Create Group

Creates a new group in Azure Active Directory.

Common Properties

• Name - The custom name of the node.
• Color - The custom color of the node.
• Delay Before (sec) - Waits in seconds before executing the node.
• Delay After (sec) - Waits in seconds after executing node.
• Continue On Error - Automation will continue regardless of any error. The default value is false.

info

If ContinueOnError property is true, no error is caught when the project is executed even if Catch node is used.

Inputs

• Access Id - The access ID from the Connect node. Optional if using direct credentials.
• Group Properties (JSON) - A JSON object containing the group properties. This is configured in the node editor with C# syntax.

Required Group Properties

The following properties are required when creating a group:

{
  "description": "Group description",
  "displayName": "My Group Name",
  "groupTypes": ["Unified"],
  "mailEnabled": true,
  "mailNickname": "mygroup",
  "securityEnabled": false
}

Group Types

• Security Group - For access control and permissions

  {
    "groupTypes": [],
    "mailEnabled": false,
    "securityEnabled": true
  }

• Microsoft 365 Group (Unified) - For collaboration with email, files, and calendar

  {
    "groupTypes": ["Unified"],
    "mailEnabled": true,
    "securityEnabled": false
  }

• Distribution Group - For email distribution lists

  {
    "groupTypes": [],
    "mailEnabled": true,
    "securityEnabled": false
  }

• Mail-enabled Security Group - Security group with email capabilities

  {
    "groupTypes": [],
    "mailEnabled": true,
    "securityEnabled": true
  }

Options

Direct Credentials (optional - alternative to using Connect node):

• Tenant Id - Azure AD tenant ID (optional if using Access ID)
• Client Id - Azure AD application client ID (optional if using Access ID)
• Client Secret - Azure AD application client secret credential (optional if using Access ID)

Output

• Result - Created group object containing group information including:
  • id - The unique group ID (object ID)
  • displayName - The group's display name
  • mailNickname - The group's email nickname
  • All other properties set during creation

How It Works

The Create Group node:

1. Authenticates using either the access ID or direct credentials
2. Sends a POST request to Microsoft Graph API with group properties
3. Azure AD creates the group
4. Returns the complete group object including the generated group ID

The group is created immediately and can be used right away for member assignments and access control.

Examples

Create Security Group

Create a security group for access control:

// Using Connect node
access_id = message.access_id

// Group properties:
{
    "description": "Engineering department security group",
    "displayName": "Engineering Team",
    "groupTypes": [],
    "mailEnabled": false,
    "mailNickname": "engineering",
    "securityEnabled": true
}

// Output
result = {
    "id": "12345678-1234-1234-1234-123456789012",
    "displayName": "Engineering Team",
    "mailNickname": "engineering",
    ...
}

Create Microsoft 365 Group

Create a unified group for team collaboration:

// Group properties:
{
    "description": "Project Alpha collaboration space",
    "displayName": "Project Alpha",
    "groupTypes": ["Unified"],
    "mailEnabled": true,
    "mailNickname": "projectalpha",
    "securityEnabled": false
}

Create Distribution Group

Create an email distribution list:

// Group properties:
{
    "description": "Marketing announcements distribution list",
    "displayName": "Marketing Announcements",
    "groupTypes": [],
    "mailEnabled": true,
    "mailNickname": "marketing-announcements",
    "securityEnabled": false
}

Bulk Group Creation

Create multiple groups from a data source:

// Department groups data
departments = [
    {name: "Sales", desc: "Sales team members"},
    {name: "Marketing", desc: "Marketing team members"},
    {name: "Engineering", desc: "Engineering team members"}
]

// Loop through departments
for (dept of departments) {
    // Create Group node
    // Group properties:
    {
        "description": dept.desc,
        "displayName": dept.name + " Department",
        "groupTypes": [],
        "mailEnabled": false,
        "mailNickname": dept.name.toLowerCase(),
        "securityEnabled": true
    }

    // Store group ID for later use
    groupIds[dept.name] = result.id
}

Create Mail-enabled Security Group

Create a security group that also has an email address:

// Group properties:
{
    "description": "Managers security group with email capabilities",
    "displayName": "Managers",
    "groupTypes": [],
    "mailEnabled": true,
    "mailNickname": "managers",
    "securityEnabled": true
}

Tips for Effective Use

• Naming convention: Use consistent naming for displayName and mailNickname
• Unique mailNickname: Each group must have a unique mailNickname
• Group type selection: Choose the appropriate group type for your use case
• Descriptive names: Use clear descriptions to explain the group's purpose
• Error handling: Use Try-Catch to handle duplicate group errors
• Store group IDs: Save the returned group ID for adding members later
• Security vs M365: Use security groups for permissions, M365 groups for collaboration
• Bulk operations: Add delays between bulk group creations

Common Errors and Solutions

"Response Status is not OK - Group already exists"

Cause: A group with the same displayName or mailNickname already exists.

Solution:

• Check if group exists using Get Group before creating
• Use unique displayName and mailNickname values
• Consider updating the existing group instead

"Invalid mailNickname format"

Cause: mailNickname contains invalid characters.

Solution:

• Use only alphanumeric characters and hyphens
• Don't use spaces or special characters
• Keep it lowercase

// Valid mailNickname
"mailNickname": "my-group"
"mailNickname": "engineering2024"

// Invalid mailNickname
"mailNickname": "my group"  // Contains space
"mailNickname": "my.group"  // Contains period

"Invalid groupTypes configuration"

Cause: Invalid combination of groupTypes, mailEnabled, and securityEnabled.

Solution: Use valid combinations:

// Security group
"groupTypes": [], "mailEnabled": false, "securityEnabled": true

// M365 group
"groupTypes": ["Unified"], "mailEnabled": true, "securityEnabled": false

// Distribution group
"groupTypes": [], "mailEnabled": true, "securityEnabled": false

"Either Client Secret with Tenant ID and Client ID, or Access ID must be provided"

Cause: Neither access ID nor complete credentials were provided.

Solution:

// Option 1: Use Connect node
access_id = message.access_id

// Option 2: Provide all credentials
tenant_id = "your-tenant-id"
client_id = "your-client-id"
// Set Client Secret option from vault

Best Practices

1. Standardized naming: Use consistent naming conventions across all groups
2. Detailed descriptions: Provide clear descriptions for group purposes
3. Appropriate types: Choose the right group type for your use case
4. Error handling: Always use Try-Catch blocks when creating groups
5. Validation: Validate input data before attempting group creation
6. Audit logging: Log group creation activities for compliance
7. Throttling: Add delays when creating multiple groups in succession
8. Testing: Test group creation in development before production
9. Documentation: Document group creation process and naming standards
10. Cleanup: Have a process to handle and cleanup failed group creations

Related Nodes

• Connect - Establish Azure AD connection
• Get Group - Retrieve group information
• Update Group - Update group properties
• Delete Group - Delete groups
• Add User To Group - Add members to groups
• List Group Members - List group members
• List All Groups - List all groups