Active Directory Admin Reports CSV PowerShell Security SharePoint SharePoint 2010 SharePoint 2013 SharePoint 2016 SharePoint Server 

PowerShell Script to Find All Active Directory Groups in SharePoint

Salaudeen Rajack 18 Comments

Requirement: Get the list of All AD Security groups used in SharePoint sites. We need to generate a report on AD groups used in a SharePoint web application.

PowerShell script to find AD Groups in SharePoint:

Here is my PowerShell script to find and export Active Directory groups on all SharePoint sites in the given web application.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Change to your web application
$WebAppURL = "https://intranet.crescent.com" 

#Get Web Application
$WebApp = Get-SPWebApplication $WebAppURL

#variable for data collection
$ADGroupCollection= @()
$ReportPath ="C:\ADGroups.csv" 

foreach ($Site in $WebApp.Sites)
{
    Write-host -foregroundcolor green "Processing Site Collection: "$site.RootWeb.URL
    
    #Get all AD Security Groups from the site collection
    $ADGroups = Get-SPUser -Web $Site.Url -Limit ALL | Where { $_.IsDomainGroup -and $_.displayName -ne "Everyone" }

    #Iterate through each AD Group
    ForEach($Group in $ADGroups)
    {
            Write-host "Found AD Group:" $Group.DisplayName

            #Get Direct Permissions
            $Permissions = $Group.Roles | Where { $_.Name -ne "Limited Access" } | Select -ExpandProperty Name

            #Get SharePoint User Groups where the AD group is a member
            $SiteGroups = $Group.Groups | Select -ExpandProperty Name

            #Send Data to an object array
            $ADGroup = new-object psobject
            $ADGroup | add-member noteproperty -name "Site Collection" -value $Site.RootWeb.Title
            $ADGroup | add-member noteproperty -name "URL" -value $Site.Url
            $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName
            $ADGroup | add-member noteproperty -name "Direct Permissions" -value ($Permissions -join ",")
            $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($SiteGroups -join ",")
            #Add to Array
            $ADGroupCollection+=$ADGroup           
    } 
}
#Export Data to CSV
$ADGroupCollection | export-csv $ReportPath -notypeinformation
Write-host "SharePoint Security Groups data exported to a CSV file at:"$ReportPath -ForegroundColor Cyan

This script generates a CSV file report with output:

  • Site collection Name and URL
  • Active Directory group name
  • Permissions applied to the AD group either by direct permission level or via SharePoint groups.

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

18 thoughts on “PowerShell Script to Find All Active Directory Groups in SharePoint

  • Do you have a script that will check an on-premise sharepoint site and show where AD Groups are added the various contents on the site and export the results out to a file

    Reply

  • I keep getting an error “Get-SPWebapplication : The term ‘Get-SPWebapplication’ is not recognized as the name of a cmdlet”.

    Reply

  • THanks! saved me a lot of time!

    Reply

  • can any one help me with powershell script to get a specific security group from all site collections in sharepoint online

    Reply

  • What should be the script for MOSS 2007

    Reply

  • I am getting only limited groups alphabetically till C. How can i get all the groups?

    Reply

  • HI, is it possible to have a version of this for SharePoint Online?

    Reply

  • How to get the list with ad login name and not display name.i tried with login name property but there is no property ad such.please help.

    Reply

  • Hey Thanks Mate, this script really help me out.

    Reply

  • Hi

    I have issue with check permissions in SharePoint 2013 and i am unable to see user added ad groups.

    Can you please help me on this.

    Thank’s
    Abdul

    Reply

  • Hello, this script does not seems to loop site collection that has subsites.

    how do i do that ?

    Reply

    • No need to loop into subsites, because user accounts are stored at site collection level, even though subsite uses unique permissions.

      Reply

    • We have a site called /home/Dev and two subsite /home/dev/prop and /home/dev/health

      we give additional permissions to subsites that is different than than the main site. The script is able to pull the AD groups that i am using of the subsites but somehow says that the permissions is for the main site and does not pull the permissions. The direct permissions stays blank

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *