I am trying to add member in mail enabled security group using graph api, Is that possible?

Question

I was able to add or remove users from the mail-enabled security group using graph API. but suddenly it stopped working. I am getting an error that the mail-enabled group can not update.

Please refer your ms doc

Answer 1

Hi @Rakhesh Sasidharan , @Sourav Bhunia ,

I would like to share the latest update on this. As per mentioned in this documentation, managing mail-enabled security groups through Microsoft Graph are currently not possible. Mail-enabled security groups cannot be modified by Microsoft Graph as they are owned by Exchange Online and hence these groups need to be managed via Exchange Online PowerShell. Also, the documentation issue in this Group resource type documentation page has already been corrected for mail-enabled security groups.

Note: I have also upvoted for your feature request on managing mail-enabled security groups using MS graph API.

Hope this helps.

If the answer is helpful, please click "Accept Answer" , so that it will be useful for the other communinity users and kindly upvote it. If you have further questions about this answer, please click "Comment".

Answer 2

Just to add I too am facing the same issue and came across this post while Googling. Until the 20th of Oct the New-MgGroupMember cmdlet could add users to a mail enabled security group but now it fails.

New-MgGroupMember -GroupId 4938ba57-5e96-4a3e-b069-a066dd194a55 -DirectoryObjectId b269b48d-afa4-49ed-a26e-d684531b62c7
New-MgGroupMember_CreateExpanded1: Cannot Update a mail-enabled security groups and or distribution list.

Either the docs are now incorrect and Graph API doesn't allow adding users to mail enabled security groups, or there's a bug. I've also raised this as a GitHub issue with the docs team.

Answer 3

In case it helps anyone else... I have the luxury of falling back to ExO as I have creds for that too so I modified my code to do that. Here's a snippet:

New-MgGroupMember -GroupId $dstGroupId -DirectoryObjectId $UserObj.Id
    if ($? -eq $false) { 
        Write-Warning "==> Error adding $member via Graph, failing back to ExO" 
        try {
            Add-DistributionGroupMember -Identity "$dstGroupName" -Member $UserObj.mail -Confirm:$false -BypassSecurityGroupManagerCheck -ErrorAction Stop
        } catch {
            Write-Error "==> Error adding $member via ExO" 
        }
    }

This way I can keep my script working until this issue is fixed.

Answer 4

Hi,
I had a similar issue with a PowerAutomate which used to add a member to a mail-enabled security group. End of october it suddenly stopped working with the same error message.

I suppose the root of the problem is the same; I was trying to fall back to Graph tas a workaround but I see it's not possible with Graph either, at least for now.

Do we know if it is a bug or if that is meant to be like that ? In the Graph documentation I do see it's supposed to be possible to add a member to a mail-enabled security group.

Thank you
Francis

Answer 5

I just got a reply today to the GitHub issue I raised. Turns out you could add users to mail enabled groups previously via Graph API, but that was a bug... which they've now fixed. Also, the documentation is incorrect so MS will be correcting that. :-/

I raised a feature request for this here in case anyone wants to upvote.