Having issues with security group unable to add users to alias

Question

I am adding user to alias for a security group in exchange admin center throws error wont allow to add.

what is the best way to add and user is part of the member for the group and wont receive any emails either

Answer 1

Hi Priya Moorthy

Thank you for reaching out to Microsoft Q&A

In a Hybrid Exchange environment with Azure AD Connect (DirSync), the security group (or mail-enabled security group) is typically “on-premises mastered.” That means Exchange Online / the Exchange admin center in Microsoft 365 won’t allow you to directly change certain attributes for that synced group, and you’ll see errors when trying to add/update them in the cloud UI.

Microsoft’s guidance is that synced groups must be managed using on-premises Exchange tools, then the changes will synchronize to Microsoft 365, so you can follow the instructions below:

1/ Determine whether the group is synchronized (DirSync) or cloud-only

If the group is synchronized from on-premises, you must make alias/email address changes on-premises and let AAD Connect sync them to Exchange Online.

2/ For DirSync (on-premises mastered) groups: update on-premises, then sync

Manage the group using on-premises Exchange tools (Exchange Admin Center / Exchange Management Shell). After you update the alias/email addresses on-premises, allow directory synchronization to replicate the change to Microsoft 365 (or trigger a sync if you need it reflected sooner).

3/ Validate mail delivery behavior for the group

Confirm the object is a mail-enabled security group and review its mail settings in EAC (recipients/groups). Mail-enabled security groups are managed through EAC, and Microsoft documents the supported management paths and what can be configured (including email address properties).

Hope my answer will help you.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".   

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.  

Answer 2

When you encounter issues adding users to an alias for a security group in Exchange, it could be due to the design limitations of Exchange Server. Specifically, if you are trying to grant delegate permissions or add users to a mail-enabled security group, you may face restrictions. Here are some steps you can take:

1. Check Permissions: Ensure that you have the necessary permissions to modify the security group and add users to it.
2. Use an Outlook Client: If you're using the Outlook Web App and facing issues, try using an Outlook client instead to grant permissions or add users.
3. Review User Status: Make sure that the user you are trying to add is not already a member of the group or has conflicting attributes that prevent them from being added.
4. Mail-Enabled Security Groups: Remember that users cannot add or remove themselves from mail-enabled security groups; this must be done by a group owner.
5. Non-Delivery Reports: If the group contains non-mail-enabled members, you may receive non-delivery reports (NDRs) when sending messages to the group. Ensure all members are mail-enabled to avoid this issue.

If these steps do not resolve the issue, consider checking the Exchange documentation for more specific guidance or troubleshooting steps related to your version of Exchange.

---

References:

• Manage mail-enabled security groups in Exchange Server
• Error in Outlook Web App when Exchange Server 2013 users try to grant Delegate permissions to a security group: Sharing invitation couldn't be sent