Remove-CalendarEvents fails when using -ErrorAction STOP

2
votes

When using Remove-CalendarEvents -PreviewOnly I can retrieve meeting events, and even delete them on test accounts. However when I add -ErrorAction Stop to the command I get new errors on AD accounts that previously did not throw any errors.

The try\catch block is used to catch errors thrown when a user's mailbox cannot be found. And this part works. However the try\catch also catches a new error:

The "ErrorAction" parameter can't be used on the "Remove-CalendarEvents" cmdlet because it isn't present in the role definition for the current user. Check
the management roles assigned to you, and try again.
At C:\Users\O365ExchangeAdmin\AppData\Local\Temp\tmp_waex0o3a.tea\tmp_waex0o3a.tea.psm1:55507 char:9
+         $steppablePipeline.End()
+         ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Remove-CalendarEvents], CmdletAccessDeniedException
    + FullyQualifiedErrorId : [Server=CY4PR0101MB2935,RequestId=ba4d86db-d362-432d-9892-4ea92b503356,TimeStamp=7/18/2019 7:18:03 PM] [FailureCategory=Cmdlet-C
   mdletAccessDeniedException] 896C46A1,Microsoft.Exchange.Management.StoreTasks.RemoveCalendarEvents
    + PSComputerName        : outlook.office365.com

When I remove the -ErrorAction STOP parameter, the command completes successfully, and lets me view meeting events. However if I don't have -ErrorAction STOP then I cannot log when my script fails on an account because it doesn't have a mailbox.

Try{
    $output = Remove-EXOCalendarEvents -Identity $user.UserPrincipalName -QueryStartDate (Get-Date) -PreviewOnly -CancelOrganizedMeetings -Confirm:$false
}Catch [System.Management.Automation.RemoteException] {
    LogWrite "$($user.Name) could not be found, most likely they do not have a mailbox"
}

Also removing the [System.Management.Automation.RemoteException] does not change the results.

Any help you can provide would be very much appreciated, Thanks!

1
powershellactive-directoryoffice365exchange-server
Check if you're allowed to use this parameter on that command. Use two cmdlets from that articleRobert Dyjas
Looking at the ManagementRoleEntry I do not have access to ErrorAction. I won't be able to update this until tomorrow, but I will and try again. Thanks for the comment, this looks like it will work!Hunter

1 Answers

2
votes

The error you have received is saying that you're not authorized to run that command with that specific parameter. In Exchange Server, such permissions are managed by using Management Roles. You can check this article to learn more.

To check if you're able to run any cmdlet with specific parameter you can use the following script:

# Define what you're looking for
$user   = '[email protected]'
$cmdlet = 'Remove-CalendarEvents'
$param  = 'ErrorAction'

# Find all your assignments
$assignments = Get-ManagementRoleAssignment -RoleAssignee $user -Delegating $false

# Find cmdlets you can run and filter only the one you specified
$assignments.role | Foreach-Object {Get-ManagementRoleEntry "$_\*" | Where-Object {$_.Name -eq $cmdlet -and $_.Parameters -contains $param}}

In last line we're iterating all the roles assigned to you and checking role entries. Their format is RoleName\CmdletName so we're using * (wildcard) to get all. After last pipeline you're filtering only the results you want using Where-Object cmdlet.