This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 84%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi,
So our company recently migrated to Azure. We have a Hybrid AD setup. We use security groups so that members can access certain network folders via SMB. This all works. We also would like to use these security groups as a distribution group for e-mails so in Users & Computers I added an e-mail address and synced this with azure. In Azure it shows that the security group is "mail enabled" however, none of the members of the group is receiving an e-mail when in their personal mailbox when I send an e-mail to the security group. I expected the group to act like Google groups where if you send an e-mail to the group that every member is receiving a copy. Am I doing something wrong. We are still getting used to Azure and Outlook.
Edit:
It seems like only e-mails from internal addresses are not received by the group members. When I send an email from for example a Gmail account, everyone does receive it.
Thanks in advance!
So in the end I went through all solutions provided here and on the internet and couldn't make it work. I remade the groups in exchange online as a cloud group and now they work. This solution is good enough since we are planning to go full cloud in the near future.
that will work!
Hello @Michail ,
Thank you for posting the solution that worked in your environment. This will really help others in the community facing similar issue.
Thanks,
Akshay Kaushik
Mail-Enable the groups on-prem using the Exchange mgmt tools then sync again
https://learn.microsoft.com/en-us/powershell/module/exchange/enable-distributiongroup?view=exchange-ps
Thanks for your command. I installed Exchange Management tools, but I get "WARNING: No Exchange servers are available in the Active Directory site Default-First-Site-Name. Connecting to an
Exchange server in another Active Directory site." as an error when I try running the Exchange PowerShell and thus "Enable-DistributionGroup" is not recognized. Same issue if I just run it in the PowerShell.
Is Exchange installed? Did someone remove the last server?
We never used Exchange. We use Exchange online that was part of the 365 package. So I had to install it. It also seems like only e-mails from internal addresses are not received by the group member. When I send an email from for example a Gmail account, everyone does receive it.
Ok, If you are syncing with AADConnect its required that you have at least one Exchange Server on-prem for mgmt to be supported. Unless you are at the latest Exch 2019 CU and can follow these steps:
https://learn.microsoft.com/en-us/exchange/decommission-on-premises-exchange
If that is not possible, then you would need to update the attributes of these groups on-prem using ADUC or ADSIEDIT for example and add all the necessary data.
Can you look at another on-prem mail-enabled security group on-prem that is working and note the Exchange attributes that are set and update the security groups that arent working to match?
https://medium.com/gitbit/office-365-ad-connect-manage-groups-afe539ca017f
So the thing is we dont use hybrid exchange and thus also not onpremise. We just started using the cloud exchange recently as we migrated from Google Workspace to 365. Also it looks like the groups are synced. They are shown in Exchange and in azure. They show up as mail-enabled security groups. The only issue is that if an internal member is sending an email to that group, no one is receiving the e-mail. However, when it is someone sending an email outside the company, for some reason it does work. This is the case for every single group. So it looks like it is synced, but some function is not working.
Ill read up more on your last link. Maybe I am missing something there.
Ok, you said "I added an e-mail address and synced this with azure." and you have a "Hybrid AD setup" , so I assumed you were using AADConnect
So lets step back, when you send a message to internal users and its not delivered, what does message trace show for those messages?
So we do use "AAD Connect" but dont use "on-premise exchange". Hope that makes things clear. I looked into the Mailflow (should have maybe done that right away, but still getting used to Exchange) and got this error.
Error: 501 5.1.8 Your message couldn't be delivered because the email has no mail from address. See https://go.exclaimer.com/334 for more information (5fd7b8a0-c9c2-4922-b454-e8335c2c9559,6db944c5-c4b8-40d8-8c4b-2eab7bcfda75)
Seems like an issue with our cloud signature system.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 74%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Hi, we have similar experience with mail enabled security (and distribution) groups in Exchange online. Some members can receive the mail sent to the group (internal users/members, contacts and some guests), while others don't (other guests).
I have identified that these other guests were created this way:
Root cause: the guest account, which has been created while a contact exists, is corrupted - the attribute PrimarySmtpAddress is blank.
Solution: Delete the Contact and add the PrimarySmtpAddress.
Connect-ExchangeOnline
Set-MailUser -Identity prefix_suffix.com#EXT#@YourTenantName.onmicrosoft.com -PrimarySmtpAddress ******@suffix.com
Yes, as an alternative, you can delete both contact and corrupted guest account, also from deleted users in Entra ID, and create/invite a fresh guest account.
Repaired or fresh guest accounts can now receive mails as members of mail-enabled security groups.