Mail enabled security group - only in Exchange Online

Brass Contributor

Hi all,


In our local Active Directory we have a security group that is synchronised to Azure. Synchronisation works fine and the group is added in Azure. But the group is also mail-enabled in Exchange Online. In the AD the group isn't configured as mail-enabled (it is a global group, not universal).
Problem is that I can't disable the group in Exchange Online, because it is an on-premise group. When I use the cmdlet disable-distributiongroup, our on-premise Exchange gives the error 'not found'.


I have tried to mail-enable the group in the AD, and then disable the group. But the group is still mail-enabled in Exchange Online.
I noticed that the group only has an onmicrosoft-address. Other mail-enabled groups do have primary addresses with our own domains.

How can I mail-disable this group in Exchange Online?

Kind regards,

2 Replies
It appears that there might be a glitch in the synchronization process or the group could be cloud-only. To address this, you could try moving the security group to an organizational unit (OU) that hasn't been synchronized. This should remove the group from the cloud. Afterward, when you move the group back, it should reflect the correct properties.

You can check the synchronization status of a single group using the Get-MsolGroup cmdlet and looking at the LastDirSyncTime property, which displays the last synchronization date and time. This approach should help clarify and resolve the issue.
Get-MsolGroup -SearchString "Sales" | Select-Object DisplayName,LastDirSyncTime

If this solves answers your question, then please make this response as an answer.


Hello @AjinkyaGhare,

Thanks for your reply. Your suggestion sounds good to me. Because the group is used in an production environment it is not possible at this moment. In the next service window I will give it a try.

Kind regards,