While the Office 365 Admin Center is a daily resource in IT Administration and can be used to find what calendars a user has access to, the level of access, adding and removing access. PowerShell offers a much easier way, especially when trying to compare multiple users.
Exchange Online.
First, we’ll check if the Exchange Online Management module is installed. If nothing is returned when we run the following, you will need to install it.
Get-Module -ListAvailable -Name ExchangeOnlineManagement
If need be, you can install the Exchange Online Management module.
Install-Module ExchangeOnlineManagement
If this is the first time you have used this module, you won’t need to run the next portion due to PowerShell 3.0 and above importing newly installed modules. Otherwise, you need to will import the module.
Import-Module ExchangeOnlineManagement
Once installed and imported, we will need to sign into Exchange Online Management. You have a few ways of doing this but I will go over two ways, both will open a sign in page.
Connect-ExchangeOnline
Alternatively, you can include the username you are signing in with. You will just need to change “[email protected]” with the your actual admin account.
Connect-ExchangeOnline -UserPrincipalName [email protected]
User’s calendar information.
After you’ve signed into the admin account, let’s pull the calendar information for a specific user. Replace the “USERNAME” section with a real username.
Get-Mailbox | ForEach { Get-MailboxFolderPermission (($_.PrimarySmtpAddress.ToString())+”:\Calendar”) -User USERNAME -ErrorAction SilentlyContinue} | select Identity,User,AccessRights
Let’s break down what is going on in this script.
Get-Mailbox:
— This cmdlet retrieves all mailboxes in the Exchange environment.
ForEach:
— For each mailbox obtained from the previous step, the script performs the following actions.
Get-MailboxFolderPermission:
— This cmdlet is used to get the permissions for a specific mailbox folder. In this case, it’s the Calendar folder (`:\Calendar`) of each mailbox.
($_.PrimarySmtpAddress.ToString()+”:\Calendar”):
— This constructs the path to the Calendar folder for the current mailbox being processed. `$_` represents the current mailbox object, and `PrimarySmtpAddress` is used to get the mailbox’s primary SMTP address.
-User:
— This specifies that the script is interested in permissions specifically for the user.
-ErrorAction SilentlyContinue:
— This parameter ensures that any errors encountered during the execution of the cmdlet are suppressed, and the script continues without displaying error messages.
Select Identity, User, AccessRights:
— This part of the script selects and displays specific information from the results. It includes the Identity (the path to the Calendar folder), the User, and the AccessRights (the permissions granted to the specified user on the Calendar folder).
Finding all the calendars.
If you need more information about the calendars Exchange has, you are able to get a list of all calendars using a similar script.
Get-Mailbox | ForEach-Object {Get-MailboxFolderPermission $_":\calendar"} | Where {$_.User -like "Default"} | Select Identity, User, AccessRights
Understanding permissions.
We’ll go over how to change permissions but it’s important to understand what each level of access will give the user.
From the Microsoft documentation “The roles that are available, along with the permissions that they assign, are described in the following list:
- Author: CreateItems, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
- Contributor: CreateItems, FolderVisible
- Editor: CreateItems, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems
- NonEditingAuthor: CreateItems, DeleteOwnedItems, FolderVisible, ReadItems
- Owner: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderContact, FolderOwner, FolderVisible, ReadItems
- PublishingAuthor: CreateItems, CreateSubfolders, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
- PublishingEditor: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems
- Reviewer: FolderVisible, ReadItems”
With this in mind, let’s set a user to Owner of a calendar. You’ll need to change “[email protected]:\calendarname” to the email address and name of the calendar. Then, the username you would like to adjust the permissions level by replacing “[email protected]” with the real email address or username.
Set-MailboxFolderPermission -Identity [email protected]:\calendarname -User [email protected] -AccessRights Owner
You can run the above to set any permission level needed, including lowering it back down to Default. What if you want to remove someone from a calendar? Same calendar names and user names as the above, this time we are removing them.
Remove-MailboxFolderPermission -Identity [email protected]:\calendarname -User [email protected]
Closing thoughts.
There is so much that can be done with this PowerShell module, which is why I added some additional reading below but this is a good starting point for finding and changing calendars with PowerShell. However, I would love to hear from you if there are questions or problems you run into.
Additional resources.
I would like to thank and give credit to the user in this Spiceworks post for their fantastic post