How to setup Calendar permissions for group to group

exchange-2010

I've been scouring the internet and so far have only been able to find examples of how to grant calendar permissions from one user to another using the Add-MailboxFolderPermission command. This is great and it was okay for when they only had a handful of users. But going forward it's not realistic to have to set individual calendar permissions for all calendars for each new user.

Layout of security groups already created. Each group has a few people assigned to it.

  • Techs
  • Managers
  • Admin

What I am trying to accomplish is set it up so that anyone that belongs to the Managers group can view the calendars of the Tech group. Admins can view and edit the Tech group.

I've found an example of adding just the security group name but I get an error of:

[PS] C:\Windows\system32>add-MailboxFolderPermission -Identity Techs:\Calendar -User "Admin" -AccessRights Owner
The user "Admin" is either not valid SMTP address, or there is no
matching information.
+ CategoryInfo : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], InvalidExternalUserIdException
+ FullyQualifiedErrorId : 39352699,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission

Am I creating groups wrong? Am I using the wrong commands?

Any guidance would be greatly appreciated.

Best Answer

The answer is that you can't do a group to group permission setting.

However, you can add security groups to a calender. This is how I got it to work.

For example:

Create a Security group that is Universal (Cannot be Domain or local). Add users to this security group. In Exchange, add a new distribution group and select this new Security group as the target group. After the group has been enabled as an "email enabled security group" you can assign the permissions for the person's calender to the group using this command:

add-MailboxFolderPermission -Identity USERID:\Calendar -User Sercuritygroupname -AccessRights Owner

Make sure to hide this group from the Global Address List to prevent errant emails from going to this group

Related Question