“You do not have sufficient permission to perform this operation on this object. See the folder contact or your system administrator.”
This message has haunted me for a number of months. I originally had set up calendar sharing permissions between my management team to allow for easy viewing of each others’ schedules. This is a total PITA to do by logging into each users’ Outlook and manually sharing the calendar. I wanted to allow the users to open specific calendars at will, but didn’t want to have to interact with my users in the process.
To set these permissions, I used PFDAVAdmin, a free tool from Microsoft that allows you to manipulate Exchange data. I created a mail-enabled security group in Exchange and added all the users to this group. I then went through with PFDAVAdmin and gave this group “Reviewer” permissions on each users’ calendar within their mailbox. This worked fine for a while. Then all of a sudden I started receiving the message quoted at the beginning of this article when new users opened shared calendars that they supposedly had permissions to view.
I had to change a few things to resolve this, and I still don’t know what caused it to begin with.
First, using PFDAVAdmin, I verified that the user did not have permissions set on the calendar object that were less than the group had. For example, for some reason my user had the “Folder Visible” permission while the group he was a member of had the “Reviewer” permission. Why he had “Folder Visible” to begin with is another story, but I removed his individual account from the DACL.
Next, I had to modify the “Freebusy Data” object in the user’s mailbox. For some reason adding users/groups to the DACL of the calendar object wasn’t automatically updating the Free/Busy object. I went into this object in each user’s mailbox and again added the group and granted them the “Reviewer” permission. This fixed the problem with shared calendar data not appearing in Outlook and got rid of the error message.
A side note: I found that some users attempted to share their calendar with “Everyone”, which resulted in the “Folder Visible” permission assigned to “\Everyone” in the DACL within PFDAVAdmin. This caused strange things to happen, such as shared calendars opening and displaying data, yet the user received the “insufficient permission” error from above. I removed “Everyone” from the DACL (or changed the permission to “Reviewer”), and this made those problems go away.
How to use PFDAVAdmin:
1. Open program and click File –> Connect
2. Input the mailbox server’s name in “Exchange Server” field and a DC with the Global Catalog in the “Global Catalog” field
3. Under Connection, select “All Mailboxes”. Click OK.
4. Expand the mailbox of the user you’re working on. The “Freebusy data” object is directly below the user. To edit the DACL, right-click the object and select “Folder Permissions”.
5. Click “Add” in the “Permissions” windows. Type the name of the mailbox you wish to add permissions for (ie john.doe if I’m giving John Doe reviewer access to the selected mailbox). Click search to find the user. Then click OK.
6. Select the user in the name list (back in the Permissions window), then select the desired permissions in the drop-down box. Then click “Commit Changes”.
The “Calendar” object can be found under the “Top of Information Store” object in the users’ mailbox.