Sunday, February 8, 2015

Convert Active Directory Group to SharePoint Group using PowerShell

Requirement: Convert Active Directory Group into SharePoint Group!

Solution: Managing SharePoint users at Active Directory Security group and within SharePoint has its own advantages and disadvantages too. Now, our requirement is to migrate from AD group to SharePoint group. So, Lets use PowerShell to convert Active directory security group to SharePoint group. Here is my script:

#Import Active directory & SharePoint PowerShell modules
Import-Module ActiveDirectory
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Variables for processing
$ADGroupName="SP13 Authors"
$SPGroupName="Content Authors"
$PermissionLevel="Full Control" #Permission to SPGroup
$Domain="Crescent" #AD Domain

#Get the Site collection's Root Web
$web = Get-SPWeb $SiteURL

#Check if Group Exists already
 if ($web.SiteGroups[$SPGroupName] -ne $null)  
  write-Host "Group Name Already in the site!!" -ForegroundColor Red 
  #Create New SharePoint Group
  $SPGroup = $web.SiteGroups.Add($SPGroupName, $web.Site.Owner, $web.Site.Owner, $null)
  #Get the newly created group and assign permission to it
  $SPGroup = $web.SiteGroups[$SPGroupName]  
  $RoleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($SPGroup)  
  $RoleDefinition = $web.RoleDefinitions[$PermissionLevel]  
  Write-Host "New Group $SPGroupName has been created!" 
  #Get Members of AD Group
  $ADGroupMembers = Get-ADGroupMember -Identity $ADGroupName | Select-Object -ExpandProperty SamAccountName    
  Write-host "Total Users Found in the AD Group:"$ADGroupMembers.Count

  #Add Members to SPGroup from ADGroup
  $ADGroupMembers | ForEach-Object {
   #Convert to Domain\User format
   $UserID =  "$Domain\$_" 
   #Get Claims ID. E.g. Domain\User to i:0#.w|Domain\User
          $UserClaimsID = (New-SPClaimsPrincipal -identity $UserID -IdentityType "WindowsSamAccountName").ToEncodedString() 
          $SPGroup.Users.Add($UserClaimsID,"", "", "") 
   Write-host "User Added from AD Group to SharePoint Group:" $UserClaimsID

Active Directory PowerShell Module:
You need to have "Active Directory module for Windows PowerShell" in Windows Server 2008/2012 member servers. Use this PowerShell cmdlet to add this feature:
Add-WindowsFeature RSAT-AD-PowerShell 
Alternatively, you can Go to: Server Manager >> Add Roles and Features >> Choose "Active Directory Module for Windows PowerShell" under Remote Server Administration Tools.
Convert Active Directory Group to SharePoint Group using PowerShell

You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.

Check out these SharePoint products:

No comments :

Post a Comment

Please Login and comment to get your questions answered!

You might also like:

Related Posts Plugin for WordPress, Blogger...