Exchange Online User can't add users to onpremises distribution list?

Question

Hi,&nbsp;I migrated a few test users to Exchange Online, but they are Owners of an Distributions Group OnPremises, on my Exchange 2019.&nbsp;When they where OnPremises Mailboxes they are able to add and remove users to/from this group. On is superior of this group (I'm not shure, if I translated this right).We built explicitly an User Role:&nbsp;MyDistributionGroups,&nbsp;MyDistributionGroupMembership&nbsp;but now they can't make any changes at their group. With Online groups it is working, but I dont want to create all DL at the cloud during this test.&nbsp;Error:&nbsp;Änderungen an der Mitgliedschaft der öffentlichen Gruppen können nicht gespeichert werden. Sie besitzen nicht die erforderlichen Berechtigungen, um diesen Vorgang mit diesem Objekt auszuführen.&nbsp;&nbsp;in Englisch like:Changes to public group membership cannot be saved. You do not have the required permissions to perform this operation on this object.&nbsp;How can I grant this rights again for Online Users?

eliekarkafy · Answer

did you enable the group writeback feature using the Azure AD Connect ?https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-group-writeback-enable

krusty_the_admin · Answer

eliekarkafy&nbsp;&nbsp;Thank you, I‘ll communicate this here and try to geht a change.&nbsp;I give feedback of it works.

vasilmichev · Answer

That's the expected behavior, read here: https://learn.microsoft.com/en-us/exchange/troubleshoot/groups-and-distribution-lists/cannot-manage-dg

krusty_the_admin · Answer

Yes, this is right, but I want to manage OnPremises Distribution Group, not Online.
When my non Adminuser goes: https://outlook.office365.com/ecp/
I receive:

Fehler bei Vorgang für Identität "******", da sie außerhalb des Schreibbereichs für den aktuellen Benutzer lieFehler bei Vorgang für Identität "******", da sie außerhalb des Schreibbereichs für den aktuellen Benutzer liegt. Die Aktion 'Update-DistributionGroupMember', 'Identity,Membergt. Die Aktion 'Update-DistributionGroupMember', 'Identity,Members', kann nicht für das Objekt "******" durchgeführt werden, weil dieses Objekt von lokal synchronisiert wird. Diese Aktion sollte lokal für das Objekt durchgeführt werden.

Error in operation for identity '******' because it is outside the write range for the current userError in operation for identity '******' because it is outside the write range for the current user. The action 'Update-DistributionGroupMember', 'Identity,Membergt. The action 'Update-DistributionGroupMember', 'Identity,Members', cannot be performed for the object "******" because this object is synchronised from locally. This action should be performed locally for the object.

On local OWA I got:

Use the following link to open this mailbox with the best performance:
https://outlook.office.com/mail/email address removed for privacy reasons
X-FEServer IRSEX05
Date:5/24/2023 11:54:49 AM

eliekarkafy · Answer

You need to add members to the DL synced to azure from the local active directory and run the sync back to azure.

Forum Discussion

Exchange Online User can't add users to onpremises distribution list?

10 Replies

Resources