Microsoft Exchange calandar access rights changer for Enterprise (requested by Luminus Solutions) https://luminussolutions.be
Go to file
2022-08-26 14:10:42 +02:00
utils Increase speed of permission acquisition 2022-08-26 14:10:42 +02:00
.gitignore ajout readme + début des tests 2022-08-25 18:17:55 +02:00
configs.ps1 Cloturation développement version 1.1.0 2022-08-26 09:48:05 +02:00
README.md Increase speed of permission acquisition 2022-08-26 14:10:42 +02:00
run-script.ps1 Increase speed of permission acquisition 2022-08-26 14:10:42 +02:00

EXCAL-ARIGHTS

Donate Website

Current version : 1.1.1

Description

ExCal-ARights is a script to automate the change of permissions on Microsoft Exchange Server calendars. This script allows you to define your own configuration (see Use->Configuration). Moreover, any action performed by ExCal-ARights is recorded so that you can confirm and view the changes after application.

You can also choose to quit the script before starting the change of permissions. As well as previewing the permissions of all calendars before and after the change. The permissions preview does not consider the configuration filters, it previews all users.

Requierements

To use this script you need the following software and libraries. See the installation section for more information.

  • Windows >= v7 ;
  • Windows ExecutionPolicy == Unrestricted (default status on windows) ;
  • PowerShell >= v5.2 ;
  • PowerShell's ExchangeOnlineManagement module >= v2.0.5 ;
  • Administrator account on the Exchange server.

Installation

To install Windows 11 see the requirement at https://www.microsoft.com/en-us/windows/windows-11-specifications (check minimum version above). To install powershell 7 use the command below in your Pshell (check minimum version above).

iex "& { $(irm https://aka.ms/install-powershell.ps1) } -UseMSI"

To install the powershell ExchangeOnlineManagement module execute the command below in Pshell.

Install-Module -Name ExchangeOnlineManagement

Windows Policy Tips :

Get-ExecutionPolicy                 # get the current policy
Get-ExecutionPolicy -List           # get the current policies on the all device

Set-ExecutionPolicy Unrestricted    # set the policy to unrestricted
Set-ExecutionPolicy Restricted      # set the policy to restricted

Use

Clone or download and extract this repository from its archive. Open the configs.ps1 script and configure it. Then run the run-script.ps1 file and follow the indications.

After the process you should find a log file with the process details.

Exchange Server Structure

Regardons ici à quoi resemble la structure d'un server Exchange au niveau de la répartition des dossiers et permissions d'accès par utilisateur.

  1. Is the first level and represents a user. [*1]
  2. Is the second level and represents a folder in our case a calendar. This level can contain several items (folders). [*2]
  3. Is the third level and represents the authorizations assigned to a specific user to the folder by the 1st level owner user. [*3]
    • "Default" user represents the authorizations for all persons for which the authorizations have not been defined manually.
    • "Anonymous" user should have None permission (authorizations for anyone outside the organization).
Exchange_Server:
├───User-1              [*1]
│   └───Calandar        [*2]
│       ├───Default     [*3]
│       └───Anonymous
├───User-2
│   └───Agenda
│       ├───Default
│       ├───Anonymous
│       └───User-3
└───User-3
    ├───Agenda-2
    │   ├───Default
    │   ├───Anonymous
    │   └───User-1
    └───Calandar
        ├───Default
        ├───Anonymous
        ├───User-1
        ├───User-2
        └───User-3

Configuration

New permission

This variable allows you to configure the permission that will replace the current permission (if the current permission fires the trigger). You can find here the list of permissions on the Microsoft website.

$Permission = "Reviewer"

Trigger permission

This variable is used to define the list of permissions that should be changed. We call this list of permissions the list of triggers.

$PermissionsTrigger = @("LimitedDetails", "AvailabilityOnly")

Folder to process

This variable defines the list of caller names to be processed. If a user has more than one calendar in this list, all calendars in the list will be impacted.

In the structure we are on the *2nd level.

$CalandarFolders = @("Agenda", "Calendar", "Calendrier", "Kalender")

User to exclude

This variable defines a list of email aliases of users whose calendars should be ignored (in short, the calendars of these people will not be checked or processed). An alias is that part of the email address (contact@endmove.eu).

In the structure we are at the *1st level.

$IgnoreAlias = @("jeremi.nihart", "contact.endmove")

Permission of user to skip

This variable defines a list of user names whose authorizations that the 1st level users have defined in their own calendars must be ignored.

In the structure we are on the *3rd level.

$IgnoreUsers = @("Anonymous", "Nihart Jérémi", "Jone Michel")

Admin Exchange account

This variable defines the email of an administrator account with edit and write permissions on the Microsoft Exchange server.

$AdminAccount = "admin@endmove.eu"

Logs file name

This variable defines the name of the log file. The $Time variable contains the complete date and time.

$LogFile = "logs-$time.log"

Script name

This variable is used to define the name of the script, in our case ExCal-ARights.

$ScriptName = "EXCAL-ARIGHTS"