EXCHANGE   Exchange 2013 – Assign permissions to book room resources



I created some room mailboxes in Exchange 2010 and gave book permissions to some users using EMC (Exchange Management Console).

Now, after migrating all my mailboxes to Exchange 2013, I need to change some permissions on the room mailboxes. But no way to perform the changes in the web console.

The only way to view and modify booking permissions is by executing powershell commands (Get-CalendarProcessing and Set-CalendarProcessing).

Show the permissions

[PS] C:\> Get-CalendarProcessing "Test Room" | fl AutomateProcessing,*Policy

AutomateProcessing    : AutoAccept
RequestOutOfPolicy    : {}
AllRequestOutOfPolicy : False
BookInPolicy          : {}
AllBookInPolicy       : True
RequestInPolicy       : {}
AllRequestInPolicy    : False

Everyone has permissions to book directly – BookInPolicy (without being subject to approval by a delegate – RequestInPolicy)

Disable AllBookInPolicy

[PS] C:\> Set-CalendarProcessing "Test Room" -AllBookInPolicy $False
[PS] C:\> Get-CalendarProcessing "Test Room" | fl AutomateProcessing,*Policy

AutomateProcessing    : AutoAccept
RequestOutOfPolicy    : {}
AllRequestOutOfPolicy : False
BookInPolicy          : {}
AllBookInPolicy       : False
RequestInPolicy       : {}
AllRequestInPolicy    : False

Now no one has permissions. When trying, the "Declined" message will be received with the message "You don't have permission to book this resource".
You dont have permission to book this resource

Grant permissions to one user

[PS] C:\> Set-CalendarProcessing "Test Room" -BookInPolicy "user1@mydomain.com"
[PS] C:\> Get-CalendarProcessing "Test Room" | fl AutomateProcessing,*Policy

AutomateProcessing    : AutoAccept
RequestOutOfPolicy    : {}
AllRequestOutOfPolicy : False
BookInPolicy          : {/o=MYORG/ou=First administrative group/cn=Recipients/cn=user1}
AllBookInPolicy       : False
RequestInPolicy       : {}
AllRequestInPolicy    : False

Now the user with email user1@mydomain.com can book room resources.

Grant permission to more users

[PS] C:\> Set-CalendarProcessing "Test Room" -BookInPolicy "user1@mydomain.com","user2@mydomain.com"
[PS] C:\> Get-CalendarProcessing "Test Room" | fl AutomateProcessing,*Policy

AutomateProcessing    : AutoAccept
RequestOutOfPolicy    : {}
AllRequestOutOfPolicy : False
BookInPolicy          : {/o=MYORG/ou=First administrative group/cn=Recipients/cn=user1, /O=MYORG/OU=First administrative group/CN=RECIPIENTS/CN=user2}
AllBookInPolicy       : False
RequestInPolicy       : {}
AllRequestInPolicy    : False

When executing the command, it sets the BookInPolicy parameter, so we have to write as parameter not only the user to be added, but also the ones who already had the permissions granted.

A better way to add new users could be this:

[PS] C:\> Set-CalendarProcessing "Test Room" -BookInPolicy ((Get-CalendarProcessing -Identity "Test Room").BookInPolicy += "user2@mydomain.com")

 

7 thoughts on “Exchange 2013 – Assign permissions to book room resources

    • By setting the modified fields to the default values (False, $null, …)

      F.e:
      Set-CalendarProcessing “Test Room” -AutomateProcessing AutoAccept -BookInPolicy $null -AllBookInPolicy $False -RequestInPolicy $null … …

  1. I need to set up a room where only a set group of users is allowed to book, everyone else is denied. But even for those allowed users, their meetings still need to be approved by the delegates assigned to the room.

    So here’s what I have set up:
    ResourceDelegates : {user1, user2}
    RequestOutOfPolicy : {}
    AllRequestOutOfPolicy : False
    BookInPolicy : {Allowed users / Distribution Group}
    AllBookInPolicy : False
    RequestInPolicy : {}
    AllRequestInPolicy : False

    … but it appears that the users in the “BookInPolicy” setting is having their meeting auto-accept anyways without “Pending Approval”.

    Pending approval is the desired result. How do I get that?

Leave a Reply

Your email address will not be published. Required fields are marked *