New-AzureADMSGroup
: Error occurred while executing NewMSGroup
Code:
Request_BadRequest
Message:
Another object with the same value for property mailNickname already exists.
To this point, I haven't worked with O365 groups very much (or at all), so it was an interesting problem to dig into.
Since the error mentions the 'mailNickname' attribute and I know that's an attribute of the O365 group, it was pretty obvious that the group was still out there somewhere, interfering with the creation of the new group. So, it seemed obvious that the group was only soft-deleted. I just had to figure out how to find it and delete it permanently.
And before anyone points it out, yes, I know that we could have just restored the old group - and that's probably what we should have done. But part of me was curious to confirm that getting rid of the old group would eliminate the error we were getting when we tries to create the new group.
Initially, I was unable to locate the deleted group in the Azure AD portal. All of the team names start with "FLD", and while searching for that string did reveal some deleted groups, the one I was looking for was not among them. Nor was it among the active groups (had to check). Hmmm.
After a bit of googling, I learned of the Get-AzureADMSDeletedGroup command, part of the AzureAD powershell module. That command, with no arguments, returns a list of all soft-deleted groups, and it was on that list that I found my missing group. The default output of Get-AzureADMSDeletedGroup shows the Id, DisplayName, and Description of the group, and this is when I discovered that my colleague had not been consistent with our O365 team group naming. I happened to find the group I was looking for by looking for the unique number in the name. While the object name (which was not in the output from Get-AzureADMSDeletedGroup) may have started with "FLD", the DisplayName did not. But both the name and the DisplayName had that same unique number, which allowed me to locate the group, which also revealed that he DisplayName started with "District", not the expected "FLD".
At this point, I could have deleted the group by using the Remove-AzureADMSDeletedDirectoryObject command, which takes the group's unique ID string. However, now that I located the group in powershell, I wanted to find it in the Azure AD console, too. Based on what I saw in powershell, I searched the deleted groups using "District", and there it was! Right there in the Azure console, I selected the group and permanently deleted it.
Switching back to powershell, I again tried to pull up the details of the group, but this time that failed because the object had been deleted. So then I entered the command that my colleague had tried to run, to recreate the group, and that also succeeded. Problem solved.
New-AzureADMSGroup `
-DisplayName "FLD DIST 0806" `
-Description "District 0806 (dynamic)" `
-MailEnabled $True `
-SecurityEnabled $True `
-MailNickname "FLDDIST0806DYN" `
-GroupTypes "DynamicMembership", "Unified" `
-MembershipRule "(User.extensionAttribute13 -eq ""0806"")" `
-MembershipRuleProcessingState "On" `
-Visibility "Private"
Bye.
No comments:
Post a Comment