Share via

Change mail enabled security group to security group when its not found in Exchange

Daniel Kaliel 1,266 Reputation points
2023-05-03T22:49:36.3566667+00:00

We are in a hybrid setup with on-premises AD syncing to Azure and an on-premises exchange that is for management purposes only.

We have a security group in on-premises AD called yyy-all, it does not show up in our Exchange on-premises as a mail enabled group either in the web interface or PowerShell. However, it does show up as a mail enabled security group in Exchange Online. I have tried to hide this group from the GAL but even with HiddenFromAddressListsEnabled set to True it still shows up in everyone's address book (not a sync issue, it shows as true in Exchange Online as well and we have wait several days for the GAL to update, still there.)

I can't run disable-distributiongroup in on-premises exchange because it doesn't find it. There doesn't appear to be a disabled-distributiongroup for Exchange Online.

I'm stumped as to how it was created as a distribution group in Exchange Online, and as to how to fix this issue. My guess is that someone else attempted to disable the group and didn't do it properly.

Any thoughts?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,244 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,386 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,503 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kael Yao-MSFT 37,676 Reputation points Microsoft Vendor
    2023-05-04T05:32:11.31+00:00

    Hi @Daniel Kaliel,

    Please follow this documentation to set the msExchHideFromAddressLists attribute to true in on-premises AD:

    Mail-enabled security group isn't hidden from GAL after directory synchronization in a hybrid deployment

    And see if it can help with this issue.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.