Sorry, I am new here. Unsure where to put this post, basically I am going to copy and paste the email I sent to microsoft and add in my powershell script. I am hoping maybe someone has come across this same issue and knows how to resolve it.

Here is what I want to do:
I would like to be able to control mail calendar delegation through a mail-enabled active directory distribution group. I set the proper permissions through powershell that I had for the users which were working fine. So basically on my rooms I now have a distribution group listed as the delegate. I added the members to the delegate dist group. They receive the requests for approval of meetings, but cannot accept, telling them no permission to open. If I add a user directly as a delegate using the same command, they can accept. Also, when using the dist group they can not open the room calendar, just like the error said.

So, I granted the group full access on the box. Same results. I added the user to full access then they could open. I would prefer to do the delegation through active directory, makes things more organized, one location to look in.

Is there a way I can grant permissions like owner or editor to the group on the calendar through powershell? I am thinking this might resolve my problem. Or am I going about this the entirely wrong way? I attached the scripts I wrote, they are kind of messy as I was playing around trying to get this to work.

Any assistance would be great!


$strUserFilter = "msExchResourceMetaData=ResourceType:Room"

$root = [adsi]""
$rootdn = $root.distinguishedName

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 100000
$objSearcher.Filter = $strUserFilter
$objSearcher.SearchScope = "Subtree"

$colUser = "name"
foreach ($i in $colUser){$objSearcher.PropertiesToLoad.Add($i)}
$colUserResults = $objSearcher.FindAll()
$sAMAccountName = @()
foreach ($objUserResult in $colUserResults)
$sAMAccountName += $
#sets the proper security group name
$caldelname = $sAMAccountName[$arrayCounter] + "-Delegates"
$calsecname = $sAMAccountName[$arrayCounter] + "-Full"
#the alias name can have no spaces
$aliasname = $caldelname.replace(" ","")
#could not use dsadd, needs to be mail enabled group
# dsadd group "CN=$calsecname,OU=Groups,OU=UWP Resources,DC=ad,DC=UWP,DC=edu" -samid $calsecname -secgrp yes
# new-DistributionGroup -Name $caldelname -Type 'Distribution' -OrganizationalUnit ' Resources/Groups' -SamAccountName $caldelname -Alias $aliasname

#Not needed after first run, just adds delegates to newly created groups
# $delegates = (Get-MailboxCalendarSettings $sAMAccountName[$arrayCounter]).resourcedelegates
# $group = [adsi]("LDAP://cn=$caldelname, ou=groups, ou=uwp resources,"+$rootdn)
# ForEach ($user in $delegates)
# {
# $user.DistinguishedName
# $members = $group.member
# $group.member = $members+$user.distinguishedName
# $group.setinfo()
# }

#Fix broken stuff of adding the group to itself upon multiple runs
# $group = Get-Group $aliasname
# $username = $aliasname
# $user = get-user $username
# $userdn = $user.distinguishedName
# $newgroupmembers = $group.members | Where-Object { $ -notmatch “$username” }
# $groupdn = $group.distinguishedName
# $fqgroup = [adsi]“LDAP://$groupdn”
# $fqgroup.Member.Remove($groupdn)
# $fqgroup.setInfo()

#Sets proper permissions to group settings
Add-MailboxPermission $sAMAccountName[$arrayCounter] -User $caldelname -AccessRights FullAccess
set-mailboxcalendarsettings -identity $sAMAccountName[$arrayCounter] -resourcedelegates $caldelname -BookInPolicy $caldelname -RequestOutOfPolicy $caldelname -RequestInPolicy "All Exchange Users" -TentativePendingApproval $false
Set-MailboxCalendarSettings -Identity $sAMAccountName[$arrayCounter] -automateprocessing:autoaccept -AllBookInPolicy $false -AllRequestInPolicy $true -AllRequestOutOfPolicy $false