How to Set Calendar Permissions in Office 365 via PowerShell?

4/15/2021 | Author: Brian Jackson
Categories: Office 365 Exchange Online PowerShell

Connecting Office 365/Exchange from PowerShell

First, you need to connect to your Office 365 or on-premises Exchange tenant.

  1. Run the Windows PowerShell CLI as Administrator;
    office 365 calendar permissions powershell
  2. Run the following command to save your administrator’s credentials into the PowerShell variable:
    $LiveCred = Get-Credential
  3. If you are trying to connect to Office 365, specify your Office 365 tenant admin credentials:
    set calendar permissions office 365 powershell
    NoteHow to connect and manage Office 365 using PowerShell.
  4. Now you need to create a new session:
    For Office 365:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $LiveCred -Authentication Basic –AllowRedirection
  5. The next step is to import Office 365/Exchange management commands from another session to your PowerShell console:

    Import-PSSession $Session


    Tip. 
    It happens that when you run the Import-PSSession command, you can face an error:
    Import-PSSession: Files cannot be loaded since running scripts has been disabled on this system. Provide a valid certificate with which to sign the files.
    In this case, you need to allow script executing. Do this by setting the PowerShell Execution Policy value to RemoteSigned:
    Set-ExecutionPolicy RemoteSigned
    calendar permissions office 365 powershellexchange online calendar permissions

How to Get Mailbox Calendar Permissions Using PowerShell?

  • You can view current calendar (folder-level) permissions of the specified mailbox by using the ALL cmdlet (this cmdlet is available in the cloud-based service and in on-premises Exchange):
    Get-MailboxFolderPermission username:\calendar

    powershell calendar permissions

  • Change the username to the user account you want to check calendar permissions for;

    Hint. If, when executing the following commands, you’re facing an error:
    Get-MailboxFolderPermission : The term ‘Get-MailboxFolderPermission’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again
    this means you did not complete the steps to connect to your Exchange/Office 365 tenant and did not import PowerShell Exchange cmdlets into your session. Carefully read and follow the steps from the previous paragraph.

    Note. If this command returns that ‘username:\calendar’ cannot be found, most likely the user has Outlook language settings other than English. Appropriately, the Calendar folder name can be different (calendar\kalender\calendario\calendrier\календарь). For example, for the Dutch Language (nl-NL), to view calendar permissions use the command:

    Get-MailboxFolderPermission username:Agenda
  • You can get the name of the calendar in the current user’s language configuration with the command:
    (Get-MailboxFolderStatistics username -FolderScope Calendar).Identity

    calendar permissions office 365

  • Check the current calendar permissions with the command:
    Get-MailboxFolderPermission brett.jackson:\calendar
  • As you can see, the default AvailabilityOnly role is assigned on a calendar folder only.
    change calendar permissions office 365 powershell
  • You can get the list of all mailbox calendars permissions in your organization using the following command:
    Get-Mailbox | ForEach-Object {Get-MailboxFolderPermission $_”:\calendar”} | Where {$_.User -like “Default”} | Select Identity, User, AccessRights

    Tip. In on-premise Exchange, you can view user’s calendar settings in a specific mailbox database using the following command:

    Get-Mailbox –database mbxdbname | ForEach-Object {get-MailboxFolderPermission $_”:\calendar”}
  • Change mbxdbname to the name of your Exchange mailbox database.

Tip. You can use the Get-EXOMailboxFolderPermission cmdlet instead of Get-MailboxFolderPermission to view the permissions of mailbox items in the Exchange Online PowerShell V2 module.

Outlook: Calendar Permission Levels and Access Roles

When managing calendar and Outlook folder permissions, you can use the following built-in Exchange roles:

  • Owner — gives full control of the mailbox folder: read, create, modify, and delete all items and folders. Also, this role allows to manage item’s permissions;
  • PublishingEditor — read, create, modify, and delete items/subfolders (all permissions, except the right to change permissions);
  • Editor — read, create, modify, and delete items (can’t create subfolders);
  • PublishingAuthor — create, read all items/subfolders. You can modify and delete only items you create;
  • Author — create and read items. Edit and delete own items;
  • NonEditingAuthor — full read access, and create items. You can delete only your own items;
  • Reviewer — read folder items only;
  • Contributor — create items and folders (can’t read items);
  • AvailabilityOnly — read Free/Busy info from the calendar;
  • LimitedDetails — view availability data with calendar item subject and location;
  • None — no permissions to access folder and files.

calendar permissions powershell

You can also use granular permissions to fine-tune the access rights to the mailbox calendar. The following values are available:

  • CreateItems;
  • CreateSubfolders;
  • DeleteAllItems;
  • DeleteOwnedItems;
  • EditAllItems;
  • EditOwnedItems;
  • FolderContact;
  • FolderOwner;
  • FolderVisible;
  • ReadItems.

