add calendar permissions office 365 powershell

Add/Remove Calendar Permissions in Office 365/Exchange via PowerShell


This is a tutorial on how to view, add and remove mailbox calendar permissions on Office 365 (and on-premises Exchange) for your users via PowerShell (without changing permission from owner’s Outlook). For example, you need to give read permissions to room mailboxes for few users. You can grant room mailboxes calendar permissions for specific users or for an AD security group. In most cases, you need to assign calendar permissions to a group of users, because in this case in order to grant access to the specific calendar, all you have to do is add the user to the Active Directory group.

By default, in Exchange organization (and Office 365) users can’t view Outlook e-mails or calendar items of other users. The only permission that is provided to all users by default is the ability to view the FreeBusy data in other user calendars (this is AvailabilityOnly role).

Users can independently grant the necessary permissions to Outlook mailbox folders and items to other users from the Outlook/OWA interface. Unfortunately, in Exchange 2016/2013 and Exchange Online (Office 365), the administrator cannot centrally manage calendar permissions from the GUI (Exchange MMC, EAC—Exchange Administration Center or Office 365 admin portal). But you can use a built-in Add-MailboxFolderPermission cmdlet, which allows you to manage user permissions on any users’ mailbox folder from PowerShell (this cmdlet first appeared in Exchange Server 2010). This cmdlet is also supported in Office 365.

Connecting Office 365/Exchange from PowerShell

First off all, you need to connect to your Office 365 or on-premises Exchange tenant.

Run the Windows PowerShell CLI as an Administrator.

office 365 calendar permissions powershell

Run the following command to save your administrator’s credentials into the PowerShell variable:

$LiveCred = Get-Credential

If you are trying to connect to Office 356, specify your Office 365 tenant admin credentials.

calendar permissions powershell

Now you need to create a new session.

For Office 365:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection

For Exchange Server 2010, 2013, 2016 and 2019:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://<your-target-exchange-server-address>/powershell/ -Credential $LiveCred

Now you can import Exchange Management Shell cmdlets:

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn

Next step is to import Office 365/ Exchange Session to your PowerShell console:

Import-PSSession $Session

powershell calendar permissions

Get-MailboxFolderPermission: Get Calendar Permissions Using PowerShell

You can view current calendar (folder-level) permissions of the specified mailbox by using the Get-MailboxFolderPermission cmdlet (this cmdlet is available in the cloud-based service and in on-premises Exchange):

Get-MailboxFolderPermission username:\calendar

Note. If this command returns that ‘username:\calendar’cannot be found, it most likely means that the user has Outlook language settings other than English. Appropriately, the Calendar folder can be called differently. For example, for the Dutch Language (nl-NL), to view calendar permissions, use the command:

Get-MailboxFolderPermission username:\Agenda

You can get the name of the calendar in the current user’s language configuration with the command:

(Get-MailboxFolderStatistics username -FolderScope Calendar).Identity -replace "\", ":\"

set calendar permissions powershell




Check the current calendar permissions with the command:

Get-MailboxFolderPermission brett.jacson:\calendar

As you can see, the default AvailabilityOnly role is assigned on a calendar folder only.

office 365 calendar permissions

You can get the list of all mailbox calendars permissions in organization using the following command:

Get-Mailbox | ForEach-Object {Get-MailboxFolderPermission $_”:\calendar”} | Where {$_.User -like “Default”} | Select Identity, User, AccessRights

Tip. In on premise Exchange, you can view user calendar settings in a specific mailbox database with the command:

Get-Mailbox –database mbxdbname | ForEach-Object {Set-MailboxFolderPermission $_”:\calendar” -User Default -AccessRights Reviewer}

Built-in Calendar and Mail Folder Access Roles

When managing calendar and mail folder permissions, you can use the following built-in access roles:

  • Owner — gives full control of the mailbox folder: read, create, modify and delete all items and folders. Also this role allows to manage items permissions;
  • PublishingEditor — read, create, modify and delete items/subfolders (all permissions except the right to change permissions);
  • Editor — read, create, modify and delete items (can’t create subfolders);
  • PublishingAuthor — read, create all items/subfolders. You can modify and delete only items you create;
  • Author — create and read items; edit and delete own items;
  • NonEditingAuthor – full read access and create items. You can delete only your own items;
  • Reviewer — read folder items only;
  • Contributor — create items and folders (can’t read items);
  • AvailabilityOnly — read Free/Busy info from the calendar;
  • LimitedDetails;
  • None — no permissions to access folder and files.

calendar permissions office 365

How to Add Office 365/Exchange Calendar Permissions Using PowerShell?

