Sunday, April 29, 2018

Office 365: Mail disable an on premises security group…

April 29, 2018 Microsoft , Tech 0 Comments

Administrators may enable security groups on premises as distribution groups. 

[PS] C:>Get-DistributionGroup BlogSecurityGroup


Name              DisplayName       GroupType                  PrimarySmtpAddress
----              -----------       ---------                  ------------------
BlogSecurityGroup BlogSecurityGroup Universal, SecurityEnabled BlogSecurityGroup@domain.org

Azure Active Directory Connect will provision these groups and they will appear as mail enabled objects in Exchange Online.

PS C:> Get-DistributionGroup BlogSecurityGroup


Name              DisplayName       GroupType                  PrimarySmtpAddress
----              -----------       ---------                  ------------------
BlogSecurityGroup BlogSecurityGroup Universal, SecurityEnabled BlogSecurityGroup@domain.org

There may be requirements to remove the mail enabled attributes of the group.  This is done on premises through disable-distributiongroup.

[PS] C:>Disable-DistributionGroup BlogSecurityGroup


Confirm
Are you sure you want to perform this action?
Disabling distribution group "BlogSecurityGroup" will remove the Exchange properties from the Windows group object.

When the distribution group has been disabled it still appears in Exchange Online as a mail enabled group.  In this instance with a proxy address that defaults to the default onmicrosoft.com domain.

PS C:> Get-DistributionGroup BlogSecurityGroup


Name              DisplayName       GroupType                  PrimarySmtpAddress
----              -----------       ---------                  ------------------
BlogSecurityGroup BlogSecurityGroup Universal, SecurityEnabled BlogSecurityGroup@domain.onmicrosoft.com

If the group must be completely removed from Exchange Online – the associated MSOL object must be removed.

PS C:> Get-MsolGroup -SearchString BlogSecurityGroup


ObjectId                               DisplayName                GroupType                  Description
--------                               -----------                ---------                  -----------
c2d0b7df-f0d5-4f0a-9470-edfa56e4910e   BlogSecurityGroup          MailEnabledSecurity



PS C:> Get-MsolGroup -SearchString BlogSecurityGroup | Remove-MsolGroup


Confirm
Continue with this operation?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y

Exchange Online will receive notification that the group has been removed and fully clean up the associated distribution group object.

PS C:> Get-DistributionGroup BlogSecurityGroup
The operation couldn't be performed because object 'BlogSecurityGroup' couldn't be found on
'CO1PR06A002DC01.NAMPR06A002.prod.outlook.com'.
     + CategoryInfo          : NotSpecified: (:) [Get-DistributionGroup], ManagementObjectNotFoundException
     + FullyQualifiedErrorId : [Server=DM6PR06MB4026,RequestId=62703e0c-3437-49b9-9b84-be6253159d2e,TimeStamp=4/29/2018
     6:18:49 PM] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] FC078746,Microsoft.Exchange.Management.RecipientTasks.GetDistributionGroup
     + PSComputerName        : ps.outlook.com

If the group still exists on premises Azure AD Connect will recreate it as a security enabled group during the next synchronization cycle.



from TechNet Blogs https://ift.tt/2Fq01pR
By v�o l�c
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)