cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
O365 Groups Tidbit - Create/Delete/Upgrade O365 Groups
By
Christopher Weaver
Published May 15 2019 03:25 PM 553 Views
Christopher Weaver
Microsoft
‎May 15 2019 03:25 PM

O365 Groups Tidbit - Create/Delete/Upgrade O365 Groups

‎May 15 2019 03:25 PM

First published on TECHNET on May 22, 2018
Hello All,

As O365 Groups become more important in managing SharePoint I thought I would provide you with some information about them

Who should be using O365 Groups?

Groups or people that work in the following manner:

    • Frequent email communication

 

    • Email distribution lists (Upgrade)

 

    • Sharing Office documents



Who can create groups?

By default all users can create O365 Groups, this was done because groups are used in so many different locations that requests for groups could be to much for Helpdesk to keep up with, however there are times when companies need to restrict the ability to create groups for governance or other reasons, in that case I recommend you follow this article .

The article walks you thru the following steps (With in-depth information):

    1. Get the ObjectId of the security group for all users that are allowed to create groups.  You can use the cmdlet Get-AzureADGroup to achieve this.

 

    1. Get the setting template for Unified Groups, by running the line



$Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'}




    1. Then configure new settings by running the lines



$Setting = $Template.CreateDirectorySetting()

 

New-AzureADDirectorySetting -DirectorySetting $Setting

 

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id

 

$Setting["EnableGroupCreation"] = $False

 

$Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString " <Name of your security group> ").objectid




    1. Save the settings template by running this line



Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting


NOTE: You must use AzureADPreview to achieve these results, and require AAD Premuim.

How to create O365 Groups?

Once you open your environment to being Self-Hosted end-users or if not self-hosted then anybody who has permission to create groups will have several ways to create O365 Groups:

    1. Outlook – When you create a group thru Outlook you get the following objects Shared Inbox, Shared Calendar, SharePoint Document Library, Shared OneNote Notebook, SharePoint Team Site, and Planner

 

    1. Teams – When you create a group thru Teams you get the following objects Chat based workspace, Shared Inbox, Shared Calendar, SharePoint Document Library, Shared OneNote Notebook, SharePoint Team Site, and Planner

 

    1. Yammer – When you create a group thru Yammer you get the following objects Yammer Group, SharePoint Document Library, SharePoint OneNote Notebook, SharePoint Team Site, and Planner



Administrators can create groups thru the following manners

    1. PowerShell/API



To create O365 Groups with PowerShell you will need to first connect to Exchange Online and retrieve cmdlet’s the following lines perform this

 

$Creds = Get-Credential

 

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Creds -Authentication Basic -AllowRedirection

 

Import-PSSession $Session

 

Now we can create a group using the cmdlet New-UnifiedGroup and example of this would be:


New-UnifiedGroup -DLIdentity “My New Group”

If you wanted you can use several Optional parameters like this

New-UnifiedGroup -DLIdentity “My New Group” -Alias “GroupAlias” -SubscriptionEnabled -AutoSubscribeNewmembers -AccessType Private

We can modify the group settings by using the cmdlet Set-UnifiedGroup

Set-UnifiedGroup -Identity “My New Group” -AccessType Public -AlwaysSubscribeMembersToCalendarEvents

We can add Member or Owners by using the cmdlet Add-UnifiedGroupLinks

Add-UnifiedGroupLinks -Identity “My New Group” -LinkType Owners -Links chris@contoso.com          #Adds owner

Add-UnifiedGroupLinks -Identity “My New Group” -LinkType Members -Links george@contoso.com,linda@contoso.com         #Adds members

Note: See Remove-UnifiedGroupLinks to remove Members/Owners from group

    1. You can manually create/modify O365 Groups using the following portals

 



        1. Azure Active Directory

        1. Office Admin Portal

        1. Exchange Admin Center




How to remove/cleanup O365 Groups?

    1. A great way to automate the cleanup of O365 Groups in your tenant is thru an Expiration Policy which is off by default.  If you configure it, then owners will get an email XX days before it is soft-deleted at which point owners will have XX days to recover it before it is permanently deleted.



Configuring the policy requires Global Admin permission and is done in AAD portal, you can choose from 180 days, 365 days, or custom which has to be greater then 30 days.  In the portal go to User and Groups -> Group Settings -> Expiration and set the desired policy.

 

Note: All objects attached to the group including the group itself can have a retention policy, and once the group is deleted those policies will be enforced (For more info see this article )




    1. PowerShell/API



To remove O365 Groups with PowerShell you will need to first connect to Exchange Online and retrieve cmdlet’s the following lines perform this

 

$Creds = Get-Credential

 

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Creds -Authentication Basic -AllowRedirection

 

Import-PSSession $Session


To remove the O365 Group run the cmdlet Remove-UnifiedGroup

Remove-UnifiedGroup -Identity “My New Group” -Force

    1. You can manually remove O365 Groups using the following portals

 



        1. Azure Active Directory

        1. Office Admin Portal

        1. Exchange Admin Center




How to upgrade Distribution lists and which ones can I not upgrade?

There are two ways to upgrade a DL to an O365 Group

    1. You can use the Exchange Admin center to upgrade all eligible DL’s, see this article for steps.

 

    1. You can use PowerShell to upgrade individual DL’s or all eligible DL’s, Cmdlets you will possibly  use are Upgrade-DistributionGroup and Get-EligibleDistributionGroupForMigration and Get-UnifiedGroup

        1. To upgrade a single DL you would run the following command Upgrade-DistributionGroup -DLIdenties <DLName>

        1. To upgrade multiple DL you have two choices


 

    1. Upgrades all named DL’s Upgrade-DistributionGroup -DLIdenties <DLName1>,<DLName2>

 

    1. Upgrade all eligible DL’s Get-EligibleDistributionGroupForMigration | Upgrade-DistributionGroup



NOTE: You need to be either an Exchange Admin or a Global admin to perform this task

Any DL that falls into these categories will not be eligible for upgrade:

    • Nested

 

    • Security groups

 

    • Dynamic distribution lists

 

    • On-premises owned



Watch for further emails to look at further managing of O365 groups.

Pax

0 Likes
Like
Version history
Last update:
‎Apr 29 2020 09:40 AM
Updated by:
Labels