SOLVED

Use AD security group as o365 distribution group

Copper Contributor
O365 question.

We have our on premise Active Directory setup to Sync with O365. In active directory I have a security group named "Quickbooks Users" which gives those users access to the quickbooks files. I would like to setup a distribution group that is dynamic to the security group so I do not have to maintain 2 different groups. Any suggestions on the best way to accomplish this? I don't even see AD security groups in Exchange to convert them to Mail Enabled security groups and I do not see a way to create a dynamic group based on another group.
7 Replies
Try this:
Use the Enable-DistributionGroup cmdlet to mail-enable existing universal security groups and universal distribution groups that aren't already mail-enabled.
ref: https://docs.microsoft.com/en-us/powershell/module/exchange/users-and-groups/enable-distributiongrou...
The Command would be: Enable-DistributionGroup -Identity "Your Security Group"
Once you sync this group I would assume that it would be a Mail enabled security group in Office 365. This would thus dynamically change based on what you do OnPrem, and could also be used to send emails to.

I've found that just adding an email address to a security group in on-prem AD changes the group to an email-enabled security group in O365. This should work if you don't already have an O365 distribution list with the same email address.

 

I haven't been game to try and convert existing O365 distribution lists to mail-enabled security groups in AD yet. I'm sure it's as easy as deleting the O365 group and adding the email address to the AD security group.

best response confirmed by Christopher Hoard (MVP)
Solution
Yeah, this should be correct! Mail anable the groups and sync! Make sure the mail attribute and proxyaddresses is populated with the mail address

Adam

@adam deltinger Confirmed this does work. simplest way to resolve without messing around with PS Scripts.

@Daniel Pipe do you know the PowerShell command to add an email address to a security group ? 

the trouble is 

 

are you sure it becomes a mail-enabled security group ? 

AD on-prem 

Exchange Online full 

@Cade Michaels 

How about setting up a dynamic group in Microsoft 365 to automatically add those security group?

@Kidd_Ip no, this is not the request. 

1 best response

Accepted Solutions
best response confirmed by Christopher Hoard (MVP)
Solution
Yeah, this should be correct! Mail anable the groups and sync! Make sure the mail attribute and proxyaddresses is populated with the mail address

Adam

View solution in original post