'Adding users to Exchange admin role groups via API?

Is it possible to add users/members to Exchange admin role groups via an API? The equivalent PowerShell cmdlet would be Add-RoleGroupMember and the specific group I wish to add to is View-only Organization Management.

Microsoft Graph has an endpoint to add to directory roles, however I can't seem to find a "View-only Organization Management" group listed in my tenant's DirectoryRoles or DirectoryRoleTemplates, so I suspect MS Graph hasn't got access to these Exchange role groups. Poking around the Outlook API has not revealed much in the form of user/member functions either.

Extra info added from further poking around

I ran this PowerShell cmdlet:

Add-RoleGroupMember -identity "View-only Organization Management" -member "[email protected]"

Then ran:

Get-RoleGroupMember -identity "View-Only Organization Management"

To confirm that the user was in fact added to it. I then ran the following MS Graph call:

GET https://graph.microsoft.com/v1.0/users/[email protected]/memberOf

And it returned zip:

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
  "value": []
}

So it looks like this particular View-only Organization Management roleGroup is not accessible via MS Graph? Are there any other APIs that would allow me to add to this roleGroup?

outlookoffice365microsoft-graph-apiazure-ad-graph-apioutlook-api


Solution 1:[1]

So https://graph.microsoft.com/v1.0/directoryRoleTemplates lists the available out-of-the-box "Directory" roles that you can set. I put Directory in quotes, because these roles do include Exchange, SharePoint and Skype service admins (as well as other roles). The thing to note here is that only the "implicit" user role and the Company Administrator role are available from the get go. The others need to be enabled/activated if you want them to show up and use them. This is described here: https://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/directoryrole. Once you've activated the "Exchange Service Admin" role, you should be able to assign users to this role using https://graph.microsoft.io/en-us/docs/api-reference/v1.0/api/directoryrole_post_members.

If you are looking to use Azure AD PowerShell, this capability is ALSO available. You can find info here for V2 Azure AD PowerShell https://docs.microsoft.com/en-us/powershell/azuread/v2/azureactivedirectory. In the search type "DirectoryRole" and you'll find all the DirectoryRole cmdlets.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 TylerH

Related Questions

Retrieving custom property value from received mail using GetProperty (which was set using SetProperty in Outlook VBA)

Creating .ICS files, adding to outlook

Set Outlook MailItem as read or suppress_receipt in PR_MESSAGE_FLAGS

How to add icons to emails in Outllook?

Including Pictures in an Outlook Email

How can I get task-specific properties from a MailItem

How can I get task-specific properties from a MailItem

get attachment id from redemption or RDO MAil

Delete a mailitem permanently in outlook

How to invoke a method with (Outlook.Application application) as parameter in C#?

Outlook 2010 GAL with Excel VBA

How to get SMTP address for exchange user quickly?

Can I Access Outlook Add-Ins Through Outlook.Application in my Code?

Outlook 2010 - assign fullsized pictures on a contact card - HOW?

Connect Office 365 use POP3 - PHP