Sunday, November 9, 2014

PowerShell Script to Find All Active Directory Groups in SharePoint

Requirement: Get the list of All AD Security groups used in SharePoint sites. We need to generate a report on AD groups that are being used in a SharePoint web application.

PowerShell script to find AD Groups in SharePoint:
Here is my PowerShell script to find and export Active Directory groups on all SharePoint sites with in the given web application.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Change to your web application
$WebAppURL = "http://intranet.crescent.com" 

#Get Web Application
$WebApp = Get-SPWebApplication $WebAppURL

#variable for data collection
$ADGroupCollection= @()
$ReportPath ="C:\ADGroups.csv" 

foreach ($Site in $WebApp.Sites)
{
    Write-host -foregroundcolor green "Processing Site Collection: "$site.RootWeb.URL
    
    #Get all AD Security Groups from the site collection
    $ADGroups = Get-SPUser -Web $Site.Url | Where { $_.IsDomainGroup -and $_.displayName -ne "Everyone" }

    #Iterate through each AD Group
    foreach($Group in $ADGroups)
    {
            Write-host "Found AD Group:" $Group.DisplayName

            #Get Direct Permissions
            $Permissions = $Group.Roles | Where { $_.Name -ne "Limited Access" } | Select -ExpandProperty Name

            #Get SharePoint User Groups where the AD group is member of.
            $SiteGroups = $Group.Groups | Select -ExpandProperty Name

            #Send Data to an object array
            $ADGroup = new-object psobject
            $ADGroup | add-member noteproperty -name "Site Collection" -value $Site.RootWeb.Title
            $ADGroup | add-member noteproperty -name "URL" -value $Site.Url
            $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName
            $ADGroup | add-member noteproperty -name "Direct Permissions" -value ($Permissions -join ",")
            $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($SiteGroups -join ",")
            #Add to Array
            $ADGroupCollection+=$ADGroup           
    } 
}
    #Export Data to CSV
    $ADGroupCollection | export-csv $ReportPath -notypeinformation
    Write-host "SharePoint Security Groups data exported to a CSV file at:"$ReportPath -ForegroundColor Cyan
  
This script generates a CSV file report with output:
  • Site collection Name and URL
  • Active Directory group name
  • Permissions applied to the AD group either by direct permission level or via SharePoint groups.



You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.
*Sponsored


Check out these SharePoint products:

3 comments :

  1. Hello, this script does not seems to loop site collection that has subsites.

    how do i do that ?

    ReplyDelete
    Replies
    1. No need to loop into subsites, because user accounts are stored at site collection level, even though subsite uses unique permissions.

      Delete
    2. We have a site called /home/Dev and two subsite /home/dev/prop and /home/dev/health

      we give additional permissions to subsites that is different than than the main site. The script is able to pull the AD groups that i am using of the subsites but somehow says that the permissions is for the main site and does not pull the permissions. The direct permissions stays blank

      Delete

Please Login and comment to get your questions answered!

You might also like:

Related Posts Plugin for WordPress, Blogger...