daknetworks.com

You are here: Blog Outlook 2016 Calendar Sharing - "You Don't Have Permission To Create An Entry In This Folder"

Outlook 2016 Calendar Sharing - "You Don't Have Permission To Create An Entry In This Folder"

Outlook 2016 Calendar Sharing - "You Don't Have Permission To Create An Entry In This Folder"

SCENARIO

You try and share a calendar in Outlook 2016. When the person who has EDITOR accessrights adds the shared calendar to their Outlook, they get the following message:
"You Don't Have Permission To Create An Entry In This Folder...."

outlook-2016-calendar-sharing-permission-denied

RESOLUTION

There can be many reasons why this is happening. Ultimately it is a permission issue or a cache permission issue.

1-check to see if the calendar has the correct permissions.

Show Calendar Permissions
Get-MailboxFolderPermission foo.user:\calendar

Add Calendar Permissions
Add-MailboxFolderPermission foo.user:\calendar -User foo.user2 -AccessRights Editor

The non-working mailbox calendar has the correct permissions and it still doesn't work.

2-temporarily change the primary smtp address on the shared account.

Don't ask me why but I've witnessed that if the shared account ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) changes the primary smtp email address domain ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) sometimes the person trying to access the calendar can suddenly edit the calendar if they remove the calendar and add it back in. Here's how...

On OUTLOOK where you are trying to access the shared calendar:
-click CALENDAR (bottom-left).
-find OTHER CALENDARS.
-right-click on the calendar-name.
-click DELETE CALENDAR (don't worry, this only removes the calendar. It doesn't actually delete the calendar).
-close OUTLOOK.

-change primary smtp via ECP (web interface) from This e-mail address is being protected from spambots. You need JavaScript enabled to view it to: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

-open OUTLOOK.
-be sure address is updated in ADDRESS-BOOK (global-address-list).

-click CALENDAR (bottom-left).
-find OTHER CALENDARS.
-right-click OTHER CALENDARS > ADD CALENDAR > OPEN SHARED CALENDAR.
-type in the name of the person.
-click OK.
-wait about 10 seconds.

WORKS WITH NEW DOMAIN!!! And can edit the calendar.

-remove the shared calendar (same as above).

-change primary smtp via ECP (web interface)from This e-mail address is being protected from spambots. You need JavaScript enabled to view it to: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

-added calendar (same as above).

WORKS WITH ORIGINAL DOMAIN!!! And can edit the calendar.

It is important to note that changing via Exchange Management Shell (EMS) did not work and resulted in the original error.

$Set-Mailbox foo.user -PrimarySmtpAddress This e-mail address is being protected from spambots. You need JavaScript enabled to view it
$Add-MailboxFolderPermission foo.user:\calendar -User foo.user2

I'm not sure if this is an emailaddresses issue. Or a missing value in one of the keys that is changed in the ECP and not in the EMS. Or if it is a global-address cache issue. Or if it a GAL sync issue that takes time. All I can tell you is that I performed the steps above and it worked. Took me a good 30 hours or so to figure that out.

In any event, I checked the following but nothing produced any meaningful results concerning this issue:
$Get-mailboxpermission foo.user |fl
$Get-Mailbox foo.user| Select-Object -ExpandProperty EmailAddresses
$Get-CalendarProcessing foo.user |fl
$Get-CASmailbox foo.user| fl

3-check the offlineaddressbook setting for the mailboxdatabase

Somewhere along the line during initial install, a CU update or creation of a new mailboxdatabase, the OFFLINEADDRESS book key is blank/null. I think it would automatically default to the default address book but I really don't know. I haven't found any info that says have a null value is bad but most info I see says to set it for all mailboxdatabases.

