This is a tutorial on how to add calendar permissions in Office 365 for your users via PowerShell. You can add the permissions on a specific user’s mailbox, or you can add it onto an AD security group.
By default, Exchange (and Office 365) users can’t view messages or calendar items of other users. The only permission that is provided to all users by default is the ability to view free/busy information in the calendar of other users (AvailabilityOnly role).
Users can independently grant the necessary permissions to mailbox folders and items to other users from the Outlook/OWA interface. Unfortunately, in Exchange 2016/2013 and Exchange Online (Office 365), the administrator cannot centrally manage calendar permissions from the GUI (Exchange MMC, EAC—Exchange Administration Center or Office 365 admin portal). In Exchange 2010 a built-in Add-MailboxFolderPermission cmdlet has appeared that allows you to manage user permissions on any users’ mailbox folder. This cmdlet is also supported in Office 365.
Office 365 Calendar Permissions
Step 1. Run PowerShell
The first is step is to launch Windows PowerShell. We recommend running it as Administrator.
Step 2. Getting Office 365 Credentials
Run the following command to login to 365 via PowerShell with your Office 365 tenant admin credentials:
$LiveCred = Get-Credential
Step 3. Connect Your Office 365 Tenant
Now you need to create a new session:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection
Step 4. Import Office 365 Session to PowerShell
Now you need to import the Office 365 session:
Import-PSSession $Session
Step 5. Viewing Current Calendar Permissions with PowerShell
You can view current calendar permissions of the specified mailbox by using the following:
Get-MailboxFolderPermission username:\calendar
Note. If this command returns that ‘username:\calendar’cannot be found, it most likely means that the user has Outlook language settings other than English. Appropriately, the Calendar folder can be called differently. For example, for the Dutch Language (nl-NL), to view calendar permissions, use the command:
Get-MailboxFolderPermission username:\Agenda
You can get the name of the calendar in the current user’s language configuration with the command:
(Get-MailboxFolderStatistics username -FolderScope Calendar).Identity -replace "\", ":\"
As you can see by default on a calendar folder assigned only AvailabilityOnly role.
You can get the list of all user’s calendars default permissions using the following command:
Get-Mailbox | ForEach-Object {Get-MailboxFolderPermission $_”:\calendar”} | Where {$_.User -like “Default”} | Select Identity, User, AccessRights
Tip. In on-premise Exchange, you can view user calendar settings in a specific mailbox database with the command:
Get-Mailbox –database mbxdbname | ForEach-Object {Set-MailboxFolderPermission $_”:\calendar” -User Default -AccessRights Reviewer}
Step 6. Office 365 Mailbox Access Roles
You can use these available access roles:
- Owner — read, create, modify and delete all items and folders. Also this role allows manage items permissions;
- PublishingEditor — read, create, modify and delete items/subfolders;
- Editor — read, create, modify and delete items;
- PublishingAuthor — read, create all items/subfolders. You can modify and delete only items you create;
- Author — create and read items; edit and delete own items NonEditingAuthor – full read access and create items. You can delete only your own items;
- Reviewer — read-only;
- Contributor — create items and folders;
- AvailabilityOnly — read free/busy information from the calendar;
- LimitedDetails;
- None — no permissions to access folder and files.
Step 7. Assigning Office 365 Calendar Permissions with PowerShell
Now run the following command. In the example below, user2 would be able to open user1 calendar and edit it:
Add-MailboxFolderPermission -Identity user1@domain.com:\calendar -user user2@domain.com -AccessRights Editor
If you need to change the Default permissions for the calendar folder (to allow all users view a calendar of the specified user), run the command:
Set-MailboxFolderPermission -Identity user1@domain.com:\calendar -User Default -AccessRights Reviewer
Check permissions again using the Get-MailboxFolderPermissions cmdlet, they should change:
Get-MailboxFolderPermission -Identity user1@domain.com:\calendar
FolderName User AccessRights
———- —- ————
Calendar Default {Reviewer}
Calendar Anonymous {None}
Calendar user2 {Editor}
You can also grant permissions to the mailbox not to an individual user, but the Exchange distribution group.
New-DistributionGroup -Type Security -Name “Resource Calendar Owners” -Alias “grResourceCalendarAccess”
add-MailboxFolderPermission -Identity user1@domain.com:\calendar -User grResourceCalendarAccess -AccessRights Owner
In some cases, you need to grant Reviewer permissions on a calendar folder in all mailboxes to all users in your Exchange organization. You can make this bulk permission change using a simple PowerShell script. To change Default calendar permission for all mailbox in mailbox database to Reviewer:
Get-Mailbox | ForEach-Object {Set-MailboxFolderPermission $_”:\calendar” -User Default -AccessRights Reviewer}
Also, you can prepare a CSV file with a list of users and assign them permissions to access a specific user’s calendar:
Import-Csv users.csv | foreach { add-MailboxFolderPermission -Identity "user1@domain.com:\calendar" -User $_.alias -AccessRights Owner }
To remove permission use Remove-MailboxFolderPermission cmdlet:
Remove-MailboxFolderPermission -Identity user1@domain.com:\calendar –user user2@domain.com
Now you can disconnect your PowerShell session from Office 365:
Remove-PSSession $Session
Alternative Script
Also see this 365 script for setting calendar permissions: Set Calendar Permission in Office 365 Exchange Online.
