The script checks if a specific permission is granted to the entire organization over user calendar. If the permission is granted, the script returns False. The script should be executed in the If PowerShell script returns true condition in a custom command, business rule or scheduled task configured for the User object type.
Parameters:
- $accessRight- Specifies the permission that should be absent for the script to return True.
PowerShell
$accessRight = "ADM_EXCHANGE_CALENDAR_RIGHT_AVAILABILITYONLY" # TODO: modify me. Possible values: "ADM_EXCHANGE_CALENDAR_RIGHT_AVAILABILITYONLY", "ADM_EXCHANGE_CALENDAR_RIGHT_LIMITEDDETAILS", "ADM_EXCHANGE_CALENDAR_RIGHT_REVIEWER", "ADM_EXCHANGE_CALENDAR_RIGHT_EDITOR", "ADM_EXCHANGE_CALENDAR_RIGHT_NONE"
$Context.ConditionIsMet = $False
$user = $Context.BindToObject($Context.TargetObject.AdsPath)
$mailboxParams = $user.GetMailParameters()
$calendarPermissions = $mailboxParams.CalendarPermissions
foreach ($permission in $calendarPermissions)
{
if ($permission.Value.Trustee.ObjectSid -ne "S-1-5-15")
{
continue
}
$Context.ConditionIsMet = $permission.Value.AccessRight -ne $accessRight
break
}