This is a tutorial on how to view, add and remove mailbox calendar permissions on Office 365 for users via PowerShell. For example, you need to grant read permissions to the room mailbox calendar for a few users

Connecting Office 365 from PowerShell

• Open a PowerShell session
• Store your Credentials in a variable:

$Cred = Get-Credential

• Enter your Office 365 Credentials when prompted:

• Create a new PowerShell session from the Office 365 Server:

• Import the session:

Import-PSSession $Session

Set-ExecutionPolicy RemoteSigned

• Now you can run any commands you need.

Get Mailbox Calendar Permissions Using PowerShell

You can view current calendar (folder-level) permissions of the specified mailbox by using the ALL cmdlet:

Get-MailboxFolderPermission username:\calendar

Change the username to the user account you want to check calendar permissions for

Get-MailboxFolderPermission username:Agenda

You can get the name of the calendar in the current user’s language configuration with the command:

(Get-MailboxFolderStatistics username -FolderScope Calendar).Identity

You can get the name of the calendar in the current user’s language configuration with the command:

(Get-MailboxFolderStatistics username -FolderScope Calendar).Identity

Check the current calendar permissions with the command:

Get-MailboxFolderPermission brett.jackson:\calendar

As you can see, the default AvailabilityOnly role is assigned on a calendar folder only.

You can get the list of all mailbox calendars permissions in your organization using the following command:

Get-Mailbox | ForEach-Object {Get-MailboxFolderPermission $_”:\calendar”} | Where {$_.User -like “Default”} | Select Identity, User, AccessRights

Get-Mailbox –database mbxdbname | ForEach-Object {get-MailboxFolderPermission $_”:\calendar”}

Outlook: Calendar Permission Levels and Access Roles

When managing calendar and Outlook folder permissions, you can use the following built-in Exchange roles:

• Owner — gives full control of the mailbox folder: read, create, modify, and delete all items and folders. Also, this role allows to manage item’s permissions;
• PublishingEditor — read, create, modify, and delete items/subfolders (all permissions, except the right to change permissions);
• Editor — read, create, modify, and delete items (can’t create subfolders);
• PublishingAuthor — create, read all items/subfolders. You can modify and delete only items you create;
• Author — create and read items. Edit and delete own items;
• NonEditingAuthor — full read access, and create items. You can delete only your own items;
• Reviewer — read folder items only;
• Contributor — create items and folders (can’t read items);
• AvailabilityOnly — read Free/Busy info from the calendar;
• LimitedDetails — view availability data with calendar item subject and location;
• None — no permissions to access folder and files.

You can also use granular permissions to fine-tune the access rights to the mailbox calendar. The following values are available:

• CreateItems;
• CreateSubfolders;
• DeleteAllItems;
• DeleteOwnedItems;
• EditAllItems;
• EditOwnedItems;
• FolderContact;
• FolderOwner;
• FolderVisible;
• ReadItems.

The Permission Level roles described above are just a set of granular permissions. For example, the Editor role is a set of the following individual permissions: CreateItems, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems

These permissions can be set using the –AccessRights parameter of the Set-MailboxFolderPermission cmdlet.

How to Set Office 365/Exchange Calendar Permissions Using PowerShell?

In order to grant user2 the permissions to view and edit user1 calendar items, run the following command:

Add-MailboxFolderPermission -Identity user1@domain.com:\calendar -user user2@domain.com -AccessRights Editor

If some of the items in the calendar are marked as Private, you can allow delegating the permissions to view Private calendar items using the command:

Add-MailboxFolderPermission –Identity user1@domain.com:\calendar –User user2@domain.com -AccessRights Editor -SharingPermissionFlags Delegate,CanViewPrivateItems

If you need to change the Default permissions for the calendar folder (to allow all organization users to view a calendar of the specified user), run the command:

Set-MailboxFolderPermission -Identity user1@domain.com:\calendar -User Default -AccessRights Reviewer

Check the current calendar permissions again using the Get-MailboxFolderPermissions cmdlet, they should change:

Get-MailboxFolderPermission -Identity user1@domain.com:\calendar

FolderName User AccessRights
———- —- ————
Calendar Default {Reviewer}
Calendar Anonymous {None}
Calendar user2 {Editor}

You can also grant permissions for the mailbox not to an individual user, but the Exchange distribution group:

New-DistributionGroup -Type Security -Name “Resource Calendar Owners” -Alias “grResourceCalendarAccess”

add-MailboxFolderPermission -Identity user1@domain.com:\calendar -User grResourceCalendarAccess -AccessRights Owner

In some cases, you need to grant Reviewer permissions on a calendar folder in all user’s mailboxes in your Exchange organization. You can make this bulk calendar permissions change using a simple PowerShell script. To change Default calendar permission for all mailboxes to Reviewer:

foreach($usermbx in Get-Mailbox  -RecipientTypeDetails UserMailbox) {

$usercalendar = $usermbx.alias+":\Calendar"

Set-MailboxFolderPermission -Identity $usercalendar -User Default -AccessRights Reviewer

}

Also, you can prepare a CSV file with a list of users, and assign them permissions to access a specific user’s calendar:

Import-Csv users.csv | foreach { add-MailboxFolderPermission -Identity "user1@domain.com:\calendar" -User $_.alias -AccessRights Owner }