I am getting the error that the [FailureCategory=Cmdlet-UserAlreadyExistsInPermissionEntryException]
I am pretty sure they tried to setup sharing themselves and they have away/busy information only. Do you know of a way to change the permissions or remove them so I can add the PublishingEditor permissions they need?
Thanks, this is very helpful! (Jason’s comment about Use Set-MailboxFolderPermission for existing users was also helpful.)
A couple things to add:
– “None” is also an available role
– You can specify “Default” for the user parameter
Awesome! Thanks!
Is there an option to set everyones mailbox to reviewer access? i.e so everyone can have review access?
Great info
Is it possible to use a group ( security / distribution ) to assign permissions rather than individual users ? We are looking at our resource calendars to do this on
Hey, Daniel!
Create new security distribution group:
New-DistributionGroup -Type Security -Name “Access to Resource Calendars” -Alias “grResourceCalendAcess”
And add users to this group.
Grant permissions to resource calendar:
add-MailboxFolderPermission -Identity user_name:Calendar -User grResourceCalendAcess -AccessRights Owner
Hey
Awesome! Thanks for the reply!
Cheers
Daniel
STEP 2: Connecting to remote server failed…..
I get an error when trying Import-PSSession $Session. It says “The term ‘Import’ is not recognized as the name of a cmdlet…etc.”
This is quite archaic. Is there no way to do this through the admin portal?
Worked fantastically!
If used in tandem with the PowerShell for Office 365 tool (which essentially has all of the modules built in and starts you at the domain admin login step) then it’s literally a one command job.
Very awesome 🙂
Getting the following error in step 7 when I run
Get-Mailbox –database mbxdbname | ForEach-Object {Set-MailboxFolderPermission $_”:\calendar” -User Default -AccessRights Reviewer}
I get:
A parameter cannot be found that matches parameter name ‘database’.
+ CategoryInfo : InvalidArgument: (:) [Get-Mailbox], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Get-Mailbox
+ PSComputerName : ps.outlook.com
Getting this error too.
remove: –database mbxdbname
Works well thanks. Annoying there is no GUI option in Exchange online but this will do.
I recieve and error about Get-MailboxFolderPermission username:\calendar.
Get-MailboxFolderPermission : The term ‘Get-MailboxFolderPermission’
is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At line:1 char:1
+ Get-MailboxFolderPermission
username:\calenda …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-MailboxFolderPermis
sion:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Anyone else seeing this?
Thanks
Receiving the same error:
A positional parameter cannot be found that accepts argument ‘Get-MailboxFolderPermission $_”:\calendar”’.
+ CategoryInfo : InvalidArgument: (:) [Get-Mailbox], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Get-Mailbox
+ PSComputerName : ps.outlook.com
Heyhey!
For me it says for “username:\calendar” that it cannot be found… Just “username” is found. Any ideas how to access the calendar now? 🙁
Hi, if the person has outlook in a different language then you need to use that language for the :\calendar.
Example user1@domain.com:\calendar\kalender\calendario\calendrier
Hi all, i have read the comments and advise above and think that it will work. However, to me the remark was made that it should be possible to read someone else’s calender, but the items that are put in the calender and are marked as private should not be (or just be basic) visible to the person accessing the calender. Does “-AccessRights Reviewer” do that or do i need more? Our Personnel Officer needs access to the CEO’s calender except for the private items.
Nice write-up, thanks for the help.
1) I’d like to hear an answer to Paul’s question as well.
2) Trying to see the default user calendar permissions throws an error for me. When I run this:
” Get-MailboxFolderPermission Default:\calendar”
I get this:
“The specified mailbox “Default” doesn’t exist.
+ CategoryInfo : NotSpecified: (:) [Get-MailboxFolderPermission], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=BYAPR11MB3510,RequestId=929235a4-b9f6-4188-8fd1-2ea5ce344d0b,TimeStamp=7/8/2019 7:35:43 PM
] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] F470BBDC,Microsoft.Exchange.Management.StoreTasks.GetMailboxFol
derPermission
+ PSComputerName : outlook.office365.com”
Thank you so much for putting up this tutorial, It really helped me a lot!