How to fix “Failed to get group accounts sids of a user” when connecting to EXO remote PowerShell.

  • Article

In an Exchange Hybrid environment where user accounts are on-premises and mailboxes are in Office 365. You have confirmed that you do have administrator rights and was able to connect to EXO remote PowerShell before.

Problem:

You are getting an error message “Failed to get group accounts sids of a user…” when trying to connect to Exchange Online Remote PowerShell. While remote PowerShell connection to MSOL service is working correctly.

11

Some other Exchange Online administrators might also have the same issue since they belong to similar groups.

If you provision a new admin in Office 365 with (UPN: admin@contoso.onmicrosoft.com), the new admin can successfully connect to EXO remote PowerShell.

If you provision a new synced admin account in Office 365 (on-premises user with Office 365 mailbox) and the newly created admin can successfully connect to EXO remote PowerShell.

Causes:

If you belong to many groups, one of the groups you belong to prevents you from being able to successfully connect to EXO remote PowerShell. The sample screenshot below will show all the groups you are a member of.

12

To confirm one of the groups is causing this issue, you can add all the groups you are a member of to the new synced admin account you created earlier. Then force a delta sync to Office 365.

If you try to connect to EXO remote PowerShell with the new synced admin account, you should receive the similar error message.

Solution:

To fix the issue above, please remove all groups you are a member of except “Domain Admins” or “Domain Users” and then force a delta sync with Office 365. You should now be able to connect to EXO remote PowerShell successfully. You can try adding all the groups back to your account (one at a time and then force a delta sync and then connect to EXO remote PowerShell) until you are able to find a problematic group you are a member of.

You may choose to re-create a new group or further investigate to see if the problematic group contains many other nested groups that might cause the issue.