Several of the sessions about Office 365 Groups given at Microsoft Ignite in Chicago have addressed the obvious deficiency in management controls that exist in the initial implementation. Part of this was the total inability to create new groups or remove existing groups with PowerShell. You can run Get-GroupMailbox to return the properties of a group and Set-GroupMailbox to set some properties, but that’s hardly enough to satisfy the needs of those who want to manage groups.
The answer is the new set of *–UnifiedGroup and *-UnifiedGroupLinks cmdlet sets that are now rolling out to Office 365 tenants. These cmdlets provide a far more comprehensive set of controls over groups and replace the old cmdlets.
So we can now run New-UnifiedGroup to create a new Office 365 group and Remove-UnifiedGroup to clean up afterwards. Or even Set-UnifiedGroup to maintain group properties if we want to keep it. For example, here’s the command to create a new group object in Azure Active Directory.
New-UnifiedGroup –DisplayName “Ignite 2016” –Alias “Ignite2016” –EmailAddresses Ignite2016@contoso.com
The group is created as an empty object. You have to use the Add-UnifiedGroupLinks cmdlet to add members to the group. First, let’s add an owner:
Add-UnifiedGroup –Identity “Ignite2016” –LinkType Owners –Links TRedmond
To add a member:
Add-UnifiedGroup –Identity “Ignite2016” –LinkType Members –Links JGuillet
A subscriber (who receives updates by email) can be added by changing the LinkType to “Subscribers”
This stuff isn’t fully documented yet because the roll-out is still in progress. Part of that roll-out is a transformation of existing groups from their existing Azure Active Directory object type to a form that can be synchronized back to on-premises Active Directory. This will allow hybrid Exchange deployments to access Office 365 Groups – the groups will remain in the cloud but they will show up in the on-premises GAL and will be treated as a distribution group. You’ll need to use AADConnect to synchronize AD with AAD to make this all happen.
You’ll see some evidence of the transformation in your tenant by running the Get-UnifiedGroup cmdlet. If this doesn’t return anything, you know that the existing Office 365 groups have not yet been transformed in AAD. When the groups are processed, they will show up when you run Get-UnifiedGroup, as will any new group that you create with New-UnifiedGroup.
You can also see the difference by running the Get-Recipient –RecipientTypeDetails “GroupMailbox” command. This will return all the old and new Office 365 Groups. The old groups have a recipient type of “UserMailbox” while the new groups use “MailUniversalDistributionGroup”, just like regular Exchange distribution groups. This is the change that allows cloud-to-on-premises synchronization of Office 365 groups.
For more information about Office 365 groups, see chapter 7 of “Office 365 for Exchange Professionals” where the topic is dealt with in some depth.
Follow Tony @12Knocksinna