If you need to Grant a single user access to access all users calendars in Office 365 this can be achieved by using the Add-MailboxFolderPermission cmdlet.
If you are adding permissions to a mailbox where no access rights exist already then this is straightforward, but if there is already some access rights in place then the command will fail, because there is an existing permissions entry in place.
You can check for the presence of existing folder permissions with the use of Get-MailboxFolderPermission cmdlet.
Finally if you find there is any existing permission in place you can remove it by using the Remove-MailboxFolderPermission cmdlet.
I have combined these three steps have been into the PowerShell script below which will check for an existing permission, remove it if it exists and then add the new access right. This is useful if you want to re-run the script on a regular basis so that it captures new users.
PowerShell script to Grant a single user access to access all users calendars in Office 365
- Type in the UPN(User Principal Name) of the user that you want to grant calendar permissions.
- Select the permissions level you would like them to have.
- Copy and paste the code to a Powershell window and the calendar permissions will be assigned.
The various levels of permissions are as follows:
- None – Has no access to the folder.
- Owner – Gives full control of the folder. An Owner can create, modify, delete, and read folder items; create subfolders; and change permissions on the folder.
- Publishing Editor – Has all rights granted to an Owner, except the right to change permissions. A Publishing Editor can create, modify, delete, and read folder items and create sub folders.
- Editor – Has all rights granted to a Publishing Editor, except the right to create subfolders. An Editor can create, modify, delete, and read folder items.
- Publishing Author – Can create and read folder items and create subfolders but can modify and delete only folder items that he or she creates, not items created by other users.
- Author – Has all rights granted to a Publishing Author but cannot create subfolders. An Author can create and read folder items and modify and delete items that he or she creates.
- Nonediting Author – Can create and read folder items but cannot modify or delete any items, including those that he or she creates.
- Reviewer – Can read folder items but nothing else.
- Contributor – Can create only folder items and cannot read items.
- Availability Only – View only availability data
- Limited Details – View availability data with subject and location
This should generate output similar to the below:
Jakub says
Works fine, many thanks
jon says
This was really useful to me and worked really well. thank you for making the effort to contribute to the net 🙂
Emily B says
This was exactly what I needed! Thanks so much for making it so easy, much appreciation to you!
Andrew says
This is great. Is there a way to flip it so all existing users can be granted access to a specific user. EG a new user is created and has been granted access to all existing users calendars. The existing users will need access to the new employee.
Kieran Benham says
Worked like a charm thanks for posting saved me a 2 hour Job of manually adding it for each user! 🙂
Nathan says
This worked perfectly, very grateful. Is there a way to remove all permissions for a user?
Lee Mesure says
I guess to remove the permissions you set it as none.
Daryl Howard says
To answer questions in the comments.
To remove permissions, simply comment out the line containing “Add-MailboxFolderPermission” as the line before it checks to see if any permissions exist and removes them first before re-adding.
To flip this and have it add permissions for all users into 1 new employee’s calendar you should be able to use this, changing the bits needed such as publishingeditor and the $newuser value.
Connect-ExchangeOnline
$newuser = “example@email.com”
$users = Get-Mailbox | Select -ExpandProperty PrimarySmtpAddress
Foreach ($u in $users)
{
Write-host $u
$ExistingPermission = Get-MailboxFolderPermission -Identity $newuser”:\calendar” -User $u -EA SilentlyContinue
if ($ExistingPermission) {Remove-MailboxFolderPermission -Identity $newuser”:\calendar” -User $u -Confirm:$False}
if ($u -ne $userToAdd) {Add-MailboxFolderPermission $newuser”:\Calendar” -user $u -accessrights PublishingEditor}
}
Barry Trujillo says
I initially received this error but the script still worked.
New-PSSession : [ps.outlook.com] Connecting to remote server ps.outlook.com failed with the following error message : The WinRM client cannot process
the request. Basic authentication is currently disabled in the client configuration. Change the client configuration and try the request again. For
more information, see the about_Remote_Troubleshooting Help topic.
At line:2 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : -2144108321,PSSessionOpenFailed
Import-PSSession : Cannot validate argument on parameter ‘Session’. The argument is null. Provide a valid value for the argument, and then try
running the command again.
At line:4 char:18
+ Import-PSSession $Session
+ ~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Import-PSSession], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.ImportPSSessionCommand
I ran Connect-ExchangeOnline before running this script so that’s probably why. Thank you very much for posting this. Incredible that something from 2014 is still so helpful a decade later!