
        $calendarIdentity = "$userName`:\$calendarName"
        
        # Get calendar permissions
        $calendarPermissions = Get-MailboxFolderPermission $calendarIdentity
        foreach ($permission in $calendarPermissions)
        {
            if ($permission.User.DisplayName -ne "Default")
            {
                continue
            }
            
            if ($permission.AccessRights -notcontains $accessRights)
            {
                Set-MailboxFolderPermission -User "Default" -AccessRights $accessRights -Identity $calendarIdentity
            }
            
            break
        }
    }
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession $session }
}

Exchange Hybrid

This version of the script sets the permissions in an Exchange Hybrid environment.

Parameter:

  • $accessRights - specifies the user access rights to grant.
Edit Remove
PowerShell
$accessRights = "Reviewer" # TODO: modify me

try
{
    # Create a remote PowerShell session to Exchange Online
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $Context.GetOffice365Credential() -Authentication Basic -AllowRedirection
    Import-PSSession $session -DisableNameChecking -AllowClobber -CommandName "Get-MailboxFolderStatistics", "Get-MailboxFolderPermission", "Set-MailboxFolderPermission", "Get-DistributionGroupMember"
    
    try
    {
        [Object[]]$mailboxes = Get-DistributionGroupMember -Identity "%name%" -ErrorAction Stop | Where-Object {$_.RecipientType -eq "UserMailbox"}
    }
    catch
    {
        $Context.LogMessage("An error occurred when getting group members. Error: " + $_.Exception.Message, "Warning")
        return
    }
    
    if ($mailboxes -eq $NULL)
    {
        return # No members with mailboxes
    }
    
    foreach ($mailbox in $mailboxes)
    {
        # Get Calendar Object Identity
        $calendarName = (Get-MailboxFolderStatistics -Identity $mailbox.ExternalDirectoryObjectId -FolderScope Calendar | select -First 1).Name
        $calendarIdentity = "$($mailbox.SamAccountName)`:\$calendarName"
        
        # Get Calendar permissions
        $calendarPermissions = Get-MailboxFolderPermission $calendarIdentity
        foreach ($permission in $calendarPermissions)
        {
            if ($permission.User.DisplayName -ne "Default")
            {
                continue
            }
            
            if ($permission.AccessRights -notcontains $accessRights)
            {
                Set-MailboxFolderPermission -User "Default" -AccessRights $accessRights -Identity $calendarIdentity
            }
            
            break
        }
    }
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession $session }
}


Comments ( 0 )
No results found.
Leave a comment