[Fixed] Unable to add Calendar permission to Group
Sometimes, You may have to give permission to a Group to your Calendar so that they can view your Free/Busy information or even members of the Group can make a booking request. and while adding the permission, you may encounter the below errors in PowerShell.
add-MailboxFolderPermission: The user "Group" was found in Active Directory but isn't valid to use for permissions. Try an SMTP address instead. At line:1 char:1 + add-MailboxFolderPermission -Identity "UserID:\Calendar" -User ...
To be able to give permission to a Group, the Group must be a Security Group that is universal and not a Domain or Local Group. You can create a new Universal Security Group. Add members to this new Security Group. In Exchange, Add new distribution Group and select the new Security group or make the group as mail-enabled. After this step,, Run the below command in the Exchange Management Shell to add the permission.
add-MailboxFolderPermission -Identity USERID:\Calendar -User Sercuritygroupname -AccessRights Owner
Access Rights can vary based on your requirements or security concerns. below is the list of rights you can assign to a group or individual user.
Author: CreateItems, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems Contributor: CreateItems, FolderVisible Editor: CreateItems, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems None: FolderVisible NonEditingAuthor: CreateItems, FolderVisible, ReadItems Owner: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderContact, FolderOwner, FolderVisible, ReadItems PublishingEditor: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems PublishingAuthor: CreateItems, CreateSubfolders, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems Reviewer: FolderVisible, ReadItems
The following roles apply specifically to calendar folders:
AvailabilityOnly: View only availability data LimitedDetails: View availability data with subject and location
If you have given permission previously and suddenly it is not working, then it might because of someone changed the Group type to Universal Distribution Group. To fix this, revoke the group type back to Universal Security Group and in the ADSIEDIT, change the value of the attribute “msExchRecipientDisplayType” to null. and then you will be able to add the permission with the same Cmdlet.
Thanks for the rec! I’ll look them up.
Touche. Great arguments. Keep up the good effort.
This really answered my problem, thank you!
Its like you read my mind! You seem to know so much about this, like you wrote the book in it or
something. I think that you can do with a few
pics to drive the message home a bit, but instead of that, this is magnificent
blog. An excellent read. I’ll certainly be back.