Link to home
Start Free TrialLog in
Avatar of RMChelp
RMChelp

asked on

How to add O365 shared mailbox to AD integration Distribution Group

Hello Everyone,

I have an AD integrated Distribution group that was part of my O365 migration. On-Prem exchange has been decommissioned. I also have an O365 shared mailbox. I am trying to add the shared mailbox to the distribution group but when I try from O365, I receive the error

"The action 'Update-DistributionGroupMember', 'BypassSecurityGroupManagerCheck,Identity,Members', can't be performed on the object 'Changes' because the object is being synchronized from your on-premises organization."

If I go into AD and try to add the shared mailbox to the distribution group, AD cannot find the shared mailbox. Any suggestions on how to make this work?

Thanks
Avatar of PeggieGreg
PeggieGreg
I think you need to make sure that the security groups is set to Universal and that they are Mail Enabled. Depending on the sync settings you configured you need to make sure that the group has these set.

If you ran with the default sync setting you need to make sure that your security group has a value in the ProxyAddress attribute field, like (securitygroup@something.com)

When all this is in place the group should sync to Office 365 and be browsable in EX-O admin centre
Avatar of Vasil Michev (MVP)
Vasil Michev (MVP)
Flag of Bulgaria image
If you want to manage your groups on-prem, you should not expect to be able to add cloud-only objects to them. Either recreate the group in O365 directly, or create an object representing the shared mailbox on-premises (mail user would do).
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

As Vasil says, you have to have an on-prem object to represent the shared mailbox in a group that is in local AD. To do this, create a normal remote mailbox from the Onprem Exchange server, then go into the O365 admin portal, license the user, then convert it to a shared mailbox and remove the license from the user associated with the mailbox. Kind of a weird way to do it, but it works (might not need to do the licensing anymore. It's been a while since I have done this, so the process may be different now). 

Getting an existing shared mailbox tied to an on-prem account should be fairly straight forward. Just create an AD account and mail enable it  on-prem, making sure the email addresses match the shared mailbox, then wait for sync or force sync. 

ASKER CERTIFIED SOLUTION
Avatar of Jason Crawford
Jason Crawford
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of RMChelp
RMChelp

ASKER

Thank you. I was afraid of that.