If you try to add (or Remove) member(s) to a mail-enabled security group in Exchange Admin Console or Shell, you will hit a wall with this error.
You don't have sufficient permissions. This operation can only be performed by a manager of the group. + CategoryInfo : NotSpecified: (:) [Add-DistributionGroupMember], OperationRequiresGroupManagerException + FullyQualifiedErrorId : [Server=LV-EXCH04,RequestId=dba1bbc1-125a-4dcf-ac18-5db54f0c4a70,TimeStamp=5/21/2019 4:39:26 AM] [FailureCategory=Cmdlet-OperationRequiresGroupManagerException] 9175D35D,Microsoft.Exchange.Management.RecipientTasks.AddDistributionGroupMember + PSComputerName : exchsvr.company.com
So, What the hell this means? This simply means manage your damn security group members in Active Directory.
Obviously, you can open Active Directory Users and Computers or Admin Center to add a member easily. But you if you are writing a PowerShell script, how do you do it?
To add an User or group, use Add-ADGroupMember -Identity <GroupName> -Members <User1>,<Group1>
But I needed to add a mail contact to the mail-enabled security group. I found Add-ADGroupMember doesn’t work to add Contacts. This how you can do it.
#Get LDAP path of the mail-enabled group $MailEnabledSecurityGroup = "LDAP://" + (Get-OPDistributionGroup "MyADSecurityGroup").distinguishedName #Get LDAP path of the mail contact $MailContact = "LDAP://" + (Get-Contact $RoutingAlias).distinguishedName #Open ADSI connection $ADGroup = [ADSI] $MailEnabledSecurityGroup #Add the contact as member $ADGroup.Add($MailContact) #Ta..Da..!! It's done.