Public Folder Calendar invalid permissions

Have come across this error quite a few times and it can cause a bit of a headache to figure this all out. Please follow the steps below to get it fixed – note your milage may vary as each and every environment is slightly different.

The following error is received when assigning permissions.

The user “username” was found in Active Directory but isn’t valid to use for permissions. Try an SMTP address instead.

Odd error message – let’s check permissions on the calendar item.

Seems the Mailbox and Calendar are both happy and the new permission have not been assigned.

Next up let’s try to change the group from Distribution to Security and do an AD sync to Azure.

Unfortunately the same error message is received upon attempting to assign permissions.
Now let’s verify that AD Sycn worked using Get-Group command.

Notice it has the correct group type. As a last resort fire up ADSI edit and check for MSExchRecipientDisplayType and most likely it will show up with value 1. Reason of this valus could be that this distribution group was created on Exchange 2003 and later on migrated to a newer version of Microsoft Exchange.
Exchange online will not allow open distribution groups hence it need to be closed down.

Refresh ADSI edit and check the value – it should be 1073741833 this time.

Perform another AD sync verify changes in the Sync service logs. Notice new value changed from “1” to “1073741833” as expected.

Try adding permissions again by running
“Add-MailboxFolderPermission -Identity sharedmailbox:\Calendar -User groupname -AccessRights levelofaccess” again and check permissions on the Calendar folder.

Now with permissions set on the new Shared Mailbox Calendar it’s time to move back to on-prem and check permission on the Public folder we want to migrate to Office365.

Get-PublicFolderClientPermission “\Publicfolder\Subfolder”

Important to note if the target folder is under a nested location assign permissions eg. Owner to the root. In this case above add permission on Publicfolder

Add-PublicFolderClientPermission “\Publicfolder” -User adminuser -AccessRights Owner

Issue Get-PublicFolderClientPermission “\Publicfolder\Subfolder” command again to confirm Owner permission has propagated down to the nested groups.

When ready fire up Outlook configure it with the Admin profile and navigate to this specific Public folder.
Given the Public folder is primarily used for Calendar entries we will export the content to a *.pst file. Depending on the version of Outlook go to Import/Export > Export to a file > choose pst > Select the Calendar need exporting, tick include subfolders > select location > set password if you wish.
Leave Outlook to export the data and when completed open the new pst file in Outlook and check for differences between the live Public folder and the new backup.

Next step assign FullAccess permission to the cloud admin user for the new Room Mailbox

Add-MailboxPermission -Identity roommailbox -User adminuser -AccessRights FullAccess

Open up Outlook with a cloud mailbox and Open the PST again.
Activate the Calendar from the Outlook Data file > click View > Change view > select list
Highlight all items and copy the whole lot to the new Room mailbox calendar – it should show up if using Outlook 2013 and up otherwise it may need adding in manually.

Disclaimer here!

Leave a Reply

Your email address will not be published. Required fields are marked *