Many organizations have external forwarding enabled in Microsoft 365. By default, it's OFF, and you…
Set default calendar permissions for all users with PowerShell
The default calendar sharing permissions in Exchange Online are set as AvailabilityOnly. What if you want to change that? It’s possible to change default calendar permissions for the users one by one, but that will take time. Another way is to set default calendar permissions for all users with a PowerShell script. Let’s find out how.
Table of contents
Default calendar permissions
A lot of companies want the default calendar set as LimitedDetails instead of the default AvailablityOnly. That’s because you will see more information in the calendar item of your colleagues.
How it looks with permission AvailabilityOnly:
How it will look with permission LimitedDetails:
In the previous article, we looked at how to manage calendar permissions in Office 365 with PowerShell. Please have a read and get yourself familiar with the commands.
What if you want to set the default for all the users’ calendars? Will you run the Set-MailboxFolderPermission command for all the users one by one? That will take some time, and maybe you will forget a user. Let’s look at the next step about the PowerShell script that will do the work.
Prepare set default calendar permissions PowerShell script
Create two folders on the (C:) drive:
- Temp
- Scripts
Download Set-DefCalPermissions.ps1 script and place it in C:\scripts folder. The script will place the transcripts logs in the C:\temp folder.
Ensure the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.
Another option is to copy and paste the below code into Notepad. Give it the name Set-DefCalPermissions.ps1 and place it in the C:\scripts folder.
<#
.SYNOPSIS
Set-DefCalPermissions.ps1
.DESCRIPTION
Set default calendar permissions for all user mailboxes including exception for users.
The script works for:
-Exchange On-Premises (Run Exchange Management Shell)
-Exchange Online (Connect to Exchange Online PowerShell)
.LINK
alitajran.com/set-default-calendar-permissions-for-all-users-powershell
.NOTES
Written by: ALI TAJRAN
Website: alitajran.com
LinkedIn: linkedin.com/in/alitajran
.CHANGELOG
V1.00, 02/28/2021 - Initial version
V1.10, 03/29/2023 - Changed Exceptions to look for UserPrincipalName
#>
# Start transcript
Start-Transcript -Path "C:\temp\Set-DefCalPermissions.log" -Append
# Set scope to entire forest. Cmdlet only available for Exchange on-premises.
#Set-ADServerSettings -ViewEntireForest $true
# Get all user mailboxes
$Users = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox
# Users exception (add the UserPrincipalName)
$Exception = @("irene.springer@exoip.com", "richard.grant@exoip.com")
# Permissions
$Permission = "LimitedDetails"
# Calendar name languages
$FolderCalendars = @("Agenda", "Calendar", "Calendrier", "Kalender", "日历")
# Loop through each user
foreach ($User in $Users) {
# Get calendar in every user mailbox
$Calendars = (Get-MailboxFolderStatistics $User.UserPrincipalName -FolderScope Calendar)
# Leave permissions if user is exception
if ($Exception -Contains ($User.UserPrincipalName)) {
Write-Host "$User is an exception, don't touch permissions" -ForegroundColor Red
}
else {
# Loop through each user calendar
foreach ($Calendar in $Calendars) {
$CalendarName = $Calendar.Name
# Check if calendar exist
if ($FolderCalendars -Contains $CalendarName) {
$Cal = "$($User.UserPrincipalName):\$CalendarName"
$CurrentMailFolderPermission = Get-MailboxFolderPermission -Identity $Cal -User Default
# Set calendar permission / Remove -WhatIf parameter after testing
Set-MailboxFolderPermission -Identity $Cal -User Default -AccessRights $Permission -WarningAction:SilentlyContinue -WhatIf
# Write output
if ($CurrentMailFolderPermission.AccessRights -eq "$Permission") {
Write-Host $User.DisplayName already has the permission $CurrentMailFolderPermission.AccessRights -ForegroundColor Yellow
}
else {
Write-Host $User.DisplayName added permissions $Permission -ForegroundColor Green
}
}
}
}
}
Stop-TranscriptThe PowerShell script will have some additions that will help you to meet some requirements for the organization:
- Exclude users that you don’t want the script to run against. Add them in line 35. If you don’t need this feature, comment out lines 35, 50, 51, 52, 53, and 77.
- Calendars are not always set in the English language. For example, in The Netherlands, it’s named Agenda. The script will check for the calendar names defined in line 41.
- Change permission that you want to set for all the users in line 38.
In the next step, you will run the script and see it in action.
Bulk set default calendar permissions PowerShell script
You must connect with the proper tools before you run the script:
- Exchange on-premises: Run Exchange Management Shell as administrator.
- Exchange Online (Microsoft 365/Office 365): Run PowerShell as administrator and connect to Exchange Online PowerShell.
Change the directory to the script path and run Set-DefCalPermissions.ps1 PowerShell script.
The script will go through all the mailboxes in Exchange Server/Exchange Online.
Note: The -WhatIf parameter is added in the script on line 65. If you run the script, nothing will happen in the environment. Instead, you get an output showing what will happen.
PS C:\> cd c:\scripts
PS C:\scripts>.\Set-DefCalPermissions.ps1
Transcript started, output file is C:\temp\Set-DefCalPermissions.log
What if: Setting mailbox folder permission "'LimitedDetails'" on "Zoë Roberts:\Calendar" for user "Default".
Zoë Roberts added permissions LimitedDetails
What if: Setting mailbox folder permission "'LimitedDetails'" on "Madeleine Fisher:\Agenda" for user "Default".
