Exchange Group to Group Permissions for Inbox : found in Active Directory but isn’t valid to use for permissions.

**Update**

Upon the below , I actually experienced this again , when I couldn’t break the Group down to members and add to another group. The issue was this group was a legacy Distribution Group from 2003 that just needed resetting per below ( with it’s correct details ) :

Set-DistributionGroup -Identity "Accounting" -DisplayName "Accounting Group"

**Old Fix**

I was trying to add group to group permissions in Exchange so all members of one group would have access to another groups Inbox and was getting the following error

“found in Active Directory but isn’t valid to use for permissions”

Powershell Code as below, I set the DistGrouptohavePermission to an SMTP email address of the group as well as confirming it was a Universal Security Group and it still came up with the error.

I then changed the DistGrouptohavePermission value to the MailNickName of the Group ( can be found in the Extended Attributes ) and it went through OK

# change to prefered accessrights (see "Get-Help Set-MailboxFolderPermission -Parameter AccessRights")
$accessrights = "Editor"
 
# set Identity to distributiongroup alias
$distributiongroup = Get-DistributionGroup -Identity "GroupWillAllTheUsers"
 
# normally no changing after this line
$groupmembers = Get-DistributionGroupMember -Identity $distributiongroup | Where-Object { $_.RecipientType -eq "UserMailbox" }
foreach ( $member in $groupmembers )
{
	$permissions = ""
	$mailbox = Get-Mailbox -Identity $member.alias
	$inbox = (($mailbox.SamAccountName) + ":\" + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Inbox | Select-Object -First 1).Name)
 
	foreach ( $perm in ( Get-MailboxFolderPermission -Identity $inbox ))
	{
		$permissions += @($perm.User.DisplayName)
	}
 
	if ( $permissions -contains $distributiongroup.Name )
	{
		# Distributiongroup already has permission groupmember inbox
		Set-MailboxFolderPermission -Identity $mailbox.SamAccountName -User "DistGrouptohavePermission" -AccessRights $accessrights
		Set-MailboxFolderPermission -Identity $inbox -User "DistGrouptohavePermission" -AccessRights $accessrights
	}
	else
	{
		# Distributiongroup has no permission to groupmember inbox
                Add-MailboxFolderPermission -Identity $mailbox.SamAccountName -User "DistGrouptohavePermission" -AccessRights $accessrights
		Add-MailboxFolderPermission -Identity $inbox -User "DistGrouptohavePermission" -AccessRights $accessrights
	}
}
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 3.00 out of 5)
Loading...

Powered by WordPress | Made with ❤ by Themely