Configuring Resource Mailboxes via MSH/Powershell
I'd previously blogged here about Resource booking in Exchange 2007 and talked about configuring resource booking via OWA. Unbeknownst to me, the ability has existed to manage these settings via the Exchange Management Shell as well. Cool! Now you don't have to grant another user account full mailbox access to the resource mailbox and
OK - let's cover the settings that need to be changed. First of all, you create the resource mailbox. By now, this should be a trivial task, so I won't cover that, other than to mention one thing. When you create a resource mailbox, it will create a disabled user account (if you choose to create a new account). Because a disabled user account is being created, there is no need to specify a password. Sure, you can, but it isn't necessary, so that eliminates one step. Plus, this gives you the added benefit that you won't be able to enable the account in the future (unless you change the password security settings on the Default Domain GPO) as the password won't meet the complexity requirements.
Now, let's list the various mailbox calendar settings that are visible by default. To get these settings, we run Get-MailboxCalendarSettings alias |fl (I created a mailbox called Projector 1 with an alias of proj1, so that's the output you will see), and we get the following:
[PS] C:\>Get-MailboxCalendarSettings proj1 |fl
AutomateProcessing : AutoUpdate
AllowConflicts : False
BookingWindowInDays : 180
MaximumDurationInMinutes : 1440
AllowRecurringMeetings : True
EnforceSchedulingHorizon : True
ScheduleOnlyDuringWorkHours : False
ConflictPercentageAllowed : 0
MaximumConflictInstances : 0
ForwardRequestsToDelegates : True
DeleteAttachments : True
DeleteComments : True
RemovePrivateProperty : True
DeleteSubject : True
DisableReminders : True
AddOrganizerToSubject : True
DeleteNonCalendarItems : True
TentativePendingApproval : True
EnableResponseDetails : True
OrganizerInfo : True
ResourceDelegates : {}
RequestOutOfPolicy :
AllRequestOutOfPolicy : False
BookInPolicy :
AllBookInPolicy : True
RequestInPolicy :
AllRequestInPolicy : False
AddAdditionalResponse : False
AdditionalResponse :
RemoveOldMeetingMessages : True
AddNewRequestsTentatively : True
ProcessExternalMeetingMessages : False
DefaultReminderTime : 15
RemoveForwardedMeetingNotifications : False
Identity : BEN104LQ.com/Users/Projector 1
If we compare that to a resource mailbox that has been configured using OWA, you'll notice that there is only one difference – that is the value set for the AutomateProcessing setting. If you notice, it's set right now to AutoUpdate. That means that meeting requests will be auto placed as tentative, but they will not be automatically accepted. Changing this is accomplished by running
set-mailboxcalendarsettings proj1 -automateprocessing:autoaccept
If you want your resource mailbox to automatically accept meeting requests based on the default logic (which is pretty good), that's all you have to do. However, if you want to lock down the resource booking options, you certainly have the option to do so as well. Let's take a look at a few of the options available to lock down resource mailboxes. Most of the settings on the top are pretty self-explanatory, so I won't talk about those. Let's focus instead on some of the policy-based settings, such as AllBookInPolicy, AllRequestOutOfPolicy, RequestInPolicy, etc.
Note that there are two different terms that get used here. Book, and Request. The Book right allows users to actually book meetings (requests automatically accepted). The Request right allows users to request a meeting, but the meeting is subject to approval by a delegate (or someone logging on to the resource mailbox and accepting the meeting request). The default options allow all users to book resources if they are within the set policies (up to 180 days in the future, up to 1440 minutes in duration, etc.), and will reject all other meetings. Using the RequestOutOfPolicy field, you can manually add users that are allowed to request meetings that are not within the policy, and if you really want to lock things down, you can set the AllBookInPolicy value to False, and then manually add users to the BookInPolicy field, or more restrictive, to the RequestInPolicy field. Compared to the options that were available with Exchange 2003, these settings are vastly superior in terms of the ability to lock down and customize permissions.
I also really like the fact that you can add a customized message (even via MSH! – note the AdditionalReponse setting, which can even contain HTML code!!!). Oh, and lest I forget, if for some reason your request is denied, the response will now include the exact reason why it was denied (meeting too long, don't have rights, etc.). This is a Huge improvement. Try it. Set up some restrictions, and then send a meeting request you know will be denied. Note how easy it is to interpret the reason why it was denied.
As before, you adjust any of these settings via the set-mailboxcalendarsettings command. Also, remember that if you aren't sure what a setting controls, use the get-help command (or simply help). Running "help set-mailboxcalendarsettings" will list all of the settings and what you can put for the value.
With my previous post, you now know how to configure resource mailboxes both via OWA (via having been granted FullAccess rights to the mailbox), and via Command Shell. While I suspect that many will prefer to use some sort of GUI, at least the option is available to configure these settings via MSH/PowerShell. Plus, I'm sure it would be fairly easy to create a one-liner powershell script to create the mailbox and automatically configure all the settings you want.
Comments
Anonymous
October 24, 2006
Awesome post, this is the first one I've ever seen on *-mailboxcalendarsettings :) Having the example of a combined new-mailbox set-mailboxcalendarsettings script is a great idea too...Anonymous
May 23, 2011
Great post - but how do i get it to automatically accept all meeting invitations from external users. Today they always ends up in the calendar marked as Tentative.... I would like that it is accepted and that there is sent an acceptance mail back to the initiator ?? BR Ulrik