The Permission Level roles described above are just a set of granular permissions. For example, the Editor role is a set of the following individual permissions: CreateItems, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems

These permissions can be set using the –AccessRights parameter of the Set-MailboxFolderPermission cmdlet.

How to Set Office 365/Exchange Calendar Permissions Using PowerShell?

  1. In order to grant user2 the permissions to view and edit user1 calendar items, run the following command:
    Add-MailboxFolderPermission -Identity user1@domain.com:\calendar -user user2@domain.com -AccessRights Editor
  2. If some of the items in the calendar are marked as Private, you can allow delegating the permissions to view Private calendar items using the command:
    Add-MailboxFolderPermission –Identity user1@domain.com:\calendar –User user2@domain.com -AccessRights Editor -SharingPermissionFlags Delegate,CanViewPrivateItems
  3. If you need to change the Default permissions for the calendar folder (to allow all organization users to view a calendar of the specified user), run the command:
    Set-MailboxFolderPermission -Identity user1@domain.com:\calendar -User Default -AccessRights Reviewer
  4. Check the current calendar permissions again using the Get-MailboxFolderPermissions cmdlet, they should change:
    Get-MailboxFolderPermission -Identity user1@domain.com:\calendar

    FolderName User AccessRights
    ———- —- ————
    Calendar Default {Reviewer}
    Calendar Anonymous {None}
    Calendar user2 {Editor}

  5. You can also grant permissions for the mailbox not to an individual user, but the Exchange distribution group:
    New-DistributionGroup -Type Security -Name “Resource Calendar Owners” -Alias “grResourceCalendarAccess”
    
    add-MailboxFolderPermission -Identity user1@domain.com:\calendar -User grResourceCalendarAccess -AccessRights Owner
  6. In some cases, you need to grant Reviewer permissions on a calendar folder in all user’s mailboxes in your Exchange organization. You can make this bulk calendar permissions change using a simple PowerShell script. To change Default calendar permission for all mailboxes to Reviewer:
    foreach($usermbx in Get-Mailbox  -RecipientTypeDetails UserMailbox) {
    
    $usercalendar = $usermbx.alias+":\Calendar"
    
    Set-MailboxFolderPermission -Identity $usercalendar -User Default -AccessRights Reviewer
    
    }
  7. Also, you can prepare a CSV file with a list of users, and assign them permissions to access a specific user’s calendar:
    Import-Csv users.csv | foreach { add-MailboxFolderPermission -Identity "user1@domain.com:\calendar" -User $_.alias -AccessRights Owner }

You can use the parameter SendNotificationToUser of the Set-MailboxFolderPermission cmdlet to generate a “share invitation” email that summarizes your changes. The option -SendNotificationToUser $true can be used only when you set one of the following permissions via AccessRights parameter: AvailabilityOnly, LimitedDetails, Reviewer, or Editor. The following command will send a sharing invitation to user2:

Add-MailboxFolderPermission -Identity user1@domain.com:\calendar -user user2@domain.com -AccessRights Editor -SendNotificationToUser $true

This is what the sharing invitation will look like in Outlook:

You’re invited to share this calendar.

UserName has invited you to view his or her Calendar. Click the Open button above.

o365 calendar permissions powershell

How to Add Shared Calendar in Outlook 2016?

In order to view other calendars in Outlook 2016 (including room resources, Shared calendars), you should switch to the calendar view and select the calendar type you want to add. You can select a user from Address Book (Global Address List – GAL), Open Shared Calendar (you should specify user name), Room List, Internet (web-calendar).

add calendar permissions office 365 powershell

For example, you want to add a calendar from the Global Address List. Find the calendar name you want to add to Outlook and click OK. The shared calendar should appear under My Calendars in Shared Calendars section.

How to Remove and Reset Calendar Permissions via PowerShell?

  1. To remove permissions use Remove-MailboxFolderPermission cmdlet:
    Remove-MailboxFolderPermission -Identity user1@domain.com:\calendar –user user2@domain.com
  2. If you want to reset user’s calendar permissions to default, then run:
    Get-MailboxFolderPermission brett.jackson:\Calendar | % { Remove-MailboxFolderPermission -Identity $_.Identity -User $_.User }
  3. To exclude some “default” permissions entries from the removing script, use the following PowerShell one-liner:
    Get-MailboxFolderPermission brett.jackson:\Calendar | ? {$_.User -notmatch "^(Default|Secretary|Anonymous)$"} | % { Remove-MailboxFolderPermission -Identity $_.Identity -User $_.User.ADRecipient.ExchangeObjectId.Guid -Confirm:$false }
  4. Now you can disconnect your PowerShell session from Office 365/Exchange:
    Remove-PSSession $Session