New management cmdlets for Office 365 Groups

Several of the sessions about Office 365 Groups given at Microsoft Ignite in Chicago have addressed the obvious deficiency in management controls that exist in the initial implementation. Part of this was the total inability to create new groups or remove existing groups with PowerShell. You can run Get-GroupMailbox to return the properties of a group and Set-GroupMailbox to set some properties, but that’s hardly enough to satisfy the needs of those who want to manage groups.

The answer is the new set of *–UnifiedGroup and *-UnifiedGroupLinks cmdlet sets that are now rolling out to Office 365 tenants. These cmdlets provide a far more comprehensive set of controls over groups and replace the old cmdlets.

So we can now run New-UnifiedGroup to create a new Office 365 group and Remove-UnifiedGroup to clean up afterwards. Or even Set-UnifiedGroup to maintain group properties if we want to keep it. For example, here’s the command to create a new group object in Azure Active Directory.

New-UnifiedGroup –DisplayName “Ignite 2016” –Alias “Ignite2016” –EmailAddresses

The group is created as an empty object. You have to use the Add-UnifiedGroupLinks cmdlet to add members to the group. First, let’s add an owner:

Add-UnifiedGroup –Identity “Ignite2016” –LinkType Owners –Links TRedmond

To add a member:

Add-UnifiedGroup –Identity “Ignite2016” –LinkType Members  –Links JGuillet

A subscriber (who receives updates by email) can be added by changing the LinkType to “Subscribers”

This stuff isn’t fully documented yet because the roll-out is still in progress. Part of that roll-out is a transformation of existing groups from their existing Azure Active Directory object type to a form that can be synchronized back to on-premises Active Directory. This will allow hybrid Exchange deployments to access Office 365 Groups – the groups will remain in the cloud but they will show up in the on-premises GAL and will be treated as a distribution group. You’ll need to use AADConnect to synchronize AD with AAD to make this all happen.

You’ll see some evidence of the transformation in your tenant by running the Get-UnifiedGroup cmdlet. If this doesn’t return anything, you know that the existing Office 365 groups have not yet been transformed in AAD. When the groups are processed, they will show up when you run Get-UnifiedGroup, as will any new group that you create with New-UnifiedGroup.

You can also see the difference by running the Get-Recipient –RecipientTypeDetails “GroupMailbox” command. This will return all the old and new Office 365 Groups. The old groups have a recipient type of “UserMailbox” while the new groups use “MailUniversalDistributionGroup”, just like regular Exchange distribution groups. This is the change that allows cloud-to-on-premises synchronization of Office 365 groups.

For more information about Office 365 groups, see chapter 7 of “Office 365 for Exchange Professionals” where the topic is dealt with in some depth.

Follow Tony @12Knocksinna


About Tony Redmond ("Thoughts of an Idle Mind")

Exchange MVP, author, and rugby referee
This entry was posted in Office 365 and tagged , , , , , , . Bookmark the permalink.

16 Responses to New management cmdlets for Office 365 Groups

  1. Pingback: New management cmdlets for Office 365 Groups | Direct Cloud

  2. Any info on configuring name policies? Saw them demo a user getting blocked when they try to create a group with a banned word. I recall they said that was configured via PS, but haven’t come across that yet.

    • The same group naming policy that applies to distribution groups also applies to Office 365 Groups. There are a few funnies in it right now (such as admin created groups also picking up the naming policy, which shouldn’t be the case). I’ve updated the engineers and they are working on a fix.

      All of this, BTW, is documented in chapter 7 of “Office 365 for Exchange Professionals” (gratuitous ad).

  3. Playing around with the cmdlets, and wanted to note that to make someone an owner you have to first add them as a member otherwise you get an error telling you to add the member.

  4. Michael Roth says:

    Any thoughts on using the HiddenFromAddressListsEnabled attribute for Office 365 groups? We wanted to prevent groups from showing up in the address list, but when we set this attribute to True, they still appear for users with mailboxes in Office 365. Thanks!

    • How long did you leave it before you checked that the group was hidden? I have several groups that are hidden and none of them show up in the “All Groups” address list, so they don’t shown up when people browse for groups.

      • Michael Roth says:

        The HiddenFromAddressListsEnabled attribute was set to True in the last week of May for all Office 365 groups that have been created so far. I found a much older article you had regarding hiding these from the GAL as well- “A more private repository that can be hidden from casual browsing would be a better choice to host truly private discussions until Microsoft provides the ability to hide private groups from address lists.” Is this still the case that groups will appear in the GAL until a solution is implemented to hide these groups?

        As an example, I login to my Office 365 mailbox via OWA using IE. I start a new email msg, click the To: field, select All Groups from the Directory listing, and then all the Office 365 groups will appear. Oddly, when I enter the name of one of the groups in the search field, no results appear. If I clear the search again, then all the Office 365 groups appear.

        We thought that by setting the HiddenFromAddressListsEnabled attribute to True that all of these groups would be hidden from the GAL, but this does not seem to be the case yet.

        Thanks for your help!

      • I reported a problem today to Microsoft where the HiddenFromAddressListsEnabled property is being ignored for Office 365 Groups since the transition from old-style AAD group objects to the newer style. I’m waiting to hear back from them.

      • Michael Roth says:

        Hi Tony! Did you ever hear back about the HiddenFromAddressListsEnabled attribute? Thanks!

  5. Sean says:

    Hi Tony

    How would I add users to an O365 group with a csv file?
    When I try in any format with headers or no headers in the csv I get an error.

    “Cannot convert hashtable to an object of the following type: Microsoft.Exchang
    e.Configuration.Tasks.RecipientIdParameter. Hashtable-to-Object conversion is n
    ot supported in restricted language mode or a Data section.””

    Thank you for the help!

    • Sean says:

      I found the problem.
      You have to use Get-Content instead of Import-CSV
      For any one else
      eg: $users = Get-Content c:\users.csv
      Add-UnifiedGroupLinks -Identity “admintest” -LinkType members -Links $users

  6. says:

    Hi do you know how I can get access to using these cmdlets?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s