Applies To:
GroupID 9 and above – GroupID Management Shell, Self-Service, Automate
Business Case:
In GroupID, we have configured Office 365 as a messaging system in an Azure AD identity store. The messaging system is connected but when our users try to create mail-enabled distribution groups using the GroupID Self-Service portal, they receive the following error:
We have verified that all the required permissions are assigned to the users for creating groups in the identity store and GroupID can communicate with the messaging system. But the error message describes it as a permission error that prevents GroupID from connecting to Office 365/Exchange Online using service account credentials.
Solution:
An investigation into the issue revealed that a few Azure AD PowerShell components were missing on the GroupID server. As a result, mail-enabled groups could not be created in the Office 365 tenant using GroupID Self-Service.
To resolve the issue, install the following components on the GroupID server:
- MSOnline PowerShell module for Azure AD
- PowerShellGet module
- Exchange Online PowerShell module (main component)
This would allow users to create mail-enable groups in the Office 365 tenant using GroupID Self-Service portal and Azure AD PowerShell as well.
Steps:
Follow these steps to install the missing components.
-
On the GroupID server, launch Windows PowerShell and run the following scripts:
Import-Module MSOnline
Install-Module PowerShellGet -Force Note: Make sure the GroupID machine is connected to the internet before running the scripts. -
To install the ExchangeOnlineManagement module, we need PowerShellGet 2.0 or a later version. PowerShellGet is a module with commands for discovering, installing, updating, and publishing PowerShell artifacts like modules, DSC resources, role capabilities, and scripts.
After installing the PowerShellGet module, close Windows PowerShell and reopen it with admin (elevated) privileges. -
Now run the following script:
Install-Module –Name ExchangeOnlineManagement -
On installing the ExchangeOnlineManagement module, the EXO V2 cmdlets are imported into your Windows PowerShell session, and you can only see the new cmdlets in the module. On creating a session to the Exchange Online environment (see the step below), you can see the older remote PowerShell cmdlets.
-
Next, run the following cmdlet to create a session and verify if Exchange Online is installed successfully:
Connect-ExchangeOnline
It will prompt for username and password. Use a privileged account to log into the Azure AD tenant via PowerShell. If you do not receive any error after entering the credentials, it means you are successfully connected to Exchange Online.
After installing the missing components, mail-enabled distribution groups can be created via GroupID Self-Service and Azure AD Management Shell.
Recommendation:
It is recommended that you disable the default security setting in your Azure AD tenant properties in the Azure AD portal. Click here for details about the setting.
Convert a Mail-disabled Distribution Group to Mail-enabled:
Due to the missing components on the GroupID server, you have mail-disabled groups created in your directory. These group are useless unless they are mail-enabled.
To mail-enable them, launch GroupID Management Shell on the GroupID server machine and run the following cmdlet:
Enable-DistributionGroup -Identity "Distribution Group1" |
Reference:
GroupID Installation and Configuration Guide