Saturday, August 8, 2015

Create AD Security Group/Distribution List from All SharePoint Users of the Farm

Have you ever had to send out an E-mail to all SharePoint users of your SharePoint Farm? Ever wanted to create a global AD security group which comprises of all SharePoint users? Well, I'm sure, You will at some point of time. E.g. during scheduled maintenance, Grant access to a global site, etc. Your SharePoint farm may have multiple web applications with lot of users accessing it. We can't keep a AD group or distribution list in sync up to date with all SharePoint users, isn't it? But we can create a AD security group or distribution list on-demand which includes all users from the entire SharePoint farm. By this way, it will be more accurate and update.

The idea is: Loop through each web application-site-collection-site in SharePoint farm to retrieve and add members to a security group or distribution list in AD.

PowerShell script to Add All SharePoint Users to an AD Security Group:

Add-PSSnapin Microsoft.SharePoint.PowerShell –ErrorAction SilentlyContinue
Import-Module ActiveDirectory

$ADGroup="SP13 Authors" #Existing AD Security Group

#Get all Webs from Entire FARM
$WebsCollection = Get-SPWebApplication | Get-SPSite -Limit All | Get-SPWeb -Limit All

#Array to hold user data
$UserDataCollection = @() 

foreach($Web in $WebsCollection)
    #Get all users from web programmatically 
    $UsersColl = $Web.AllUsers  
    #Get all users E-mails
    foreach ($User in $UsersColl) 
        if( ($User.IsDomainGroup -eq $false) -and ($user.Email.ToString() -ne ""))
                $UserData = New-Object PSObject               
                $UserData | Add-Member -type NoteProperty -name "EmailID" -value $user.Email.ToString() 
                $UserDataCollection += $UserData
    #Remove duplicates
    $UserDataCollection = $UserDataCollection | sort-object -Property  {$_.EmailID } -Unique

    Write-host "Total Number of Unique Users found:"$UserDataCollection.Length
    #Export to CSV
    $UserDataCollection | Export-Csv -LiteralPath $ReportPath  -NoTypeInformation

 #Add each user to AD Group
 $UserDataCollection | ForEach-Object {
 #Get the user from Email id
 $UserEmail = $_.EmailID 
 $ADuser = Get-ADUser -filter { EmailAddress -eq $UserEmail }
 #Ignore Orphans
 if($ADuser -ne $null)
                #Add User to AD Aroup 
  Add-ADGroupMember -Identity $ADGroup -Members $ADuser
Run this script once. It will fetch and add all SharePoint users to the given AD group. To make it distribution list, Head on to AD, Find and locate the AD Group, Go to its properties, Assign an Email and change the Group type to "Distribution" if you need DL instead of Security group.

You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.

Check out these SharePoint products:

No comments :

Post a Comment

Please Login and comment to get your questions answered!

You might also like:

Related Posts Plugin for WordPress, Blogger...