This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 94%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi, I understand that devs are unable to add a member to a mail-enabled security group using Graph API. Hoping that is planned API that will be added to Graph.
Is there a way for synced AD users to be automatically added to a mail-enabled security group?
If so, how could I set this up and/or a script example I could use to accomplish that task automatically from Office 365 itself (or any of the admin centers) for any new AD user synced from Azure Connect?
Thanks!
Michel
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hi @Michel
Yes, I agree with Andy, dynamic group will be a good choice to meet your need, or you will need use task scheduler to run the script add users to the group.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
I am writing to see how everything is going on with this thread. If you still have further concern on this, please feel free to let us know.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in [our documentation][11] to enable e-mail notifications if you want to receive the related email notification for this thread.
You could create an Dynamic Group in Azure or Exchange Online based on some common criteria of the synced users. then you wouldnt have to script anything.
I prefer Azure groups myself
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-create-rule
Exchange Online:
Thanks for the reply to this.
I reviewed the links, but the issue is that the mail-enabled security group that I want to be automatically added for any synced AD user, already exist in the environment.
Plus I can't change it's 'Membership type' to be Dynamic User. But that is for a security or standard group. I think any mail-enabled security group must be managed through the Exchange admin center. They can't be managed through Azure AD which is why its not supported on Graph yet.
Hence, on the Exchange Admin Center, I don't know if a dynamic distribution group can be mapped to a mail-enabled security group. Because again, this mail-enabled security group already exist.
Any thoughts on that? Or is there something that I'm missing here.
Thank you!
Can you create a new group instead and use that? thats what I would do
Yeah, I can't create a new group since that is tied to SSO and several other cloud apps out there. But, it looks like whatever I need to do must be done through the Exchange Admin Center or Exchange Online PowerShell when it comes to managing 'Mail-enabled security groups' which are different compared to Microsoft 365 or Security groups which can be managed from Azure AD admin page.
I did look into the DDG on Exchange Online, but that doesn't provide any options for a DDG being mapped to a Mail-enabled security group with a particular set of conditions to match with a synced user.
Unless there are any other options I can consider, it seems that the ExO PS route is what I have to consider unfortunately and try to use within our existing Python scripts.
Thanks!