Forum Discussion
Deleted
May 25, 2017Having Issue Setting GroupCreationAllowedGroupId
I was able to create a template and apply nearly all the settings but GroupCreationAllowedGroupId. I didn't have any issue with my test environment. In production, powershell throws no errors but ev...
- May 30, 2017
It could be the Get-AzureADGroup call. The | Where-object clause iterates through all returned group objects to find the group you’re looking for. By default, Get-AzureADGroup returns only the first 100 objects in a directory. So if the group you’re looking for isn’t there, the statement will not return a value for ObjectId.
To get all group objects, try using Get-AzureADGroup -All $True
May 30, 2017
It could be the Get-AzureADGroup call. The | Where-object clause iterates through all returned group objects to find the group you’re looking for. By default, Get-AzureADGroup returns only the first 100 objects in a directory. So if the group you’re looking for isn’t there, the statement will not return a value for ObjectId.
To get all group objects, try using Get-AzureADGroup -All $True
Deleted
Jun 05, 2017Drew Madelung I was able to set the GroupCreationAllowedGroupID but after 48 hours of waiting, the people in that group are still not able to create groups. All the other settings have been applied such as the data classifications, usage guidelines, and group creation(false). I verfied the ObjectID in the template and in Azure matched up, that all looks good. I am not sure what is going on.
- Jun 07, 2017
Did you set any Group restriction settings directly in the Azure AD portal?
- matt wrightJun 06, 2017Copper Contributor
Found out after wasting a day or so that the Azure AD setting and the MSOL setting are not the same. You have to enable the MSOL setting in order for the Azure AD setting to take effect. If you have group creation turned off via MSOL (set-msolcompanysettings -UsersPermissionToCreateGroupsEnabled $false), the Azure AD settings and specifically the override group will not take effect. In this scenario global admins can create groups but no one else can.