Forum Discussion
Setting Unified Group properties via API
The Set-UnifiedGroup PowerShell commandlet has a couple of interessting properties. In particular, hiding the group from the global address list (HiddenFromAddressListsEnabled) and enabling/disabling...
If you set the MailNickname property when running New-MgGroup and the group is mail enabled, the MailNickname becomes the root of the primarySmtpAddress.
$Group=New-MgGroup -DisplayName "March 2023 Sales Operations Team" -GroupTypes Unified -MailNickName March.2023.Sales.Operations -MailEnabled:$True -SecurityEnabled:$False -Description "A group for Sales Operation management"
Get-unifiedgroup -Identity $Group.Id | fl primarysmtpaddress
PrimarySmtpAddress : Email address removed
Hi Tony Thanks for the info what I need is to be able to Set the Primary to company.co.uk instead of the Default company.onmicrosoft.com would be simple if I could just set this up using New-UnifiedGroup but doesn't work with CBA. Tried Setting it this way
$groupid = "Steve test automation2"
$params = @{
Description = "External - Steve-test-automation2"
DisplayName = "Steve test automation2"
GroupTypes = @(
"Unified"
)
MailEnabled = $true
MailNickname = "Steve-test-automation2"
Mail = "Email address removed"
SecurityEnabled = $false
}
New-MgGroup -BodyParameter $params
But it gives an error "New-MgGroup : Property 'mail' is read-only and cannot be set."
$groupid = "Steve test automation2"
$params = @{
Description = "External - Steve-test-automation2"
DisplayName = "Steve test automation2"
GroupTypes = @(
"Unified"
)
MailEnabled = $true
MailNickname = "Steve-test-automation2"
Mail = "Email address removed"
SecurityEnabled = $false
}
New-MgGroup -BodyParameter $params
But it gives an error "New-MgGroup : Property 'mail' is read-only and cannot be set."
- Sounds good. I completely missed sending you a link to https://practical365.com/use-azure-automation-exchange-online/ which explains some of the ground you cover here. In any case, it's good that you have a solution.
- Hi Tony, have just tested and ran the Following and this works now, if it is of any use to anyone this is the Full way that I have got Creating a Unified Group Using CBA working
"#Connect to MS Graph
Import-Module Microsoft.Graph.Authentication
Connect-MgGraph -TenantId "Your Tennant ID" -AppId "Your App ID" -CertificateThumbprint "Your Cert Thumbprint"
#Create Unified Group Via Graph
Import-Module Microsoft.Graph.Groups
$groupid = "Steve test automation2"
$params = @{
Description = "External - Steve-test-automation2"
DisplayName = "Steve test automation2"
GroupTypes = @(
"Unified"
)
MailEnabled = $true
MailNickname = "Steve-test-automation2"
SecurityEnabled = $false
}
New-MgGroup -BodyParameter $params
#Set Owner and Membership
$Group = Get-MgGroup -Filter "DisplayName eq 'Steve test automation2'"
$User = Get-MgUser -ConsistencyLevel eventual -Count userCount -Search "DisplayName:cox,steve"
$MGGroupID = $Group.Id
$MGUserID = $User.id
$newGroupOwner =@{
"@odata.id"= "https://graph.microsoft.com/v1.0/users/{$MGUserID}"
}
New-MgGroupOwnerByRef -GroupId $MGGroupID -BodyParameter $newGroupOwner
New-MgGroupMemberByRef -GroupId $MGGroupID -BodyParameter $newGroupOwner
Disconnect-MgGraph
#Connect to EXOL
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -CertificateThumbPrint "Your Cert Thumbprint" -AppID "Your App ID" -Organization "Your Org.onmicrosoft.com" -UseRPSSession
#Change unified Group Email Address
Get-Group -Identity "Steve-test-automation2" |fl
Set-Group -Identity "Steve-test-automation2" -WindowsEmailAddress "steve-test-automation2@yourOrg.com"
#Set Allow External Senders
Set-UnifiedGroup -Identity "Steve-test-automation2" -RequireSenderAuthenticationEnabled:$false
Disconnect-ExchangeOnline - Did you add the Service Principal for the automation account to the Exchange administrator role group? I've done this when I wanted to perform Exchange Online admin operations with a runbook that authenticates using CBA. The New-MgGroup error is probably because the Graph team haven't given the cmdlet the ability to set all the properties of a Microsoft 365 group.
- Hi Tony, I have found that I can change the Primary Email via Exchange-online
Set-Group -Identity "Steve-test-automation2" -WindowsEmailAddress "steve-test-automation2@myorg.com"
So All I need to do now is to Set the Unified Group to Allow External Senders, I cannot do this by Set-UnifiedGroup as this doesn't work with Certificate Based Authentication, and if I try adding AllowExternalSender = Strue to the New-MGGroup Params it gives an Error "New-MgGroup : The following properties cannot be set in the initial POST request. Please set them in a subsequent PATCH
request: allowExternalSenders."
how can I set this a PATCH Request from Powershell? - Use an address policy for Microsoft 365 Groups to point to the domain you want the groups to have email addresses from and that will solve the problem. https://docs.microsoft.com/microsoft-365/solutions/choose-domain-to-create-groups?view=o365-worldwide&WT.mc_id=M365-MVP-9501