In order to grant user2 the permissions to view and edit user1 calendar items, run the following command:

Add-MailboxFolderPermission -Identity user1@domain.com:\calendar -user user2@domain.com -AccessRights Editor

If you need to change the Default permissions for the calendar folder (to allow all organization users view a calendar of the specified user), run the command:

Set-MailboxFolderPermission -Identity user1@domain.com:\calendar -User Default -AccessRights Reviewer

Check the current calendar permissions again using the Get-MailboxFolderPermissions cmdlet, they should change:

Get-MailboxFolderPermission -Identity user1@domain.com:\calendar

FolderName User AccessRights

———- —- ————

Calendar Default {Reviewer}

Calendar Anonymous {None}

Calendar user2 {Editor}

You can also grant permissions to the mailbox not to an individual user, but the Exchange distribution group.

New-DistributionGroup -Type Security -Name “Resource Calendar Owners” -Alias “grResourceCalendarAccess”
add-MailboxFolderPermission -Identity user1@domain.com:\calendar -User grResourceCalendarAccess -AccessRights Owner

In some cases, you need to grant Reviewer permissions on a calendar folder in all user mailboxes in your Exchange organization. You can make this bulk permissions change using a simple PowerShell script. To change Default calendar permission for all mailboxes to Reviewer:

Get-Mailbox | ForEach-Object {Set-MailboxFolderPermission $_”:\calendar” -User Default -AccessRights Reviewer}

Also, you can prepare a CSV file with a list of users and assign them permissions to access a specific user’s calendar:

Import-Csv users.csv | foreach { add-MailboxFolderPermission -Identity "user1@domain.com:\calendar" -User $_.alias -AccessRights Owner }

Remove-MailboxFolderPermission: How to Remove and Reset Calendar Permissions via PowerShell?

To remove permission use Remove-MailboxFolderPermission cmdlet:

Remove-MailboxFolderPermission -Identity user1@domain.com:\calendar –user user2@domain.com

If you want to reset the user’s calendar permissions to default ones, run:

Get-MailboxFolderPermission brett.jacson:\Calendar | % { Remove-MailboxFolderPermission -Identity $_.Identity -User $_.User }

To exclude some “default” permissions entries from the removing script, use the following PowerShell one-liner:

Get-MailboxFolderPermission brett.jacson:\Calendar | ? {$_.User -notmatch "^(Default|Secretary|Anonymous)$"} | % { Remove-MailboxFolderPermission -Identity $_.Identity -User $_.User.ADRecipient.ExchangeObjectId.Guid -Confirm:$false }

Now you can disconnect your PowerShell session from Office 365/Exchange:

Remove-PSSession $Session

Alternative Script

Also see this PowerShell script on TechNet Gallery for setting calendar permissions in Office 365: Set Calendar Permission in Office 365 Exchange Online.

You may also like:

Office 365 – “This message could not b... Error Message: This message could not be sent. Try sending the message again later, or contact your network administrator. Error is . You might be rec...
How to transfer FSMO Roles From a Failed Domain Co... In case domain controller, which owns FSMO (Flexible Single Master Operation) roles, is fail (virus attack, fatal software problems or catastrophic ha...
How to Get List of Installed Programs in Windows 1... In this simple guide, we will show you two different ways of how to get a list of installed programs in Windows 10, 8 or Windows 7 using built-in comm...
Fix Trust relationship failed issue without domain... In this article, we will discuss the causes of Trust relationship failed error and some solutions on how to restore secure channel between the worksta...
LZX — new Windows 10 NTFS compression algorithm Many of you may know that NTFS file system used by Windows 10 already has a built-in NTFS compression feature. But in Windows 10 Microsoft has added c...
Comments
  1. Posted by Jason Johnson
  2. Posted by cherdt
  3. Posted by David North
  4. Posted by Bobby Turkilino
  5. Posted by Daniel
    • Posted by TheITBros
      • Posted by Daniel
  6. Posted by The Peregrine
  7. Posted by Frank
  8. Posted by Justin
  9. Posted by Craig
    • Posted by daniel
    • Posted by trash81
  10. Posted by Steve
  11. Posted by Randy
    • Posted by JakFrost
  12. Posted by Marshel
    • Posted by Markus
  13. Posted by Paul
  14. Posted by Ralph Haney
  15. Posted by Felipe
  16. Posted by Nicolai Wiinholt
  17. Posted by Courtland
  18. Posted by MiniEggs
  19. Posted by jurgens

Add Your Comment