Setting Calendar permissions right after mailbox creation

Customer is running Exchange 2013 with approx. 2500 mailboxes. When looking at calendars and sharing information through the availability service only the availability (free, busy or tentative) is shown. No details are shown by default.

Customer now request to publish more information so that users that want to schedule a meeting can see the details of other user’s appointments. This should not only be configured for existing users, but new users should receive this setting directly when provisioned.

For example, when configuring this for a user called Kim Akers (kima@exchangelabs.nl) for all users you can use the following Exchange PowerShell command:

Set-MailboxFolderPermission kima:\Calendar -User Default -AccessRights Reviewer

When scheduling a meeting with Kim Akers I can now see her appointment details in Outlook, and I can open the appointment to see all details (read-only) of this appointment as shown in the following two screenshots:

image

image

Note. Check the Set-MailboxFolderPermission article on Microsoft TechNet for all details regarding the permissions that can be assigned.

One thing though, you have to be careful with the language setting. If the user has configured the Mailbox for the Dutch Language (nl-NL), you should use change the folder name, like this:

Set-MailboxFolderPermission kima:\Agenda -User Default -AccessRights Reviewer

For existing users, this is easy to configure, just use the previous PowerShell command. When creating new Mailbox you can use the cmdlet extenstion agent in Exchange Powershell. This is explained in the Cmdlet Extension Agents Part 2: Postconfiguring Mailboxes blogpost written by Michel de Rooij.

To avoid the language setting issue you can use the Get-MailboxFolderStatistics cmdlet and read the name of the first (calendar) folder. This name is used in the Set-MailboxFolderPermission command.

When configuring the cmdlet extension for the New-Mailbox command the following XML needs to be created:

<?xml version="1.0" encoding="utf-8" ?>
<Configuration version="1.0">
<Feature Name="MailboxProvisioning" Cmdlets="New-Mailbox,Enable-Mailbox">
<ApiCall Name="Validate">
# Makes sure readOnlyIConfigurable is available in OnComplete
</ApiCall>
<ApiCall Name="OnComplete">
$DC = [string]($readOnlyIConfigurable.OriginatingServer)
$Identity= [string]($readOnlyIConfigurable.Identity)
If($succeeded) {
  $TimeOut= (Get-Date).AddSeconds(120)
  While( -not( Get-Mailbox -Identity $Identity -DomainController $DC) -and (Get-Date -lt $Time)) {
  Sleep 1
}
$CalendarIdentity= ('{0}:\{1}' -f $Identity, (Get-MailboxFolderStatistics -Identity $Identity -FolderScope Calendar -DomainController $DC| Select -First 1).Name)
Set-MailboxFolderPermission -Identity $CalendarIdentity -User Default -AccessRights Reviewer -DomainController $DC
}
</ApiCall>
</Feature>
</Configuration>

Note. Special thanks to Michel de Rooij for troubleshooting my provisioning issues here 🙂

Store this file using the ScriptingAgentConfig.xml filename in the C:\Program Files\Microsoft\Exchange Server\V15\Bin\CmdletExtensionAgents directory on the Exchange 2013 server. If you have multiple Exchange servers you have to repeat this on all Exchange servers. If you forget one server you might run into the following error:

image

To enable the Cmdlet Extension agents you have to enable the Cmdlet extension agent on all your Exchange servers using the following PowerShell command:

Enable-CmdletExtensionAgent “Scripting Agent”

When implemented a new Mailbox is created and the requested permissions are set.

More information

Set-MailboxRegionalConfiguration – https://technet.microsoft.com/en-us/library/dd351103(v=exchg.160).aspx

Standard Date and Time Format Strings – https://msdn.microsoft.com/library/az4se3k1(v=vs.110).aspx

DKIM in Office 365

Microsoft has implemented DKIM, DMARC and SPF in Exchange Online, the only thing you have to do is enable it. The only thing for DKIM you have to do is create two CNAME records in DNS and enable DKIM in the Exchange Admin Center.

DKIM CNAME records

The CNAME records you have to create for DKIM look like this:

selector1._domainkey.contoso.com
selector2._domainkey.contoso.com

Selector1 and selector 2 are the 2 selector tags (in Office 365 these will always be selector1 and selector2), the _domainkey is a default tag that will be added. Of course you have to replace the contoso.com with your own domain.

The CNAME records have to point to the following locations:

selector1-contoso-com._domainkey.contoso.onmicrosoft.com
selector2-contoso-com._domainkey.contoso.onmicrosoft.com

Continue reading DKIM in Office 365