Updated 3/8/2005 to update local freebusy folder permissions to editor
Changing the default permissions on user’s calendars to reviewer is something that comes up now and again in different companies for different reasons. Automating this with script is relatively straight forward if you use the ACL.dll which you can get a copy of from the sample on CDOLive http://www.cdolive.com/aclviewer.htm.
Actually the day after I wrote the below script I found another utility that someone had created call setperm that gives you a nice GUI to this. As well as that it gives you the ability to change permissions on other folders other then the calendar. The original web site that hosted this utility seems to be gone now (which is a shame it because it had some good stuff) but you can still download the utility from http://www.slipstick.com/files/setperm.zip . There's also a third party application from Symprex that can do this go here for details.
If your still interested in the script version here it is it mostly based around http://support.microsoft.com/?kbid=240911 . Some ADSI has been added to select all the users from the GAL for a particular server in the servername variable and some file logging is done to track all the user that are updated. I’ve put a downloadable copy of the code here the script looks like
Public Const CdoDefaultFolderCalendar = 0
servername = wscript.arguments(0)
set conn = createobject("ADODB.Connection")
set com = createobject("ADODB.Command")
Set iAdRootDSE = GetObject("LDAP://RootDSE")
strNameingContext = iAdRootDSE.Get("configurationNamingContext")
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
svcQuery = "<LDAP://" & strNameingContext &
">;(&(objectCategory=msExchExchangeServer)(cn=" & Servername &
"));cn,name,legacyExchangeDN;subtree"
Com.ActiveConnection = Conn
Com.CommandText = svcQuery
Set Rs = Com.Execute
while not rs.eof
GALQueryFilter = "(&(&(&(& (mailnickname=*)(!msExchHideFromAddressLists=TRUE)(|
(&(objectCategory=person)(objectClass=user)(msExchHomeServerName=" &
rs.fields("legacyExchangeDN") & ")) )))))"
strQuery = "<LDAP://" & strDefaultNamingContext & ">;" & GALQueryFilter &
";distinguishedName,mail,mailnickname;subtree"
com.Properties("Page Size") = 100
Com.CommandText = strQuery
Set Rs1 = Com.Execute
while not Rs1.eof
call dofreebusy(servername,rs1.fields("mailnickname"))
wscript.echo "Setting Permission on: " & rs1.fields("mailnickname")
rs1.movenext
wend
rs.movenext
wend
rs.close
set conn = nothing
set com = nothing
wscript.echo "Done"
function dofreebusy(servername,mailboxname)
Set objSession = CreateObject("MAPI.Session")
objSession.Logon "","",false,true,true,true,servername & vbLF & mailboxname
Set CdoInfoStore = objSession.GetInfoStore
Set CdoFolderRoot = CdoInfoStore.RootFolder
Set ACLObj = CreateObject("MSExchange.aclobject")
set cdocalendar = objSession.GetDefaultFolder(CdoDefaultFolderCalendar)
ACLObj.CDOItem = cdocalendar
Set FolderACEs = ACLObj.ACEs
getpermissions = mailboxname & ": "
For each fldace in FolderACEs
if fldace.ID = "ID_ACL_DEFAULT" then
fldace.rights = 1025
ACLObj.update
end if
getpermissions = getpermissions & fldace.ID & "-" & fldace.rights
Next
'FreeBusy Update
Set objRoot = objSession.GetFolder("")
Set objFreeBusyFolder = objRoot.Folders.Item("FreeBusy Data")
ACLObj.CDOItem = objFreeBusyFolder
Set FolderACEs = ACLObj.ACEs
For each fldace in FolderACEs
if fldace.ID = "ID_ACL_DEFAULT" then
fldace.rights = 1123
ACLObj.update
end if
Next
End function
Changing the default permissions on user’s calendars to reviewer is something that comes up now and again in different companies for different reasons. Automating this with script is relatively straight forward if you use the ACL.dll which you can get a copy of from the sample on CDOLive http://www.cdolive.com/aclviewer.htm.
Actually the day after I wrote the below script I found another utility that someone had created call setperm that gives you a nice GUI to this. As well as that it gives you the ability to change permissions on other folders other then the calendar. The original web site that hosted this utility seems to be gone now (which is a shame it because it had some good stuff) but you can still download the utility from http://www.slipstick.com/files/setperm.zip . There's also a third party application from Symprex that can do this go here for details.
If your still interested in the script version here it is it mostly based around http://support.microsoft.com/?kbid=240911 . Some ADSI has been added to select all the users from the GAL for a particular server in the servername variable and some file logging is done to track all the user that are updated. I’ve put a downloadable copy of the code here the script looks like
Public Const CdoDefaultFolderCalendar = 0
servername = wscript.arguments(0)
set conn = createobject("ADODB.Connection")
set com = createobject("ADODB.Command")
Set iAdRootDSE = GetObject("LDAP://RootDSE")
strNameingContext = iAdRootDSE.Get("configurationNamingContext")
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
svcQuery = "<LDAP://" & strNameingContext &
">;(&(objectCategory=msExchExchangeServer)(cn=" & Servername &
"));cn,name,legacyExchangeDN;subtree"
Com.ActiveConnection = Conn
Com.CommandText = svcQuery
Set Rs = Com.Execute
while not rs.eof
GALQueryFilter = "(&(&(&(& (mailnickname=*)(!msExchHideFromAddressLists=TRUE)(|
(&(objectCategory=person)(objectClass=user)(msExchHomeServerName=" &
rs.fields("legacyExchangeDN") & ")) )))))"
strQuery = "<LDAP://" & strDefaultNamingContext & ">;" & GALQueryFilter &
";distinguishedName,mail,mailnickname;subtree"
com.Properties("Page Size") = 100
Com.CommandText = strQuery
Set Rs1 = Com.Execute
while not Rs1.eof
call dofreebusy(servername,rs1.fields("mailnickname"))
wscript.echo "Setting Permission on: " & rs1.fields("mailnickname")
rs1.movenext
wend
rs.movenext
wend
rs.close
set conn = nothing
set com = nothing
wscript.echo "Done"
function dofreebusy(servername,mailboxname)
Set objSession = CreateObject("MAPI.Session")
objSession.Logon "","",false,true,true,true,servername & vbLF & mailboxname
Set CdoInfoStore = objSession.GetInfoStore
Set CdoFolderRoot = CdoInfoStore.RootFolder
Set ACLObj = CreateObject("MSExchange.aclobject")
set cdocalendar = objSession.GetDefaultFolder(CdoDefaultFolderCalendar)
ACLObj.CDOItem = cdocalendar
Set FolderACEs = ACLObj.ACEs
getpermissions = mailboxname & ": "
For each fldace in FolderACEs
if fldace.ID = "ID_ACL_DEFAULT" then
fldace.rights = 1025
ACLObj.update
end if
getpermissions = getpermissions & fldace.ID & "-" & fldace.rights
Next
'FreeBusy Update
Set objRoot = objSession.GetFolder("")
Set objFreeBusyFolder = objRoot.Folders.Item("FreeBusy Data")
ACLObj.CDOItem = objFreeBusyFolder
Set FolderACEs = ACLObj.ACEs
For each fldace in FolderACEs
if fldace.ID = "ID_ACL_DEFAULT" then
fldace.rights = 1123
ACLObj.update
end if
Next
End function