We had an issue with a customer recently where they were unable to add a permission to a mailbox for a mail enabled security group. Every time they ran the “Add-MailboxFolderPermissions -Identity “User1:calendar” -AccessRights Editor -User “Mail Enabled Security Group”” they got the below error.
The user “Mail Enabled Security Group” was found in Active Directory but isn’t valid to use for permissions. Try an SMTP address
instead.
+ CategoryInfo : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], InvalidInternalUserIdException
+ FullyQualifiedErrorId : C90B057C,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
We tried to see if we could actually configure anything with the security group by running “Set-DistributionGroup –Identity “Mail Enabled Security Group“”, running this we got the below error
Members can’t remove themselves from security groups. Please set the group to Closed for requests to leave.
+ CategoryInfo : NotSpecified: (:) [Set-DistributionGroup], RecipientTaskException
+ FullyQualifiedErrorId : 26EA2028,Microsoft.Exchange.Management.RecipientTasks.SetDistributionGroup
To resolve this we ran the below command
Set-distributionGroup -Identity “ Mail Enabled Security Group ” -MemberDepartRestriction closed
After running this we were then able to run the original Add-MailboxFolderPermission without any issues J