Resetting Security Groups for Exchange 2013

Exchange 2007 let me add normal Active Directory Security Groups to Shared Mailboxes, so that's how I created them all in the past, but this is not quite the correct way - In order to assign access through the Exchange Admin Center the Group needs to be Universal and Mail-enabled.

Fortunately there is a few PowerShell commands that can be run to get our Groups up to spec, this works well if your Access Groups are tidily stored in a single Active Directory OU, otherwise this will be more difficult, mine live in Groups > Shared Email Accounts.

  1. On the Exchange Server open the Exchange Management Shell

  2. Use Powershell to make all the Groups in the OU Universal:

    Get-Group -OrganisationalUnit "OU=Shared Email Accounts,OU=Groups,DC=Contoso,DC=com" | Set-Group -Universal

  3. Next Mail-Enable the groups:

    Get-Group -OrganisationalUnit "OU=Shared Email Accounts,OU=Groups,DC=Contoso,DC=com" | Enable-DistributionGroup

  4. Finally, you probably don't want all of these groups to appear in your Global Address List, so run this to hide them:

    Get-Group -OrganisationalUnit "OU=Shared Email Accounts,OU=Groups,DC=Contoso,DC=com" | Set-DistributionGroup -HiddenFromAddressListsEnabled:$True

You will now be able to assign groups to mailboxes from within the "Exchange admin center"