Pages

tirsdag 30. april 2013

Exchange 2010: Set calendar permission on new users

You can use Scripting Agent for a lot of things. In this example we will change the default calendar permission for new users. We try to find the calendar using the english name, and if not found we will try the norwegian name. The script will run when a new mailbox is created in Exchange, it will not affect existing users.

You can read about how you enable the Scripting Agent on technet. In short you would:
  1. Create the ScriptingAgentConfig.xml and save it to the CmdletExtensionAgents folder (e.g. C:\Program Files\Microsoft\Exchange Server\V14\Bin\CmdletExtensionAgents) on each Exchange server.
  2. Run this command in Exchange Management Shell:
 Enable-CmdletExtensionAgent "Scripting Agent"  

Be warned! If your syntax is wrong when you save ScriptingAgentConfig.xml (and with the agent enabled), you will not be able to launch Exchange Management Console before you correct the problem. Also if you don't deploy the configuration file first on all your Exchange serversk, and you enable the Scripting Agent, all non-Get cmdlets fail when they're run. Always test your script before you use it with the Scripting Agent.

ScriptingAgentConfig.xml example:
 <?xml version="1.0" encoding="utf-8" ?>  
 <Configuration version="1.0">  
  <Feature Name="MailboxProvisioning" Cmdlets="new-mailbox">  
   <ApiCall Name="OnComplete">  
 if($succeeded) {  
  $DCs = Get-DomainController -ErrorAction SilentlyContinue  
  If ($DCs){  
   do {  
    foreach ($DC in $DCs){  
     $mbox = Get-Mailbox -Identity $provisioningHandler.UserSpecifiedParameters["Alias"] -DomainController $DC.DnsHostName -ErrorAction SilentlyContinue  
     If ($mbox) {  
      $fld = $mbox.Alias+":\Calendar"  
      $mfp = Get-MailboxFolderPermission -Identity $fld -DomainController $DC.DnsHostName -ErrorAction SilentlyContinue  
      if(!$mfp){  
       $fld = $mbox.Alias+":\Kalender"  
       $mfp = Get-MailboxFolderPermission -Identity $fld -DomainController $DC.DnsHostName -ErrorAction SilentlyContinue  
      }  
      if($mfp){  
       Set-MailboxFolderPermission -Identity $fld -User Default -AccessRights Reviewer -DomainController $DC.DnsHostName -ErrorAction SilentlyContinue | out-null  
       Break  
      }  
     }  
    }  
    If($mfp){Break}  
    Start-Sleep 1  
    $i++  
   }  
   until ($i -gt 50)  
  }  
 }  
  </ApiCall>  
  </Feature>  
 </Configuration>