Forum Discussion

Robert Bollinger's avatar
Robert Bollinger
Iron Contributor
May 10, 2018

Mail Enabled Security Group, Migrated, Office 365 mailboxes. Hybrid Enviornment.

Hey Guys,

 

Strange issue (at least for me). We have a mail universal security group, that is being used to grant access to a series of conference room mailboxes as such:

get-MailboxFolderPermission -Identity <conference room name:\Calendar>

 

FolderName           User                 AccessRights   
Calendar             Default                      {None}
Calendar             Anonymous              {None}
Calendar             UserManager            {Editor}
Calendar             GroupName              {LimitedDetails}

 

The group named "Groupname" (not actual name) has about 100 users in it, and those 100 users were able to see the availability for the conference room and are also the only ones allowed to submit an InPolicyRequest to book the conference room. (when the group was on-prem, prior to migration).

 

Everything was working as expected. and then we decided to migrate the group the cloud so that the user who is the group manager could add and remove members to her hearts content without having to open a ticket every time.

 

Problem:

Now that the group has been migrated to the cloud, a newly added member (me) is unable to see the above availability. I am assuming that other members will also have the same problem.

 

Any ideas? Can a Cloud Group, not be used to grant access to a group of mailboxes that are hosted on office 365?

 

Thanks,

Robert

 

hybrid
office 365
On-Premises
security

5 Replies

Sort By
    • Robert Bollinger's avatar
      Robert Bollinger
      Iron Contributor
      May 11, 2018

      But this isn't necessarily cross-premise, the users and the group are all in the cloud.

       

      Robert

      • Paul Cunningham's avatar
        Paul Cunningham
        Steel Contributor
        May 14, 2018

        Replying here because Robert PM'ed me.

         

        Robert, not sure what "migrate the group the cloud" means... stopped syncing it from on-prem AD perhaps? Anyway, what you're looking at is a situation where you should set up a test case and compare results. I don't know an answer off the top of my head.

         

        Create a shared mailbox or conference room in the cloud, create a security group in the cloud, add a single user to the group, configure the permissions the way you want them, and see if it works.

         

        If the test case works, something has broken in that one particular scenario. Maybe removing and re-applying the permissions would fix it.

         

        If the test case has the same problem, maybe you've encountered something that just doesn't work. Open a support ticket and see what MS says about it.

         

        If you have luck (or no luck), share the results here so we can all see what happened.

         

        In the meantime, maybe someone who knows for sure will answer.

Resources