We had an issue with a customer recently where they were unable to add a permission to a mailbox for a mail enabled security group. Every time they ran the “Add-MailboxFolderPermissions -Identity “User1:calendar” -AccessRights Editor -User “Mail Enabled Security Group”they got the below error.

The user “Mail Enabled Security Group” was found in Active Directory but isn’t valid to use for permissions. Try an SMTP address

instead.

+ CategoryInfo : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], InvalidInternalUserIdException

+ FullyQualifiedErrorId : C90B057C,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission

We tried to see if we could actually configure anything with the security group by running “Set-DistributionGroup –Identity “Mail Enabled Security Group“”, running this we got the below error

Members can’t remove themselves from security groups. Please set the group to Closed for requests to leave.

+ CategoryInfo : NotSpecified: (:) [Set-DistributionGroup], RecipientTaskException

+ FullyQualifiedErrorId : 26EA2028,Microsoft.Exchange.Management.RecipientTasks.SetDistributionGroup

To resolve this we ran the below command

Set-distributionGroup -Identity “ Mail Enabled Security Group ” -MemberDepartRestriction closed

After running this we were then able to run the original Add-MailboxFolderPermission without any issues J

About the author