question

SiegfriedBeitl-0144 avatar image
0 Votes"
SiegfriedBeitl-0144 asked 67L48-8314 edited

Permission to manage address lists

Hi, I found myself unable to manage in any way (view, change, create, delete) the Exchange Online address lists/books.

 PS C:\> Get-AddressList
 Get-AddressList: The term 'Get-AddressList' is not recognized as a name of a cmdlet, function, script file, or executable program.
 Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
 PS C:\>

The commands are not recognized in Exchange Online PowerShell.

I'm the org admin. I should be able to do it.

I have found here: get-addresslist

In Exchange Online, this cmdlet is available only in the Address Lists role, and by default, the role isn't assigned to any role groups.

I am in the Organization Management role group. I verified that the Address Lists role is enabled for the role group.

I would like to add that I am in a hybrid Exchange environment. I can manage address lists on the local Exchange server but these lists are somehow not synced with Exchange Online. AAD connect is set up and working.

What could be the issue?




office-exchange-server-administrationoffice-exchange-online-itpro
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

KyleXu-MSFT avatar image
0 Votes"
KyleXu-MSFT answered

@SiegfriedBeitl-0144

How do you connect to Exchange online PowerShell? Do you tried to connect to Exchange online in this way: Basic auth - Connect to Exchange Online PowerShell

Yes, this command is contained in "Address Lists" role, if you are contained in this role, you will could run this command(After modifying permission, you need to reconnect to Exchange online PowerShell again):
109157-qa-kyle-10-33-53.png
109129-qa-kyle-10-35-05.png
I also want to confirm with you that whether you could run other command such as "Get-Mailbox" command for Exchange online mailbox?


I can manage address lists on the local Exchange server but these lists are somehow not synced with Exchange Online. AAD connect is set up and working.

Address list is a server-based configuration, it will not sync from Exchange on-premises to Exchange online by default.

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


qa-kyle-10-33-53.png (24.1 KiB)
qa-kyle-10-35-05.png (22.0 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SiegfriedBeitl-0144 avatar image
0 Votes"
SiegfriedBeitl-0144 answered KyleXu-MSFT commented

@KyleXu-MSFT ty for your reply!

1) I connect using these commands:

 $UserCredential = Get-Credential
 $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
 Import-PSSession $Session -DisableNameChecking

However, I also tried to connect using "Import-Module ExchangeOnlineManagement". It didn't work either.

Today, I have tried and it worked immediately! I did not change anything since I wrote my original post here. I am now thinking that perhaps I did assign the Address Lists role and it just took some time for the changes to take effect.

2) As for the syncing of address lists from Exchange on-premises to Exchange online, you mentioned that this does not work by default. Is there a way to make this work. Perhaps you could point me to the documentation for this, if it is possible at all.

Thank you!







· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KyleXu-MSFT avatar image KyleXu-MSFT ·

About the question 1, most Exchange online modification need take more time to take effect than Exchange on-premises.

About the question 2, I think you may need to migrate all mailboxes to Exchange online, then manage Address list from the Exchange online side.

0 Votes 0 ·
67L48-8314 avatar image
0 Votes"
67L48-8314 answered 67L48-8314 edited

I don't have a solution, but I can confirm that using EXO V2 2.05, I get the same error. It's very frustrating as we are an extremely small company and I'm literally the only admin. So, if it's a permissions issue, then it ultimately means that the Global Admin is not actually a global administrator. I've tried a few ways to more explicitly give myself the Organization Management role and the Address List permission.

Still no joy. Any of the GlobalAddressList commands continue to give me the error in the OP. Literally every other command I've tried in the shell has worked fine. Just nothing regarding address lists will be recognized.

TIME.

As mentioned a few times above, it takes time for Exchange Admin Center online to apply changes to an acccount. I have the proper permissions. However, I'm not sure which was the magic bullet, as I did all of these things:

  1. Added my account to the Organization Management role

  2. Created a new role that had the Address List permission and assigned myself to that role.

  3. Within Powershell, I used a command set to create an Address List role that had only the Address List permission and assigned myself to it. Note that this was done exclusively within Powershell, whereas the first two were done within EAC.

One of those 3 things must have worked. Not sure how long it actually took, but around 2 hours had elapsed from when I made the first change to when I was able to access the various Address List commands.

One thing was certain: it was a permission issue and that's just upside down not to include address list permissions to the global admin account.




5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.