Show Calendar Permission as a Report

Our 2nd level support came up to me earlier this week with a with a request about calendar permissions. He asked me if there is a way to get a report about, which user has which permission on which Room mailbox calendar.

However, this can be done in multiple ways, I prefer to use PowerShell for that. We can run simple PowerShell commands to reach the goal by pulling the results in a variable and continue with them. Or, what I prefer, we write a short script for that.

The challenge to reach the goal is that we need three Exchange PowerShell commands for that. The commands are:

  • Get-Mailbox
  • Get-MailboxFolderStatistics
  • Get-MailboxFolderPermissions


In this article, I want to show you the steps, how to create a small script to get this specific report:



Collecting information

First, we need to collect the Mailbox information, which we can do with the Get-Mailbox cmdlet. There are different ways to do that. The most common one is to do it this way:


Let me explain this command:

In our company, the CustomAttribute15 stays for the Company organisation. Because of requested permission for the Room mailboxes, we have used the RecipientTypeDetails “RoomMailbox”. However, the command starts with Get-Mailbox –ResultSize unlimited. This is that we do not run into a limitation, because we do not always know, how many mailboxes we have.


The problem in this command, at least by us, sis that we have a huge Exchange organization and running this command like shown will take too much time. The reason for that is, that Get-Mailbox command with parameter –ResultSize unlimited collects information about ALL Mailboxes in our environment. After that the filters like RecipientTypeDetails and CustomAttribute15 will be used.

To prevent the time lost we can modify our first command a bit. If we use this one:


We filter already running Get-Mailbox cmdlet in the beginning. That means, the indicated queue is slimmer and on them the RecipientTypeDetails can be filtered.

For our script we need to push the result in a variable. So it will look like this:



Gettering additional information

In our next steps we need to collect information from Get-MailboxFolderStatistics cmdlet. However, here we need to think about two things: first of all we need to create a foreach to merge the results. That looks like this:


We need the alias from each Mailbox we have collected earlier in this article. Second thing we have to think about is that we need only the permission for the calendars. Working in a bilingual company the calendar can be named in English (calendar) or in German (Kalender) to prevent errors we can filter by FolderType. However, the command we need can look like this:


So, like by the Get-Mailbox cmdlet we need to queue the result in a variable. Then the command will look like this:


Now we take our variables with the result and point to the Identity. Than we convert it to a string and for report reason, we replace the “\” with “:\”. The command looks than like this:


Now we continue with our third main command to get the permissions. We need all permissions that we have set in the variable $identity, the good think is, we simply use this variable for our next command. However, the new command we also set is a variable and then it can look like this:


Now we continue with our second foreach to merge the results and create new Objects for our export. I went this way:


Now we got all information we need!



Creating the report

After having scripted the whole logic, we need now to create the export. Usually we can simply use the Export-CSV cmdlet for that. However, after writing this script which we can use more often than just once, we also can make some nice export.

One point about the export is where to save it? I prefer to have the CSV File on the same place, from where I have ran the Script. For that we can use the following command:


Here we also definite the name of our report.

As we have created earlier in this article that the whole result will be saved in the variable $result, we just need to select three information we need for our report and encode the CSV for a better view. This command can look like this:



The whole script

Now we got all parts of the script for our Report, for the end let us have a look how the script looks like:


What we can do now if we want to set an information Header. In this case I didn’t make one, but to show an example, it could look like this (example is from another script):


Writing a script do not has to be a complicated thing. Browsing across the Microsoft Technet I see huge and fantastic Scripts written by Paul Cunningham, Steve Goodman and others. It is great to have this kind of professionals in our community, but that doesn’t mean that smaller scripts from people with lower PowerShell skills are worthless. My advice to all out there: Simply do! We learn by doing, if possible build a small demo infrastructure to test the scrips you have created, and working with it will bring the success and bigger PowerShell projects. Paul Cuningham has written an article on his Blog on about PowerShell scripting, this Article I can highly recommend you! You can find it by following this Link HERE.




Photo by Mike Kononov on Unsplash

Leave a Reply

Your email address will not be published. Required fields are marked *