Find the name of the OFFLINE ADDRESS BOOK:

Get-OfflineAddressBook |select name

Now set the MAILBOXDATABASE to use that name:

Get-Mailboxdatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address Book (Ex2013)”

NOTES

Calendar Permissions can be set individually or by role. The DEFAULT permissions are:
ReadItems, CreateItems, EditOwnedItems, EditAllItems, CreateSubfolders, FolderVisible

Or another way to view the DEFAULT role is like this (the minus is what the role doesn't have):
ReadItems
CreateItems
EditOwnedItems
EditAllItems
CreateSubfolders
FolderVisible
-DeleteOwnedItems
-DeleteAllItems
-FolderOwner
-FolderContact

The EDITOR role permissions are:
ReadItems, CreateItems, EditOwnedItems, EditAllItems, FolderVisible, DeleteOwnedItems, DeleteAllItems

Or another way to view the EDITOR role is like this (the minus is what the role doesn't have):
ReadItems
CreateItems
EditOwnedItems
EditAllItems
-createsubfolders
FolderVisible
DeleteOwnedItems
DeleteAllItems
-FolderOwner
-FolderContact

GET PERMISSION TO MAILBOX

Sometimes getting the permissions to the mailbox helps:
Get-MailboxPermission foo.user

GET PERMISSION TO MAILBOX THAT IS ANOTHER USER

Sometimes it helps to see who else has permission to the mailbox:
Get-MailboxPermission foo.user |? {$_.IsInherited -ne "true" -and $_.User -ne "NT AUTHORITY\SELF"}

Another way is:
get-mailboxpermission foo.user |where { ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } |select user,accessrights,deny,inheritancetype

Which is the same as:
Get-MailboxPermission foo.user |? {$_.IsInherited -eq "$false -and $_.User -ne "NT AUTHORITY\SELF"} |select user,accessrights,deny,inheritancetype

CHANGE PERMISSION TO MAILBOX

Sometimes you need to change permissions on the mailbox:
Set-MailboxPermission foo.user -user foo.user2 -AccessRights FullAccess

ADD PERMISSION TO MAILBOX

Add-MailboxPermission foo.user -user foo.user2 -AccessRights FullAccess

REMOVE PERMISSION TO MAILBOX

remove-MailboxPermission foo.user -user foo.user2 -AccessRights FullAccess

SEE COMPLETE FOLDER STRUCTURE

Sometimes, seeing the complete folder structure of the mailbox helps:
get-MailboxFolder foo.user:\ -recurse

GET THE CALENDAR NAME

Sometimes getting the calendar name helps because it is changed from another language:
Get-MailboxFolderStatistics foo.user |where-object { $_.FolderType -eq "Calendar" } |select-Object Name

ADD CALENDAR FOLDER PERMISSIONS

Sometimes you need to add permissions to the calendar:
Add-MailboxFolderPermission foo.user:\calendar -User foo.user2 -AccessRights Editor

REMOVE CALENDAR FOLDER PERMISSIONS

Sometimes you need to remove permissions to the calendar:
remove-MailboxFolderPermission -Identity foo.user:\calendar -User foo.user2

SEE MAILBOXES IN ORGANIZATIONAL UNIT

Sometimes you need to see the email in a single AD OU:
get-mailbox -OrganizationalUnit "ou=where-ever,ou=whatever-users,dc=domain,dc=tld" -resultsize unlimited |get-mailboxstatistics |ft DisplayName,TotalItemSize,Itemcount

REMOVE CACHE SHARED CALENDAR FOLDERS IN OUTLOOK 2016:

Sometimes working off of cached shared calendar folders causes an issue and you need to remove the cache folders from OUTLOOK 2016:
-account-settings > email  > change > more-settings > advanced
-uncheck "Download Shard Folders"
-restart OUTLOOK

REMOVE CACHE FOLDERS IN OUTLOOK 2016:

Sometimes working off of cached folders causes an issue and you need to remove all the cache folders from OUTLOOK 2016:
-account-settings > email  > change
-uncheck "Use Cached Exchange Mode"
-click NEXT > FINISHED
-restart OUTLOOK

Contact Dak Networks

We are not taking on new clients at this time.