Forum Discussion
Having Issue Setting GroupCreationAllowedGroupId
It could be the Get-AzureADGroup call. The | Where-object clause iterates through all returned group objects to find the group you’re looking for. By default, Get-AzureADGroup returns only the first 100 objects in a directory. So if the group you’re looking for isn’t there, the statement will not return a value for ObjectId.
To get all group objects, try using Get-AzureADGroup -All $True
It could be the Get-AzureADGroup call. The | Where-object clause iterates through all returned group objects to find the group you’re looking for. By default, Get-AzureADGroup returns only the first 100 objects in a directory. So if the group you’re looking for isn’t there, the statement will not return a value for ObjectId.
To get all group objects, try using Get-AzureADGroup -All $True
Drew Madelung I was able to set the GroupCreationAllowedGroupID but after 48 hours of waiting, the people in that group are still not able to create groups. All the other settings have been applied such as the data classifications, usage guidelines, and group creation(false). I verfied the ObjectID in the template and in Azure matched up, that all looks good. I am not sure what is going on.
Did you set any Group restriction settings directly in the Azure AD portal?
Found out after wasting a day or so that the Azure AD setting and the MSOL setting are not the same. You have to enable the MSOL setting in order for the Azure AD setting to take effect. If you have group creation turned off via MSOL (set-msolcompanysettings -UsersPermissionToCreateGroupsEnabled $false), the Azure AD settings and specifically the override group will not take effect. In this scenario global admins can create groups but no one else can.
