Hello,
Seems the only way to do this is by PS-scripting so here comes my efforts...
Users who are located in the same OU should have their permissions, to other users' calendars preserved, permissions for users' calendars in other OU's should be removed so a user must only have permissions to calendars in their own company.
An Example: The script delivers this output:
dom.dk/UM/A/EA
Identity FolderName User AccessRights
-------- ---------- ---- ------------
dom.dk/UM/A/EA/US1:\Kalender Kalender Default {AvailabilityOnly}
dom.dk/UM/A/EA/US1:\Kalender Kalender Anonymous {None}
dom.dk/UM/A/EA/US1:\Kalender Kalender US2 {AvailabilityOnly}
dom.dk/UM/A/EA/US1:\Kalender Kalender US3 {AvailabilityOnly}
dom.dk/UM/A/EA/US1:\Kalender Kalender US4 {AvailabilityOnly}
I want to
1) check the OU-residence for us2,3,4 to see if 'Identity' and 'User' reside in the same or another OU
2) remove permissions if they're in another OU
3) preserve, do nothing to permissions if in the same OU.
#Custom variables
$mailboxes = get-mailbox -resultsize unlimited -OrganizationalUnit "OU=Ea,OU=A,OU=um,DC=dom,DC=dk"
$AccessRights = "None"
#Loop through all mailboxes
foreach ($mailbox in $mailboxes) {
#Retrieve name of the user`s calendar
$calendar = (($mailbox.SamAccountName)+ ":\" + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Calendar | Select-Object -First 1).Name)
#Check if calendar-permission for user "Default" is set to the default permission of "AvailabilityOnly"
if (((Get-MailboxFolderPermission $calendar | Where-Object {$_.user -like "Default"}).AccessRights) -like "AvailabilityOnly" ) {
#Write-Host "Updating calendar permission for $mailbox…" -ForegroundColor Yellow
$mailbox.organizationalunit
get-mailboxfolderpermission -identity $calendar|ft identity,foldername,user,accessrights -auto
#Set calendar-permission for user "Default" to value defined in variable $AccessRights
#Set-MailboxFolderPermission -User "Default" -AccessRights $AccessRights -Identity $calendar -whatif
}
}
Best Regards,
Tim