addDistributionGroupMember function fails when called in a Connect Action
  • 28 Oct 2022
  • 1 Minute to read
  • Dark
    Light

addDistributionGroupMember function fails when called in a Connect Action

  • Dark
    Light

Article Summary

Issue Description

After updating to RapidIdentity Exchange Agent 2022.7.15.0, the addDistributionGroupMember function may fail to add a member to a Mail-enabled security group when using application id and certificate thumbprint for authentication. The following error message is returned when the function is called in a Connect action.

022/10/19 19:04:03.237: TRACE exchangetest(): sessionO365 = openOffice365Connection(agenturl, undefined, undefined, "testsvc@hcid.onmicrosoft.com", <password>, " 12345678-a345-9929-ff33-aaaa35d9ed22  ", " 444444
1234567890123456783ADC6FAAAAAAAAAA", "hcid.onmicrosoft.com", undefined)
2022/10/19 19:04:03.516: TRACE exchangetest(): result = addOffice365DistributionGroupMember(sessionO365, "exampletestgroup", "testuser@identityautomation.com")
2022/10/19 19:04:03.972: ERROR addOffice365Member():  HTTP Status: 500 Internal Server Error
{"message":"ExB6FAB5|Microsoft.Exchange.Configuration.Tasks.OperationRequiresGroupManagerException|You don't have sufficient permissions. This operation can only be performed by a manager of the group.","source":"idautoExchangeAdminWS.base","exception":"idautoExchangeAdminWS.ExchangeException: ExB6FAB5|Microsoft.Exchange.Configuration.Tasks.OperationRequiresGroupManagerException|You don't have sufficient permissions. This operation can only be performed by a manager of the group.\r\n   at idautoExchangeAdminWS.ExchangeSessionManager.withSession(String sessionKey, WithSessionTask task)\r\n   at idautoExchangeAdminWS.ExchangeModule.<.ctor>b__1_13(Object parameters)\r\n   at Nancy.Routing.Route.<>c__DisplayClass15_0.<Wrap>b__0(Object parameters, CancellationToken context)"}2022/10/19 19:04:03.972: TRACE exchangetest():     ==>  false
Completed.

This issue only occurs in with RapidIdentity Cloud tenant where the openOffice365Connection has been configured to use an application id and certificate thumbprint for authentication,

Resolution
If you are experiencing this issue please download and Install RapidIdentity Exchange Agent version 2022.7.15.1 and follow the RapidIdentity Exchange Agent Install Guide found here.

After updating the RapidIdentity Exchange Agent to version 2022.7.15.1, the addDistributionGroupMember function should add members to the Mail-enabled security‎ group without issue.

Additional Information

The following Microsoft documentation provides some insight into the issue:

Insufficient Permissions Moving or Changing Distribution Groups

The cause of the issue is that the user can’t add members using add-distributiongroupmember when they are not the owner of the group see the following documentation:

add-DistributionGroupMember


Was this article helpful?