Microsoft Exchange Online
A Microsoft email and calendaring hosted service.
1,452 questions
Getting an error in a runbook.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 92%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Tristan MacDonald
0
Reputation points
Hi there,
I've created a runbook to handle offboarding users in office 365. I'm connecting to the graph API, and exchangeonline module. My runbook is working flawlessly except for one specific line which is giving me an error when ran in the runbook (I don't get this error when ran directly from powershell.)
The system managed identity has Exchange.ManageAsApp, Exchange administrator permissions, as well as all valid graph permissions for commands I've called.
Error message:
Set-Mailbox: |Microsoft.Exchange.Data.Directory.InsufficientPermissionsException|Source server:*** doesn't have write permission to target DC:. Usually it indicates that target forest isn't an account partition of source forest. The user has insufficient access rights.
The line in question:
# Disable shared mailbox from showing in GAL
Set-Mailbox -Identity $userEmail -HiddenFromAddressListsEnabled $true
{count} votes
-
Tristan MacDonald 0 Reputation points
2024-04-30T17:13:11.5066667+00:00 I've looked into using the graph API for this specific line, however there is a known issue which advises not to use the graph API to hide a user from the global address list.
-
Jayce Yang-MSFT 1,251 Reputation points Microsoft Vendor2024-05-01T02:26:33.12+00:00 Since you can run the cmdlet in PowerShell directly without errors, we can consider that there is no error in EXO. And this issue is caused by Runbook.
Sign in to comment