-->

Sunday, March 5, 2017

Exchange Restrict Room Mailbox Booking For A Certain Group

We recently migrated from Notes to Exchange 2016, and while most users are happy with the way Exchange/Outlook works, some don't want to change and like the way Notes used to handle certain things; like who has access to book meetings rooms. The problem is: it creates more work because as the Exchange administrator, I have to now individually manage each room instead of letting the booking delegates do it, but oh well :)

Luckily with PowerShell, settings booking permissions is simple!

First, create a Security Group and add the members who will be allowed to book a room. Yes, you can create a distribution group, but I prefer to use security groups when assigning permissions to anything...I'm also OCD about keeping my AD/Exchange clean ;)

Once you have your group built, lets call it "Room 1 Allowed" run the following cmdlets in the Exchange Management Shell (EMS):

Set-CalendarProcessing "Room 1" -AllBookInPolicy $false

Set-CalendarProcessing "Room 1" -RequestInPolicy $none

Set-CalendarProcessing "Room 1" -BookInPolicy "Room 1 Allowed"

**Note** Change "Room 1" to the name of your Room Mailbox.

To see the permissions on the Room calendar, run:

Get-CalendarProcessing "Room 1" | fl

You should see that the Security Group you added in the "BookInPolicy" is in there.

Now, have a member of the group try to book the room and it will be successful. And have someone not in the group try, and they'll get a warning message saying the meeting was rejected because they aren't allowed.

Posted by at
Labels: ,

4 comments:

  1. Keyboard WarriorJanuary 8, 2018 at 12:35 AM

    Why would they take it out of the GUI where it takes a few seconds and you can see everything and make changes easily?

    Just migrated to Exchange 2016 from 2010 and I have over 100 Rooms, Cars, Resources etc to do and now I have to sit here for hours manually pumping powershell scripts through it and checking the results to make sure every command works fine ... *sigh* :(

    Cheers for the assist with the commands!

    ReplyDelete
    Replies
    1. Stacey BranhamJanuary 8, 2018 at 10:46 AM

      Yeah I don't know why MS decided to remove a bunch of stuff from the EAC...super annoying!
      Job security though, since there's still tons of admins who refuse to learn PowerShell ;)

      Delete
  2. UnknownJanuary 24, 2018 at 1:21 PM

    Your steps works perfectly! But I was wondering if we can control the message sent back to the user not unauthorized to book this room? So far if I removed myself from the room BookInPolicy I don't receive any message about not being authorized.

    ReplyDelete
  3. SetubondMay 7, 2021 at 3:06 PM

    Is it possible to restrict the view of the exchange room mailbox to a certain security group as well?

    ReplyDelete