Use API / ExchangeOnline PowerShell to create group possible despite using AD connect?

Brass Contributor

Hi at all 🙂

 

I have a question regarding provisioning distribution groups, etc in ExchangeOnline via API or PowerShell.

 

Actually we use the AD Connect tool for syncing informations to the Azure Active Directory (user names, e-mail adresses and department). If i check the properties of a user in the AAD, some fields are grayed out (provided via the AD connect tool).

 

Therefore my question:

Is it possible to create distribution groups via the API or PowerShell (parallel use to the local AD)? Or do I have to create the itens in the local AD and sync it up in the AAD?

 

Thx in advance for your help.

3 Replies
It is possible yes, using AAD Connect does not prevent you from creating or managing cloud-only objects. But in most cases you want the object represented in AD too, i.e. centralized management.

@VasilMichev 

 

You say that AAD connect does not prevent me from creating cloud-only objects. Then I have different assumptions. Can you confirm this?

 

  • S/MIME = cloud and local object --> provisioning via AD necessary
  • Distribution group = cloud and local object --> provisioning via AD necessary
  • MS365 Group = cloude only --> provisioning via PowerShell or GraphAPI
  • Dynamic distribution group = cloud and local object --> provisioning via AD necessary
    I´m not shure if the dynamic distribution group is similiar to the query based distribution group in the AD

 

Thx in advance for your help 😉

 

 

 

Configuring S/MIME is an attribute, not an object. The rest are all object that you can either create directly in Azure AD/Exchange Online, or sync from AD. Using one method doesn't prevent the other, but you will loose the "central" management.