Set-Group

 

Applies to: Exchange Online, Exchange Server 2016

This cmdlet is available in on-premises Exchange Server 2016 and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.

Use the Set-Group cmdlet to modify group object settings. If the group is a mail-enabled security group or a distribution group, you can use the Set-DistributionGroup cmdlet to modify other Microsoft Exchange settings that aren't available by using the Set-Group cmdlet.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Set-Group -Identity <GroupIdParameter> <COMMON PARAMETERS>
Set-Group -Identity <GroupIdParameter> [-Universal <SwitchParameter>] <COMMON PARAMETERS>
COMMON PARAMETERS: [-BypassSecurityGroupManagerCheck <SwitchParameter>] [-Confirm [<SwitchParameter>]] [-DisplayName <String>] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-IsHierarchicalGroup <$true | $false>] [-ManagedBy <GeneralRecipientIdParameter[]>] [-Name <String>] [-Notes <String>] [-PhoneticDisplayName <String>] [-SeniorityIndex <Int32>] [-SimpleDisplayName <String>] [-WhatIf [<SwitchParameter>]] [-WindowsEmailAddress <SmtpAddress>]

This example applies the following changes to the existing global security group Legal Department:

  • Change the group's scope to universal.

  • Add a Notes parameter value of verified.

Set-Group -Identity "Legal Department" -Universal -Notes "verified"

This example specifies that the group Human Resources is a hierarchical group and will display last within its hierarchy because its index number is 1.

Set-Group -Identity "Human Resources" -IsHierarchicalGroup $true -SeniorityIndex 1

You can't use the Set-Group cmdlet to modify dynamic distribution groups. To modify dynamic distribution groups, use the Set-DynamicDistributionGroup cmdlet.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Distribution groups" entry in the Recipients Permissions topic.

 

Parameter Required Type Description

Identity

Required

Microsoft.Exchange.Configuration.Tasks.GroupIdParameter

The Identity parameter specifies the group that you want to modify. You can use any value that uniquely identifies the group.

For example:

  • Name

  • Display name

  • Distinguished name (DN)

  • Canonical DN

  • GUID

BypassSecurityGroupManagerCheck

Optional

System.Management.Automation.SwitchParameter

The BypassSecurityGroupManagerCheck switch specifies whether to allow a user who isn't an owner of the group to modify or delete the group. If you aren't defined in the ManagedBy property of the group, you need to use this switch in commands that modify or delete the group. To use this switch, your account requires specific permissions based on the group type:

  • Distribution groups or mail-enabled security groups   You need to be a member of the Organization Management role group or have the Security Group Creation and Membership role assigned.

  • Role groups   You need to be a member of the Organization Management role group or have the Role Management role assigned.

You don't need to specify a value with this switch.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.

  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.

DisplayName

Optional

System.String

The DisplayName parameter specifies the display name of the group. The display name is visible in the Exchange admin center and in address lists. The maximum length is 256 characters. If the value contains spaces, enclose the value in quotation marks (").

This parameter is meaningful only if the group is mail-enabled.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

This parameter is available only in on-premises Exchange 2016.

The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com.

The DomainController parameter isn't supported on Edge Transport servers. An Edge Transport server uses the local instance of Active Directory Lightweight Directory Services (AD LDS) to read and write data.

IgnoreDefaultScope

Optional

System.Management.Automation.SwitchParameter

This parameter is available only in on-premises Exchange 2016.

The IgnoreDefaultScope switch tells the command to ignore the default recipient scope setting for the Exchange Management Shell session, and to use the entire forest as the scope. This allows the command to access Active Directory objects that aren't currently available in the default scope.

Using the IgnoreDefaultScope switch introduces the following restrictions:

  • You can't use the DomainController parameter. The command uses an appropriate global catalog server automatically.

  • You can only use the DN for the Identity parameter. Other forms of identification, such as alias or GUID, aren't accepted.

IsHierarchicalGroup

Optional

System.Boolean

The IsHierarchicalGroup parameter specifies whether the group is part of a hierarchical address book. Valid values are $true or $false. The default value is $false.

ManagedBy

Optional

Microsoft.Exchange.Configuration.Tasks.GeneralRecipientIdParameter[]

The ManagedBy parameter specifies an owner for the group. A group must have at least one owner. If you don't use this parameter to specify the owner when you create the group, the user account that created the group is the owner. The group owner is able to:

  • Modify the properties of the group

  • Add or remove group members

  • Delete the group

  • Approve member depart or join requests (if available)

  • Approve messages sent to the group if moderation is enabled, but no moderators are specified.

The owner you specify for this parameter must be a mailbox, mail user or mail-enabled security group (a mail-enabled security principal that can have permissions assigned). You can use any value that uniquely identifies the owner. For example:

  • Name

  • Display name

  • Alias

  • Distinguished name (DN)

  • Canonical DN

  • <domain name>\<account name>

  • Email address

  • GUID

  • LegacyExchangeDN

  • SamAccountName

  • User ID or user principal name (UPN)

To enter multiple owners and overwrite all existing entries, use the following syntax: <owner1>,<owner2>.... If the values contain spaces or otherwise require quotation marks, you need to use the following syntax: "<owner1>","<owner2>"....

To add or remove owners without affecting other existing entries, use the following syntax: @{Add="<owner1>","<owner2>"...; Remove="<owner3>","<owner4>"...}.

An owner that you specify with this parameter isn't automatically a member of the group. You need to manually add the owner as a member.

Name

Optional

System.String

The Name parameter specifies the unique name of the group. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks (").

Notes

Optional

System.String

The Notes parameters specifies additional information about the object. If the value contains spaces, enclose the value in quotation marks (").

PhoneticDisplayName

Optional

System.String

The PhoneticDisplayName parameter specifies an alternate spelling of the user's name that's used for text to speech in Unified Messaging (UM) environments. Typically, you use this parameter when the pronunciation and spelling of the user's name don't match. The maximum length is 256 characters. If the value contains spaces, enclose the value in quotation marks (").

SeniorityIndex

Optional

System.Int32

The SeniorityIndex parameter specifies the order in which this group will display in a hierarchical address book. A group with a value of 2 will display higher in an address book than a group with a value of 1.

SimpleDisplayName

Optional

System.String

UNRESOLVED_TOKEN_VAL(PD_SimpleDisplayName)

This parameter is meaningful only if the group is mail-enabled.

Universal

Optional

System.Management.Automation.SwitchParameter

The Universal swtich changes the scope of the group from Global or DomainLocal to Universal. You don't need to specify a value with this switch.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.

WindowsEmailAddress

Optional

Microsoft.Exchange.Data.SmtpAddress

The WindowsEmailAddress parameter specifies the Windows email address for this recipient. This is a common Active Directory attribute that's present in all environments, including environments without Exchange. Using the WindowsEmailAddress parameter on a recipient has one of the following results:

  • In on-premises environments where the recipient is subject to email address policies (the EmailAddressPolicyEnabled property is set to the value True for the recipient), the WindowsEmailAddress parameter has no effect on the WindowsEmailAddress property or the primary email address value.

  • In cloud environments or in on-premises environments where the recipient isn't subject to email address policies (the EmailAddressPolicyEnabled property is set to the value False for the recipient), the WindowsEmailAddress parameter updates the WindowsEmailAddress property and the primary email address to the same value.

The WindowsEmailAddress property is visible for the recipient in Active Directory Users and Computers in the E-mail attribute. The attribute common name is E-mail-Addresses, and the Ldap-Display-Name is mail. If you modify this attribute in Active Directory, the recipient's primary email address is not updated to the same value.

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

 
Show: