Give an Office 365 user access to all calendars via PowerShell

Give Office 365 user access to all other users calendars

There are many occasions, especially in small businesses, where it’s easier to give a certain user access to all calendars rather than setting permissions on each one.

The following script will add permissions on all Office 365 user calendars for the specified user.

The bottom script is for Microsoft Partners who have delegated access to customer’s Office 365 environments. This script might be handy if you’d rather not head to your documentation system to retrieve the Exchange Admin credentials. This script allows you to use your own delegated administrator credentials.

Note that these scripts do not support multi-factor authentication as is. To ensure that you can run these scripts with MFA enabled accounts, you can whitelist your current static IP.

How to give an Office 365 user access to all calendars with PowerShell

  1. Copy and paste one of the scripts below into Visual Studio Code
  2. Save it as a Powershell (.ps1) file
  3. Update the $userRequiringAccess and the $accessRight variables at the top of the script as required. If you’re using the delegated admin version, update the $companyName variable with enough text to uniquely match your customer’s Office 365 tenant name.
  4. Press F5 to run it and enter your Exchange credentials for the first script, or delegated admin credentials for the second.
  5. Wait for it to completePowerShell Script To Add Office 365 Calendar Permissions To User

PowerShell Script to give Office 365 user access to all calendars using Exchange Admin credentials

$credential = Get-Credential

$Session = New-PSSession -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -ConfigurationName Microsoft.Exchange -Credential $credential -Authentication Basic -AllowRedirection
Import-PSSession $Session

$userRequiringAccess = "user@domain.com"
$accessRight = "PublishingAuthor"

$mailboxes = Get-mailbox
$userRequiringAccess = Get-mailbox $userRequiringAccess
foreach ($mailbox in $mailboxes) {
    $accessRights = $null
    $accessRights = Get-MailboxFolderPermission "$($mailbox.primarysmtpaddress):\calendar" -User $userRequiringAccess.PrimarySmtpAddress -erroraction SilentlyContinue
        
    if ($accessRights.accessRights -notmatch $accessRight -and $mailbox.primarysmtpaddress -notcontains $userRequiringAccess.primarysmtpaddress -and $mailbox.primarysmtpaddress -notmatch "DiscoverySearchMailbox") {
        Write-Host "Adding or updating permissions for $($mailbox.primarysmtpaddress) Calendar" -ForegroundColor Yellow
        try {
            Add-MailboxFolderPermission "$($mailbox.primarysmtpaddress):\calendar" -User $userRequiringAccess.PrimarySmtpAddress -AccessRights $accessRight -ErrorAction SilentlyContinue    
        }
        catch {
            Set-MailboxFolderPermission "$($mailbox.primarysmtpaddress):\calendar" -User $userRequiringAccess.PrimarySmtpAddress -AccessRights $accessRight -ErrorAction SilentlyContinue    
        }        
        $accessRights = Get-MailboxFolderPermission "$($mailbox.primarysmtpaddress):\calendar" -User $userRequiringAccess.PrimarySmtpAddress
        if ($accessRights.accessRights -match $accessRight) {
            Write-Host "Successfully added $accessRight permissions on $($mailbox.displayname)'s calendar for $($userrequiringaccess.displayname)" -ForegroundColor Green
        }
        else {
            Write-Host "Could not add $accessRight permissions on $($mailbox.displayname)'s calendar for $($userrequiringaccess.displayname)" -ForegroundColor Red
        }
    }else{
        Write-Host "Permission level already exists for $($userrequiringaccess.displayname) on $($mailbox.displayname)'s calendar" -foregroundColor Green
    }
}
Remove-PSSession $Session

PowerShell Script to give Office 365 user access to all calendars using Delegated Admin credentials

$credential = Get-Credential
Connect-MsolService -Credential $credential

$userRequiringAccess = "user@domain.com"
$accessRight = "PublishingAuthor"
$companyName = "Company"
 
$customers = Get-msolpartnercontract -All | Where-Object {$_.name -match $companyName}
foreach ($customer in $customers) {
    $InitialDomain = Get-MsolDomain -TenantId $customer.TenantId | Where-Object {$_.IsInitial -eq $true}
    Write-Host "Setting Calendar Permissions for $($customer.Name)" -ForegroundColor Green
    $DelegatedOrgURL = "https://outlook.office365.com/powershell-liveid?DelegatedOrg=" + $InitialDomain.Name
    $s = New-PSSession -ConnectionUri $DelegatedOrgURL -Credential $credential -Authentication Basic -ConfigurationName Microsoft.Exchange -AllowRedirection
    Import-PSSession $s -CommandName Get-Mailbox, Get-MailboxFolderPermission, Set-MailboxFolderPermission, Add-MailboxFolderPermission -AllowClobber

    $mailboxes = Get-mailbox
    $userRequiringAccess = Get-mailbox $userRequiringAccess
    foreach ($mailbox in $mailboxes) {
        $accessRights = $null
        $accessRights = Get-MailboxFolderPermission "$($mailbox.primarysmtpaddress):\calendar" -User $userRequiringAccess.PrimarySmtpAddress -erroraction SilentlyContinue
        
        if ($accessRights.accessRights -notmatch $accessRight -and $mailbox.primarysmtpaddress -notcontains $userRequiringAccess.primarysmtpaddress -and $mailbox.primarysmtpaddress -notmatch "DiscoverySearchMailbox") {
            Write-Host "Adding or updating permissions for $($mailbox.primarysmtpaddress) Calendar" -ForegroundColor Yellow
            try {
                Add-MailboxFolderPermission "$($mailbox.primarysmtpaddress):\calendar" -User $userRequiringAccess.PrimarySmtpAddress -AccessRights $accessRight -ErrorAction SilentlyContinue    
            }
            catch {
                Set-MailboxFolderPermission "$($mailbox.primarysmtpaddress):\calendar" -User $userRequiringAccess.PrimarySmtpAddress -AccessRights $accessRight -ErrorAction SilentlyContinue    
            } 
            $accessRights = Get-MailboxFolderPermission "$($mailbox.primarysmtpaddress):\calendar" -User $userRequiringAccess.PrimarySmtpAddress
            if ($accessRights.accessRights -match $accessRight) {
                Write-Host "Successfully added $accessRight permissions on $($mailbox.displayname)'s calendar for $($userrequiringaccess.displayname)" -ForegroundColor Green
            }
            else {
                Write-Host "Could not add $accessRight permissions on $($mailbox.displayname)'s calendar for $($userrequiringaccess.displayname)" -ForegroundColor Red
            }
        }else{
            Write-Host "Permission level already exists for $($userrequiringaccess.displayname) on $($mailbox.displayname)'s calendar" -foregroundColor Green
        }
    }
    Remove-PSSession $s
}

Was this article helpful?

Related Articles