The ability to self service the creation of distributions groups has been a feature for quite some time in my Exchange experiences.  Now that I am in Office 365 / Exchange Online this functionally is no longer available for synced groups. This now forces the enlistment of the support department to facilitate all mortification for the end user.

Looking into this to get an understanding as to why this is, I’ve learned that if you’re an Office 365 Exchange Online customer and currently utilizing Directory Synchronization (DirSync) between an on-premise Active Directory and Office 365’s Azure Active Directory you will face such incidents as the objects on the Office 365 are in read only mode and are updated via the synchronization that has been put in place

You are even given a a little message when you attempt to make modification to groups:  The action ‘Update-DistributionGroupMember’, ‘Identity,Members’, can’t be performed on the object ‘Group Name’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

Now aware of this limitation that exist around group modification due to them being read only how do I work like this? I have the following two ideas to work with.

One: 

One method is to go old school and use the Use the ‘Find Users, Contacts and Groups’ tool to allow group modification. However there is an issue regarding the fact that the computer used needs to be a member of the domain and at the time of change also connected to the on premise domain network (internal or via vpn).

Note: After changes have been made the condition of waiting for Directory Synchronization (DirSync) to complete its sync cycle must take place.  This can take up to 3 hours time.

 

Two:

The Second method is to change all Directory Synchronization (DirSync) Distribution Group Objects to the Azure Active Directory and make the On-Clound