I created some room mailboxes in Exchange 2010 and gave book permissions to some users using EMC (Exchange Management Console).
Now, after migrating all my mailboxes to Exchange 2013, I need to change some permissions on the room mailboxes. But no way to perform the changes in the web console.
The only way to view and modify booking permissions is by executing powershell commands (Get-CalendarProcessing and Set-CalendarProcessing).
Show the permissions
[PS] C:\> Get-CalendarProcessing "Test Room" | fl AutomateProcessing,*Policy
AutomateProcessing : AutoAccept
RequestOutOfPolicy : {}
AllRequestOutOfPolicy : False
BookInPolicy : {}
AllBookInPolicy : True
RequestInPolicy : {}
AllRequestInPolicy : False
Everyone has permissions to book directly – BookInPolicy (without being subject to approval by a delegate – RequestInPolicy)
Disable AllBookInPolicy
[PS] C:\> Set-CalendarProcessing "Test Room" -AllBookInPolicy $False
[PS] C:\> Get-CalendarProcessing "Test Room" | fl AutomateProcessing,*Policy
AutomateProcessing : AutoAccept
RequestOutOfPolicy : {}
AllRequestOutOfPolicy : False
BookInPolicy : {}
AllBookInPolicy : False
RequestInPolicy : {}
AllRequestInPolicy : False
Now no one has permissions. When trying, the "Declined" message will be received with the message "You don't have permission to book this resource".
Grant permissions to one user
[PS] C:\> Set-CalendarProcessing "Test Room" -BookInPolicy "user1@mydomain.com"
[PS] C:\> Get-CalendarProcessing "Test Room" | fl AutomateProcessing,*Policy
AutomateProcessing : AutoAccept
RequestOutOfPolicy : {}
AllRequestOutOfPolicy : False
BookInPolicy : {/o=MYORG/ou=First administrative group/cn=Recipients/cn=user1}
AllBookInPolicy : False
RequestInPolicy : {}
AllRequestInPolicy : False
Now the user with email user1@mydomain.com can book room resources.
Grant permission to more users
[PS] C:\> Set-CalendarProcessing "Test Room" -BookInPolicy "user1@mydomain.com","user2@mydomain.com"
[PS] C:\> Get-CalendarProcessing "Test Room" | fl AutomateProcessing,*Policy
AutomateProcessing : AutoAccept
RequestOutOfPolicy : {}
AllRequestOutOfPolicy : False
BookInPolicy : {/o=MYORG/ou=First administrative group/cn=Recipients/cn=user1, /O=MYORG/OU=First administrative group/CN=RECIPIENTS/CN=user2}
AllBookInPolicy : False
RequestInPolicy : {}
AllRequestInPolicy : False
When executing the command, it sets the BookInPolicy parameter, so we have to write as parameter not only the user to be added, but also the ones who already had the permissions granted.
A better way to add new users could be this:
[PS] C:\> Set-CalendarProcessing "Test Room" -BookInPolicy ((Get-CalendarProcessing -Identity "Test Room").BookInPolicy += "user2@mydomain.com")