Office 365 group admin role

You may come across a scenario where you want to script the membership of Office 365 groups.  Unfortunately there is no Office 365 group admin role that you can assign within exchange online. You have to assign global admin permissions to any account that you want to be able to modify Office 365 group memberships. This problem is has a UserVoice page here.

Microsoft has a few powershell commands that you can “supposedly” run to “Find the permissions required to run any Exchange cmdlet”. However when you run these commands on Add-UnifiedGroupLinks and Remove-UnifiedGroupLinks, the role that they specify that you use is: Mail Recipients. So even after assigning the Mail Recipient role to my specified script user account, the commands do not work.  Go Figure MSFT!

Workaround

My only workaround at this point is to simply assign my script user account to be the Office 365 group owner. Once this is done, this user can add and remove group members within exchange online powershell.  Of course this only works in limited scenarios, and still needs an admin to assign ownership permission to the script user.

 

 

About Parker Jardine

Manager of Systems Administration in the Information Technology Higher Education space. I enjoy biking, climbing, hockey, camping, mountaineering, hunting, paragliding, and just being outdoors. You can read my Make Magazine project articles about a diy solar panel and solar systems design in volumes 12 and 14.
This entry was posted in Exchange Online, Office 365. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s