How to check Shared mailbox’s Access Rights via Powershell

How to check Shared mailbox’s Access Rights via Powershell

Managing Office 365 Calendar Permissions with PowerShell (Updated 2025)

I had to do this recently, and as usual, PowerShell made life far easier. For managing Office 365 (Exchange Online) calendar permissions, PowerShell is faster, more repeatable, and far better suited for bulk changes than the admin portal.


1. Connect to Your Tenant

Before running any commands, connect to your Exchange Online environment.
If you haven’t already installed the Exchange Online PowerShell V3 module, do so with:

Install-Module ExchangeOnlineManagement

Then connect:

Connect-ExchangeOnline


2. Checking Permissions

Single Mailbox Calendar:
Get-EXOMailboxFolderPermission -Identity [email protected]:\Calendar
This lists all current permissions for that user’s calendar. Replace [email protected] with your target user.

All Mailboxes (Default Permissions Only):
Get-EXOMailbox -ResultSize Unlimited | ForEach-Object { Get-EXOMailboxFolderPermission “$($.PrimarySmtpAddress):\Calendar” } | Where-Object { $.User -like “Default” } | Select-Object Identity, User, AccessRights

Tip: Use “Calendar” in English tenants, or replace it with the localized folder name (e.g., Kalender, Calendrier). You can detect the correct name with:
Get-EXOMailboxFolderStatistics [email protected] | Where-Object {$_.FolderType -eq “Calendar”} | Select Name


3. Understanding Permission Levels

Owner — Full control of the folder: read, create, modify, delete items and folders, plus manage permissions.
PublishingEditor — Read, create, modify, delete all items/subfolders (except permission changes).
Editor — Read, create, modify, delete items (no subfolder creation).
PublishingAuthor — Create and read all items/subfolders, but can modify/delete only own items.
Author — Create and read items, modify/delete only own.
NonEditingAuthor — Read all, create items, delete only own.
Reviewer — Read items only.
Contributor — Create items/folders, but can’t read them.
AvailabilityOnly — See Free/Busy only.
LimitedDetails — See Free/Busy plus meeting subjects and locations.
None — No access.


4. Granting Permissions

Grant one user access to another’s calendar:
Add-MailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected] -AccessRights Editor

You can replace Editor with Reviewer, LimitedDetails, etc.

Set default access for everyone in the tenant:
Set-MailboxFolderPermission -Identity [email protected]:\Calendar -User Default -AccessRights Reviewer

Bulk Add from CSV (users.csv example contains a column called alias):
Import-Csv .\users.csv | ForEach-Object { Add-MailboxFolderPermission -Identity “[email protected]:\Calendar” -User $_.alias -AccessRights Owner }


5. Removing Permissions

Remove a specific user’s access:
Remove-MailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected]

Reset all permissions to default:
Get-MailboxFolderPermission [email protected]:\Calendar | Where-Object { $.User -notin @(“Default”,”Anonymous”) } | ForEach-Object { Remove-MailboxFolderPermission -Identity $.Identity -User $_.User -Confirm:$false }


6. Extra Tips (2025)

  • Use Get-EXOMailboxFolderPermission and Set-MailboxFolderPermission from the EXO V3 module for better performance and reliability.
  • When granting permissions, you can now send notifications automatically:
    Add-MailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected] -AccessRights Reviewer -SendNotificationToUser $true
  • For delegate scenarios, consider SharingPermissionFlags to control forwarding/meeting requests.
  • Always test on one mailbox before running bulk updates.

PowerShell will get this done in seconds—tasks that could take hours in the GUI—especially when managing hundreds of users. Just remember to adapt the commands to your tenant’s folder names, permission policies, and language settings.

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply