Outlook 2016 Calendar Sharing - "You Don't Have Permission To Create An Entry In This Folder"Outlook 2016 Calendar Sharing - "You Don't Have Permission To Create An Entry In This Folder"
SCENARIO
You try and share a calendar in Outlook 2016. When the person who has EDITOR accessrights adds the shared calendar to their Outlook, they get the following message:
"You Don't Have Permission To Create An Entry In This Folder...."
RESOLUTION
There can be many reasons why this is happening. Ultimately it is a permission issue or a cache permission issue.
1-check to see if the calendar has the correct permissions.
Show Calendar Permissions
Get-MailboxFolderPermission foo.user:\calendar
Add Calendar Permissions
Add-MailboxFolderPermission foo.user:\calendar -User foo.user2 -AccessRights Editor
The non-working mailbox calendar has the correct permissions and it still doesn't work.
2-temporarily change the primary smtp address on the shared account.
Don't ask me why but I've witnessed that if the shared account ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) changes the primary smtp email address domain ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) sometimes the person trying to access the calendar can suddenly edit the calendar if they remove the calendar and add it back in. Here's how...
On OUTLOOK where you are trying to access the shared calendar:
-click CALENDAR (bottom-left).
-find OTHER CALENDARS.
-right-click on the calendar-name.
-click DELETE CALENDAR (don't worry, this only removes the calendar. It doesn't actually delete the calendar).
-close OUTLOOK.
-change primary smtp via ECP (web interface) from This e-mail address is being protected from spambots. You need JavaScript enabled to view it to: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
-open OUTLOOK.
-be sure address is updated in ADDRESS-BOOK (global-address-list).
-click CALENDAR (bottom-left).
-find OTHER CALENDARS.
-right-click OTHER CALENDARS > ADD CALENDAR > OPEN SHARED CALENDAR.
-type in the name of the person.
-click OK.
-wait about 10 seconds.
WORKS WITH NEW DOMAIN!!! And can edit the calendar.
-remove the shared calendar (same as above).
-change primary smtp via ECP (web interface)from This e-mail address is being protected from spambots. You need JavaScript enabled to view it to: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
-added calendar (same as above).
WORKS WITH ORIGINAL DOMAIN!!! And can edit the calendar.
It is important to note that changing via Exchange Management Shell (EMS) did not work and resulted in the original error.
$Set-Mailbox foo.user -PrimarySmtpAddress
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
$Add-MailboxFolderPermission foo.user:\calendar -User foo.user2
I'm not sure if this is an emailaddresses issue. Or a missing value in one of the keys that is changed in the ECP and not in the EMS. Or if it is a global-address cache issue. Or if it a GAL sync issue that takes time. All I can tell you is that I performed the steps above and it worked. Took me a good 30 hours or so to figure that out.
In any event, I checked the following but nothing produced any meaningful results concerning this issue:
$Get-mailboxpermission foo.user |fl
$Get-Mailbox foo.user| Select-Object -ExpandProperty EmailAddresses
$Get-CalendarProcessing foo.user |fl
$Get-CASmailbox foo.user| fl
3-check the offlineaddressbook setting for the mailboxdatabase
Somewhere along the line during initial install, a CU update or creation of a new mailboxdatabase, the OFFLINEADDRESS book key is blank/null. I think it would automatically default to the default address book but I really don't know. I haven't found any info that says have a null value is bad but most info I see says to set it for all mailboxdatabases.
Find the name of the OFFLINE ADDRESS BOOK:
Get-OfflineAddressBook |select name
Now set the MAILBOXDATABASE to use that name:
Get-Mailboxdatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address Book (Ex2013)”
NOTES
Calendar Permissions can be set individually or by role. The DEFAULT permissions are:
ReadItems, CreateItems, EditOwnedItems, EditAllItems, CreateSubfolders, FolderVisible
Or another way to view the DEFAULT role is like this (the minus is what the role doesn't have):
ReadItems
CreateItems
EditOwnedItems
EditAllItems
CreateSubfolders
FolderVisible
-DeleteOwnedItems
-DeleteAllItems
-FolderOwner
-FolderContact
The EDITOR role permissions are:
ReadItems, CreateItems, EditOwnedItems, EditAllItems, FolderVisible, DeleteOwnedItems, DeleteAllItems
Or another way to view the EDITOR role is like this (the minus is what the role doesn't have):
ReadItems
CreateItems
EditOwnedItems
EditAllItems
-createsubfolders
FolderVisible
DeleteOwnedItems
DeleteAllItems
-FolderOwner
-FolderContact
GET PERMISSION TO MAILBOX
Sometimes getting the permissions to the mailbox helps:
Get-MailboxPermission foo.user
GET PERMISSION TO MAILBOX THAT IS ANOTHER USER
Sometimes it helps to see who else has permission to the mailbox:
Get-MailboxPermission foo.user |? {$_.IsInherited -ne "true" -and $_.User -ne "NT AUTHORITY\SELF"}
Another way is:
get-mailboxpermission foo.user |where { ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } |select user,accessrights,deny,inheritancetype
Which is the same as:
Get-MailboxPermission foo.user |? {$_.IsInherited -eq "$false -and $_.User -ne "NT AUTHORITY\SELF"} |select user,accessrights,deny,inheritancetype
CHANGE PERMISSION TO MAILBOX
Sometimes you need to change permissions on the mailbox:
Set-MailboxPermission foo.user -user foo.user2 -AccessRights FullAccess
ADD PERMISSION TO MAILBOX
Add-MailboxPermission foo.user -user foo.user2 -AccessRights FullAccess
REMOVE PERMISSION TO MAILBOX
remove-MailboxPermission foo.user -user foo.user2 -AccessRights FullAccess
SEE COMPLETE FOLDER STRUCTURE
Sometimes, seeing the complete folder structure of the mailbox helps:
get-MailboxFolder foo.user:\ -recurse
GET THE CALENDAR NAME
Sometimes getting the calendar name helps because it is changed from another language:
Get-MailboxFolderStatistics foo.user |where-object { $_.FolderType -eq "Calendar" } |select-Object Name
ADD CALENDAR FOLDER PERMISSIONS
Sometimes you need to add permissions to the calendar:
Add-MailboxFolderPermission foo.user:\calendar -User foo.user2 -AccessRights Editor
REMOVE CALENDAR FOLDER PERMISSIONS
Sometimes you need to remove permissions to the calendar:
remove-MailboxFolderPermission -Identity foo.user:\calendar -User foo.user2
SEE MAILBOXES IN ORGANIZATIONAL UNIT
Sometimes you need to see the email in a single AD OU:
get-mailbox -OrganizationalUnit "ou=where-ever,ou=whatever-users,dc=domain,dc=tld" -resultsize unlimited |get-mailboxstatistics |ft DisplayName,TotalItemSize,Itemcount
REMOVE CACHE SHARED CALENDAR FOLDERS IN OUTLOOK 2016:
Sometimes working off of cached shared calendar folders causes an issue and you need to remove the cache folders from OUTLOOK 2016:
-account-settings > email > change > more-settings > advanced
-uncheck "Download Shard Folders"
-restart OUTLOOK
REMOVE CACHE FOLDERS IN OUTLOOK 2016:
Sometimes working off of cached folders causes an issue and you need to remove all the cache folders from OUTLOOK 2016:
-account-settings > email > change
-uncheck "Use Cached Exchange Mode"
-click NEXT > FINISHED
-restart OUTLOOK