Home

Security Group without Owner and Grayed-Out "Add" Button

%3CLINGO-SUB%20id%3D%22lingo-sub-1281675%22%20slang%3D%22en-US%22%3ESecurity%20Group%20without%20Owner%20and%20Grayed-Out%20%22Add%22%20Button%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1281675%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20mail-enabled%20security%20group.%20It%20shows%20under%20%22Groups%22%20in%20AAD%2C%20but%20must%20have%20been%20created%20through%20the%20Exchange%20Admin%20Center%20or%20the%20Office%20365%20Admin%20Center%2C%20because%20AAD%20cannot%20(I%20think)%20create%20a%20mail-enabled%20group.%20The%20group%20did%20not%20have%20an%20owner.%20In%20the%20O365%20admin%20center%2C%20I%20added%20an%20owner.%20But%20now%2C%20five%20or%20so%20hours%20later%2C%20AAD%20still%20shows%20the%20group%20as%20not%20having%20an%20owner.%3C%2FP%3E%3CP%3E1.%20Why%3F%202.%20Should%20I%20be%20concerned%20about%20this%3F%20The%20button%20in%20AAD%20to%20add%20an%20owner%20to%20a%20group%20is%20grayed%20out%20for%20that%20group.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1281675%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1282649%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20Group%20without%20Owner%20and%20Grayed-Out%20%22Add%22%20Button%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1282649%22%20slang%3D%22en-US%22%3E%3CP%3EThere's%20no%20such%20thing%20as%20%22owner%22%20of%20a%20mail-enabled%20security%20group%2C%20only%20Office%20365%20Groups%20have%20those.%20For%20DGs%2FMESGs%2C%20the%20%22managedBy%22%20attribute%20can%20be%20thought%20of%20as%20%22owner%22%2C%20but%20it's%20technically%20a%20different%20attribute%2C%20thus%20the%20Azure%20AD%20portal%20might%20not%20display%20it.%20In%20my%20tenant%2C%20it's%20a%20hit%20or%20miss%20mostly%2C%20some%20MESG%20display%20Owners%2C%20other%20do%20not.%20Use%20the%20Exchange%20tools%20if%20you%20want%20to%20manage%20them.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1282739%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20Group%20without%20Owner%20and%20Grayed-Out%20%22Add%22%20Button%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1282739%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20Thanks%20for%20responding.%20Not%20sure%20why%20you%20think%20that%20mail-enabled%20security%20groups%20don't%20have%20an%20owner.%20Owners%20of%20such%20groups%20are%20listed%20as%20%22owner%22%20in%20both%20the%20Exchange%20Online%20admin%20center%20and%20the%20Office%20365%20admin%20center.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

I have a mail-enabled security group. It shows under "Groups" in AAD, but must have been created through the Exchange Admin Center or the Office 365 Admin Center, because AAD cannot (I think) create a mail-enabled group. The group did not have an owner. In the O365 admin center, I added an owner. But now, five or so hours later, AAD still shows the group as not having an owner.

1. Why? 2. Should I be concerned about this? The button in AAD to add an owner to a group is grayed out for that group.

3 Replies
Highlighted

There's no such thing as "owner" of a mail-enabled security group, only Office 365 Groups have those. For DGs/MESGs, the "managedBy" attribute can be thought of as "owner", but it's technically a different attribute, thus the Azure AD portal might not display it. In my tenant, it's a hit or miss mostly, some MESG display Owners, other do not. Use the Exchange tools if you want to manage them.

 

 

Highlighted

@Vasil Michev  Thanks for responding. Not sure why you think that mail-enabled security groups don't have an owner. Owners of such groups are listed as "owner" in both the Exchange Online admin center and the Office 365 admin center.

Highlighted

Again, that's the ManagedBy property.