Updated version of the Calendar permissions inventory script

In lieu of the upcoming PowerShell module and basic auth deprecation, I’m going over the scripts in my public GitHub repo and updating them to the latest and greatest. In this case, I took the Calendar permissions inventory script, for which we can take advantage of the new REST-based Exchange Online cmdlets. This in turn helps simplify the script logic a bit, as we no longer need to worry about minimizing data transfer via implicit remoting or throttling.

The script logic itself has not changed. We start by collecting a list of mailboxes for which to obtain the calendar permissions. This is done via the Get-ExOMailbox cmdlet. By default, only User mailboxes will be included in the output, but you can use the set of parameters/switches to specify the desired types:

  • IncludeUserMailboxes – use it to include User mailboxes in the output. As mentioned above, this is the default behavior.
  • IncludeSharedMailboxes – use it to include Shared mailboxes in the output.
  • IncludeRoomMailboxes – use it to include Room, Equipment and Scheduling (Booking) mailboxes int he output.
  • IncludeAll – use it to include all supported mailbox types.

Make sure to combine the switches as needed, or just use the –IncludeAll one to get the full set of mailboxes. As a small improvement to the script, the –IncludeRoomMailboxes switch will now also account for any Scheduling mailboxes, the ones used by the booking feature. Group mailboxes are another obvious target, but since we still don’t have any supported method for adding/removing folder level permissions on those, I chose not to include them in the script.

.\Calendar_Permissions_inventoryV2.ps1 -IncludeAll

After collecting the list of mailboxes, the script will proceed to iterate over each of them and identify the default Calendar folder. We use the Get-ExOMailboxFolderStatistics cmdlet to fetch the identity of the default Calendar folder, making sure we account for any localized names. Then, we run the Get-ExOMailboxFolderPermission cmdlet against each Calendar folder and obtain the list of permissions.

The rest of the script deals with the output. The script now supports outputting the value of the SharingPermissionFlags property, which is important in delegate scenarios. To better account for the relationship between the permission level and SharingPermissionFlags, the script no longer supports the “condensed” (one line per mailbox) output. Instead, each individual permission entry will be listed on a new line, and you can use filters to narrow down permissions based on a given mailbox, user/delegate or even permission flag.

Lastly, I made some minor changes to the connectivity block. Since we no longer use any Remote PowerShell cmdlet, the script requires a “V2” version of the Exchange Online PowerShell module, which you can get here. Since there are now a variety of connectivity methods supported for the Connect-ExchangeOnline cmdlet, I chose not to force a specific method on you – do make sure you’re connected to Exchange Online before running the script though. If no valid session is detected, the script will try to connect via the interactive auth method, which might not be the most suitable one.

As before, output will be exported to a CSV file in the script dir, and will also be kept in a global variable ($varPermissions), should you need to examine/transform it within PowerShell. I believe that’s all I have to say about the updated script. You can get from my GitHub repo.

This entry was posted in Exchange Online, Microsoft 365, Office 365, PowerShell. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.