Forum Discussion
Nesting Groups
Just use Distribution lists if that's all you want, they are entirely just as available as they have ever been, fully support nesting etc.
Alternatively if you read up, TonyRedmond explains that you can nest an Office 365 group within a DL via powershell if you absolutely must.
I'm was mainly just pointing out another feature limitation, that is available in shared mailboxes. All I wanted to do was to simply add the office 365 group email address to a distribution group. Can't be done. So what I had to do was create a contact email address using another domain that we have control over, I set that email to forward back to the office 365 group, then I added the contact email to the distribution group. This works, but there is no reason we should have to go through this just to accomplish a simple task, other than the fact office 365 groups are still somewhat undeveloped at this time.
You can add an Office 365 Group to a distribution group with PowerShell.
Add-DistributionGroupMember -Id DL -Member O365Group
Just because the GUI doesn't allow something doesn't mean that it cannot be done. This is why I recommend that all Office 365 Admins understand how to use and exploit PowerShell.
Or you could just read Office 365 for IT Pros and learn all the tips we have in that book... ;-)
TonyRedmondIs this no longer functional? I have used it a few weeks ago, but now it doesn't matter what combination of DL and Group I use in my tenant, it gives me an error.
An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. Detailed error message: A Unified Group cannot be added as a member of a Distribution List or Security Group or Elevated Group. paramName: Members, paramValue: , objectType: Microsoft.Online.DirectoryServices.Group RequestId : 619ff911-e67b-4bcf-abb7-89f3a4cb6500 The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information. + CategoryInfo : NotSpecified: (:) [Add-DistributionGroupMember], UnableToWriteToAadException + FullyQualifiedErrorId : [Server=CY4PR08MB2934,RequestId=6b0833cd-2fa1-4674-8b1b-7e65ffaefae4,TimeStamp=4/15/2021 1:45:06 PM] [FailureCategory=Cmdlet-UnableToWriteToAadException] 586CF1B6,Microsoft.Exchange.Management.Recipient Tasks.AddDistributionGroupMember + PSComputerName : outlook.office365.com- Looks like Microsoft has updated Add-DistributionGroupMember to stop people adding Microsoft 365 Groups to DLs. Oh well...
Hello TonyRedmond
Thanks for the PowerShell trick. I have added an Office 365 group as a member of a DL, finally.
But when I send email to the DL, the emails go to members of Office 365 group (like a DL). The Office 365 group itself didn't get the email. I tried to track emails, it seems Exchange Online expands the Office 365 group like a DL, instead of sending email to it. It never happens If I send an email directly to Office 365 group (it goes to the group mailbox) in Outlook.
SAD..I only have the half solution.
Just an FYI to anyone here
The fact that you can't nest, or nest into, 365 groups is ridiculous but you can work around using powershell, either in Azure automation or even in your on-prem AD server.
Create a script that collects members of desired "nested group" (security group, distribution list, AD synced group etc) and then adds any that are missing to the "nest group" (365 dynamic or static group). Or vice versa as was described already. I for one don't like having a bunch of automated processes to accomplish a simple task, but that is where we are at the moment
I wish it was possible out of the box, people nest groups in AD all the time serving dual purpose as both ACL security groups and distribution lists. If you are well organized this works great. Now we are forced to duplicate groups and create slew of new management tasks.
The fact that so much of 365 is actually good stuff makes shortcomings like this even more frustrating. It's like buying a Snickers bar with only a couple peanuts in it. Sure you got the chocolate and stuff but you really want the crunch as well
Thanks wcsand. I get it. I am hoping Microsoft fixes this shortcoming soon.
The problem was the members of most established DL (gets important emails) started using Office 365 group. Now they want to get those emails to the DL to this Office 365, but I should not delete the DL (& move the email address to the Office 365 group).
Different logic is used when you address email to a DL than to an Office 365 Group, which is what you're seeing. The logic to expand and create copies for everyone in a DL treats all recipients as equal. But when a group is addressed, the group gets a copy too.
I always forget about the eternal battle between gui and command line, but I still prefer gui. Maybe MS will add it someday. Thanks for the answer, and I'll read the book too when I can carve some spare time out.
Yeah, people do get pretty focused on GUIs, but as I point out all the time, you might not be satisfied by what engineers design in a system... PowerShell does a great job, if implemented correctly, of exposing the true potential of software. The cmdlets available for Office 365 Groups are pretty good. Those for Teams are awful https://www.petri.com/powershell-module-teams-critically-flawed.