Madeleine Fisher added permissions LimitedDetails
Irene Springer is an exception, don't touch permissions
What if: Setting mailbox folder permission "'LimitedDetails'" on "Grace Rees:\Calendar" for user "Default".
Grace Rees added permissions LimitedDetails
What if: Setting mailbox folder permission "'LimitedDetails'" on "Kylie Davidson:\Calendar" for user "Default".
Kylie Davidson added permissions LimitedDetails
Richard Grant is an exception, don't touch permissions
What if: Setting mailbox folder permission "'LimitedDetails'" on "Dylan Piper:\Calendar" for user "Default".
Dylan Piper added permissions LimitedDetails
Transcript stopped, output file is C:\temp\Set-DefCalPermissions.logRemove the -WhatIf parameter from the PowerShell script and rerun the script to set the default calendar sharing permissions for all users.
PS C:\scripts>.\Set-DefCalPermissions.ps1
Transcript started, output file is C:\temp\Set-DefCalPermissions.log
Zoë Roberts added permissions LimitedDetails
Madeleine Fisher added permissions LimitedDetails
Irene Springer is an exception, don't touch permissions
Grace Rees added permissions LimitedDetails
Kylie Davidson added permissions LimitedDetails
Richard Grant is an exception, don't touch permissions
Dylan Piper added permissions LimitedDetails
Transcript stopped, output file is C:\temp\Set-DefCalPermissions.logVerify default calendar permissions
The output will show in the Windows PowerShell console. Not only that, it will show the output in a log because a transcript is added to the PS script.
Go to the C:\temp folder and open the Set-DefCalPermissions.log file.
I hope this helped you to change default calendar permissions in Exchange Online and Exchange Server on-premises.
Keep reading: Assign Microsoft 365 licenses with group-based licensing »
Conclusion
You learned how to set default calendar permissions for all users with the Set-DefCalPermissions.ps1 PowerShell script. When you need to change the default calendar permissions for many users, automate the process. It will save time, and you can always check the transcript logs with the changes.
Did you enjoy this article? You may also like How to enable external forwarding in Microsoft 365. Don’t forget to follow us and share this article.
What Others Are Reading
Hi,
great script. That is exactly, what we are searching for.
Is there a posibility to logon “App Registration”, or is it only possible with a normal Admin User?
We want to execute that script nightly as scheduled Task.
Thanks and best regards
Sven
Please suggest how to setup to mark or book Lunch time in all employees’ calendar.
Thank you very much for you script !!!
It works like a charm.
Best regard
Thanks for this script – is there any way to make the Exclude variable a group rather than individual user please?
Actually someone that explains the parameter’s and not just throws examples at you. Thanks for your help….Definitely someone to follow.
Glad to hear that!
Thanks for the writeup, it very useful. I’d like to add users on a group level. For example, all users in one group will be able view everyones calendars in the same group. Can you provide any advice how to do so? Thanks!
is there a way to apply this to newly added mailboxes? else script will run everytime for the entire organization
Sure you can.
Read more in the article Manage calendar permissions in Office 365 with PowerShell.
I am not seeing where we can set it as the default for new users. The script works great for existing accounts, but if I onboard a user how would this setting be the default without re-running the script? Am I missing it in the article you linked?
Reading this article and the one I linked should give you a good understanding of how to adjust the command to set the calendar permission for a single user.
Here are the commands that you need to run to set the default calendar permissions for a single user to Limited Details:
1. Connect to Exchange Online PowerShell
2. Find the calendar name identity:
3. Set the calendar permission for the user to Limited Details:
It does, thank you. There looks to be no way to set it and forget it in the organization. From my understanding for onboarding a new hire, you have to run the cmdlet again. I thought I saw something about Azure Automation and that might be the way to go.
Either way, thank you for the reply and the write-up. I’m happy to see someone follow up on questions!
Hi Ali,
Could you help to apply default permission as Limited details for all new mailbox calendars in Excahnge online.
Thank you
I’ve got the same question!
Hi,
Script ran well without errors but when I try to add a calendar to my outlook calendar, it still only shows free/busy status even though I set them all to limiteddetails. Any ideas? Does it take time to populate?
Hi Rob,
You only have to restart the Outlook client and see the mailbox calendar details (I tested it right now).
PS: Ensure that you remove the -WhatIf parameter and run the script.
This is really good. Might be the first time a script has just worked … the first time.
That’s more an indictment of my skills than the quality of scripts out there, but thanks for making it easy!
Great post, script works fine, easy to change!
Thanks for the script, it worked like a charm.
Hi Ali,
I know those kind of scripts when running in environments of 100 users + are taking absolutely ages.
Do you know of any ways to remove micro-delay applied? If you debug what is happening in the background you would see that PowerShell is applying micro-delay for every line, around 15 seconds per line.
In effect if you have 100 users (mailboxes), then for each user you’ll run the command to set the permission 100 times, therefore to run the script against 100 users you’ll execute set-permission command 10 000 times company wide. If you add roughly 15 seconds delay per line it’s around 2500 minutes = 41 hours.
If you think about even bigger environments like 1000 users it would take a week to run this script. Am I right or doing something wrong?
Thank you,
Kam
I would also suggest adding the following near the top in case you have subdomains. This will allow the script to work across entire forest.
# Command to enable ViewEntireForest
Set-ADServerSettings -ViewEntireForest $true
Regards from Michigan,
Steve
Hi Steve,
I added the command in the script. But, I did comment it out because the Set-ADServerSettings cmdlet is only available in Exchange on-premises.
Users can choose themselves if they want to uncomment it or not.
Thanks!
Hi,
thanks for this script.
Best regards from Germany
Jan