Forum Discussion
Deleted
May 25, 2017Having Issue Setting GroupCreationAllowedGroupId
I was able to create a template and apply nearly all the settings but GroupCreationAllowedGroupId. I didn't have any issue with my test environment. In production, powershell
throws no errors but everytime I run Get-AzureADDirectorySetting | ForEach Values, GroupCreationAllowedGroupId is blank. I verified the group to manage groups creation is in Azure AD. Below are the commands I have been using.
$group = Get-AzureADGroup | Where-Object {$_.DisplayName -eq “O365-GroupsAllowed”}
$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}
$settings["GroupCreationAllowedGroupId"] = $group.ObjectId
Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings
Any ideas?
It could be the Get-AzureADGroup call. The | Where-object clause iterates through all returned group objects to find the group you’re looking for. By default, Get-AzureADGroup returns only the first 100 objects in a directory. So if the group you’re looking for isn’t there, the statement will not return a value for ObjectId.
To get all group objects, try using Get-AzureADGroup -All $True
It could be the Get-AzureADGroup call. The | Where-object clause iterates through all returned group objects to find the group you’re looking for. By default, Get-AzureADGroup returns only the first 100 objects in a directory. So if the group you’re looking for isn’t there, the statement will not return a value for ObjectId.
To get all group objects, try using Get-AzureADGroup -All $True- Deleted
Drew Madelung I was able to set the GroupCreationAllowedGroupID but after 48 hours of waiting, the people in that group are still not able to create groups. All the other settings have been applied such as the data classifications, usage guidelines, and group creation(false). I verfied the ObjectID in the template and in Azure matched up, that all looks good. I am not sure what is going on.
Did you set any Group restriction settings directly in the Azure AD portal?
What kind of Group are you using, it cannot be an O365 Group. Other than that, without being able to see the full output, it's a guessing game. Maybe try configuring the setting via the MSOL cmdlets instead?
- Deleted
It is a security group.