Posts Tagged ‘permissions’

Hi Folks,

today’s challenge was to bulk set calendar rights in a multilingual environment (with powershell).
On the net you can find some articles that address similar problems, but no real solution.

Download the follwing scripts as txt here.

Here my quick an dirty script:

# Set default as LimitedDetails for all calendars.
# Will get the language forch each users calendar Folder
# TEST WITH ONE ORE MORE USERS
# foreach($mbx in Get-Mailbox -identity USER | where-object {$_.displayname -like "*test user*"})


foreach($mbx in Get-Mailbox -ResultSize Unlimited | where-object {$_.displayname -notmatch "discovery"})

{
$Calfolder = $Mbx.Name
$Calfolder += ':\'
$CalFolder += [string](Get-mailboxfolderstatistics $Mbx -folderscope calendar).Name
$mbx = $CalFolder
$test = Get-MailboxFolderPermission -Identity $mbx -erroraction silentlycontinue
if($test -ne $null)
{
Set-MailboxFolderPermission -Identity $mbx -User Default -AccessRights LimitedDetails | out-null
}
}

If you want to create all new mailboxes with special permissions you nee to configure the Cmdlet Extension Agent
To enable the agent this you have to the following steps:

  • Create an XML file named ScriptingAgentConfig.xml  and save it in your Exchange’s Default Directory on EVERY Exchange Server in your organization
    e.g. C:\Program Files\Microsoft\Exchange Server\V15\Bin\CmdletExtensionAgents

    <?xml version=”1.0″ encoding=”utf-8″ ?>
    <Configuration version=”1.0″>

    <Feature Name=”MailboxProvisioning” Cmdlets=”New-Mailbox”>
    <ApiCall Name=”OnComplete”>
    if($succeeded)
    {
    start-sleep -s 10
    $mbx =  (Get-User $provisioningHandler.UserSpecifiedParameters[“Name”]).distinguishedName
    Set-MailboxFolderPermission -Identity $mbx”:\Calendar” -User “Default” -AccessRights LimitedDetails
    }
    </ApiCall>
    </Feature>

    <Feature Name=”MailboxProvisioning” Cmdlets=”Enable-Mailbox”>
    <ApiCall Name=”OnComplete”>
    if($succeeded)
    {
    start-sleep -s 5
    $user = Get-User -Identity $provisioningHandler.UserSpecifiedParameters[“Identity”]
    $mbx = Get-Mailbox -Identity $user.DistinguishedName
    Set-MailboxFolderPermission -Identity $mbx”:\Calendar” -User “Default” -AccessRights LimitedDetails
    }
    </ApiCall>
    </Feature>

    </Configuration>

 

  • Use the Exchange Management Shell and run the following command on EVERY Exchange server in your organization:
    Enable-CmdletExtensionAgent “Scripting Agent”
  • Create new user

Cheers,

Chris

Yesterday I got a problem while migrating a fileserver cluster from Windows 2003 to Windows 2008 R2.

We wanted to migrate a big fileserver cluster with several volumes by mirroring the SAN LUNs, break the mirrors and mount them to the new Windows 2008 R2 fileserver.

After mounting the partitions to the new cluster we set up a new virtual fileserver and created some shares. With one partition/share we run in the following error:

The shared ressource is not available.

After some investigation we figured out that the SYSTEM group doesn’t had permissions on the partition at root level so the cluster service running with local system account can’t initialize the share.

After adding SYSTEM at root level with full access sharing of this partition was possible:

Cheers,

Chris

In the past I’ve often seen misconfigured NTFS rights cause OAB download fails in Outlook 2007 and 2010.

In a standard installation of Exchange 2010 the OAB’s physical directory points to:

C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\GUID-XXXXX-YYYYYY-ZZZZZ

You’ve to controll if the “Authenticated Users” group has permissions to read on your OAB directory (-> right click  GUID-XXXXX-YYYYYY-ZZZZZ -> security) and if this right is inherited.

Cheers,

Chris