Sign in Subscribe

Assign Full Access Permissions in Bulk to a list of mailboxes

Dumitru Razvan

2 min read
Assign Full Access Permissions in Bulk to a list of mailboxes

Introduction

You might be handed a task one day to give access to some people to be able to manage the Calendars of all your room mailboxes, or a subset of them from a specific building. It could be that your board wants all time access to know who booked what room, or maybe you need to empower your IT Helpdesk to be able to swoop into room mailbox calendars and move/remove/add meetings. In this scenario we'll consider that you share the default Free/Busy information, and thus no one can by default clearly see who booked a meeting or what's the subject.

In this case, you've come to the right place

How to achieve this

So, if you are in the above scenario, then it means you need to give to a population of users access to a population of other mailboxes' calendars. Best approach would be to limit this to only MailboxFolderPermissions and use the corresponding cmdlets to only grant that permission. This would follow the principle of least privilege needed to accomplish the task. BUT, there are times when you might also need access to the mailbox part.. Also there is a much simpler management then from the GUI interface. There you can easily see who has Full Access, but you cannot see/edit from the GUI who has Calendar Folder Permissions over that particular mailbox. So, if you stricly need calendar permissions and want to adhere to a strict "least privilege" policy, then please reconsider adapting the below script.

If you are ok with granting these people Full Access permissions, then you can check the following script:

$rooms = @()
$users = "userA@domain.com", "userB@domain.com"#, "userC...
$rooms = "roomA@domain.com", "roomB@domain.com"#, "roomC...

Foreach ($room in $rooms)
{

    Foreach ($user in $users)
    {
    Add-MailboxPermission -Identity $room -User $user -AccessRights FullAccess
    Write-Host "Added FullAccess for $user ; on Room Mailbox $room"
    

    #Remove-MailboxPermission -Identity $room -User $user -AccessRights FullAccess
    #Write-Host "Removed FullAccess for $user ; on Room Mailbox $room"
    }
}

#Check permissions on a particular room
#Get-MailboxPermission -Identity roomA@domain.com | ft -a

#check permissions on all rooms
Foreach ($room in $rooms)
{
    Get-MailboxPermission -Identity $room | ft -a

}
Script to add Full Access Permissions for a list of Users on a list of Room Mailboxes

Conclusion

I hope the above script is useful for you. It can be easily adapted to add mailbox folder permissions on the calendar (instead of Full Access permissions), remove full access, or remove permissions from the calendars of multiple room or user mailboxes. If you need any help in adapting it, you can try to send a shoutout via the contact methods in the About/Contact section. Otherwise, put it to good use, and don't forget, there's no waranty, the script is provided "as is", use it at your own risk.

Sign up for exclusive free content

Enter your email
Subscribe