Recently there was a business demand for removal of meetings that were canceled in our resource mailboxes. Thought it was some sort of a bug but then saw that problem was “AutomateProcessing” attribute on these was set to “AutoUpdate” not “AutoAccept” (This can be checked using Get-CalendarProcessing cmdlet).
So when someone is scheduling a meeting form his own mailbox and is picking up room – creates a meeting, and later changes his mind and removes it, it still is hanging there visible as “Canceled: Subject of the meeting“. And each time (because of that “AutoUpdate”) someone manually needs to go there and remove it.
After reading a bit about that topic, I realized that PowerShell script I was about to write needs to use EWS and impersonation in Exchange.
There are few things you need before running the script:
- AD account used by the script
- Security Group that will contain people who will have impersonation rights (admns/service accounts)
- Distribution List that will contain room mailboxes – managed by admins/service accounts from Security Group
- Management Scope in Exchange – narrowing scope for members of the Distribution List
- Management Role Assigment – glue all that crap together – permission Security Group to Distribution List with “Application Impersonation” rights.
In commands it can look like:
1. Creating Distibution Group
New-DistributionGroup -Name ‘RoomImpersonationGroup‘ -Type ‘Distribution’ –OrganizationalUnit ‘contoso.com/Distribution Lists’ -SamAccountName ‘RoomImpersonationGroup’ -Alias ‘RoomImpersonationGroup’ –managedBy ‘PawelJarosz’
2. Creation of Exchange Management Scope:
$Grupa = Get-DistributionGroup -Identity “RoomImpersonationGroup”
New-ManagementScope “Room Mailboxes Impersonation” -RecipientRestrictionFilter “MemberOfGroup -eq ‘$($Grupa.DistinguishedName)'”
3. Creation of security group “ExchangeRoomImpersonation” in Active Directory
NEW-ADGroup –name “ExchangeRoomImpersonation” –groupscope Universal –path “OU=Offices,DC=Contoso,DC=local” -GroupCategory Security
4. Creation of new Exchange Assigment Role:
New-ManagementRoleAssignment -Name “Room Mailboxes Impersonation Assigment” -Role “ApplicationImpersonation” -CustomRecipientWriteScope “RoomImpersonationGroup” -SecurityGroup “ExchangeRoomImpersonation”
If you have all of that or you do not need to configure it as there are some service accounts you will use that are permissioned to impersonate globally – omit all these steps.
Some details about the script:
.SYNOPSIS DeleteCanceledMeetings.ps1 - Cancelled meetings removal script. .PARAMETER SearchStartDay (OPTIONAL) Specifies START date from which sript should start searching of appointments. If not specified the today's date is used. .PARAMETER SearchEndDay (MANDATORY) Specifies END date till which sript should start searching of appointments. .PARAMETER Room (MANDATORY) Specifies mailboxes from which cancelled meetings should be removed. As this is an array it accepts many mailboxes given after coma. .PARAMETER HardDelete (OPTIONAL) Triggers HardDelete action on cancelled meetings if equal "True". Without it it generates a on screen report. .EXAMPLE .\Get-MailboxPermissions.ps1 -SearchStartDay 10 -SearchEndDay 30 -Room Room1,Room2 Starts searching of meetings 10 days back and 30 days in front for 3 rooms Room1,Room2. Returns a on screen report. .EXAMPLE .\Get-MailboxPermissions.ps1 -SearchEndDay 90 -Room Room1,Room2,Room3 ` -HardDetele True Starts searching of meetings starting from current day and 90 days in front for 3 rooms Room1,Room2,Room3 and hard deletes them. Reruns a CSV report and a log file.
You need to modify these lines in order to get logging working:
And you are ready to go! 🙂
Please remember that when runnig the script:
Have fun with IT!