Internal 500 Server Error after trying to Manage who can create Office 365 Groups

Author by Craig Jahnke

I came across an unexpected error after trying to manage who could create Office 365 Groups by using a Security group called “SharePoint Admins”

I followed the instructions here: https://support.office.com/en-us/article/manage-who-can-create-office-365-groups-4c46c8cb-17d0-44b5-9776-005fced8e618
and ran the PowerShell scripts needed:

Install-Module AzureADPreview
Connect-AzureAD
Get-AzureADGroup -SearchString "SharePoint Admins"
$Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'}
$Setting = $Template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $Setting
$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
$Setting["EnableGroupCreation"] = $False
$Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString "SharePoint Admins").objectid
Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting
(Get-AzureADDirectorySetting).Values

I tested it by trying to create a new Plan in Planner and by creating a new Team collaboration site in SharePoint.  In Planner I got a message that I couldn’t create a new Plan because the creation of Groups is restricted.  In the SharePoint app the +Create site button disappeared.  This is expected, so I thought “Awesome!”

When I added my test user as an member to the group, I could create a new plan in Planner (“Great!”), and the + Create site button showed back up in SharePoint (“Cool!”):

sharePoint login

But if I clicked + Create site, I received a pop up asking “Are you sure you want to leave?”

LeaveOrStay

If I clicked either Leave or Stay, I get prompted again, and eventually I end up with this “500 Internal Server Error”:

Network Error

The Global admins could still create them, so it must be some kind of permissions error that I didn’t know about.   I did some searching and found this post: https://techcommunity.microsoft.com/t5/SharePoint/SharePoint-Online-500-internal-server-error-while-creating/m-p/235998  One of the replies said that you had to add the person to the Site Collection Administrators permissions group in the root site collection of the tenants.  I did that::

Site Collection Admins.pngand it started working again!

TeamSite

Hope this helps!

Craig