PowerShell Script to Find All Active Directory Groups in SharePoint

Requirement: Get the list of All AD Security groups used in SharePoint sites. We need to generate a report on AD groups used in a SharePoint web application.

PowerShell script to find AD Groups in SharePoint:

Here is my PowerShell script to find and export Active Directory groups on all SharePoint sites in the given web application.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Change to your web application
$WebAppURL = "https://intranet.crescent.com" 

#Get Web Application
$WebApp = Get-SPWebApplication $WebAppURL

#variable for data collection
$ADGroupCollection= @()
$ReportPath ="C:\ADGroups.csv" 

foreach ($Site in $WebApp.Sites)
{
    Write-host -foregroundcolor green "Processing Site Collection: "$site.RootWeb.URL
    
    #Get all AD Security Groups from the site collection
    $ADGroups = Get-SPUser -Web $Site.Url -Limit ALL | Where { $_.IsDomainGroup -and $_.displayName -ne "Everyone" }

    #Iterate through each AD Group
    ForEach($Group in $ADGroups)
    {
            Write-host "Found AD Group:" $Group.DisplayName

            #Get Direct Permissions
            $Permissions = $Group.Roles | Where { $_.Name -ne "Limited Access" } | Select -ExpandProperty Name

            #Get SharePoint User Groups where the AD group is a member
            $SiteGroups = $Group.Groups | Select -ExpandProperty Name

            #Send Data to an object array
            $ADGroup = new-object psobject
            $ADGroup | add-member noteproperty -name "Site Collection" -value $Site.RootWeb.Title
            $ADGroup | add-member noteproperty -name "URL" -value $Site.Url
            $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName
            $ADGroup | add-member noteproperty -name "Direct Permissions" -value ($Permissions -join ",")
            $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($SiteGroups -join ",")
            #Add to Array
            $ADGroupCollection+=$ADGroup           
    } 
}
#Export Data to CSV
$ADGroupCollection | export-csv $ReportPath -notypeinformation
Write-host "SharePoint Security Groups data exported to a CSV file at:"$ReportPath -ForegroundColor Cyan  

This script generates a CSV file report with output:

  • Site collection Name and URL
  • Active Directory group name
  • Permissions applied to the AD group either by direct permission level or via SharePoint groups.

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. Passionate about sharing the deep technical knowledge and experience to help others, through the real-world articles!

17 thoughts on “PowerShell Script to Find All Active Directory Groups in SharePoint

  • I keep getting an error “Get-SPWebapplication : The term ‘Get-SPWebapplication’ is not recognized as the name of a cmdlet”.

    Reply
  • THanks! saved me a lot of time!

    Reply
  • can any one help me with powershell script to get a specific security group from all site collections in sharepoint online

    Reply
  • What should be the script for MOSS 2007

    Reply
  • I am getting only limited groups alphabetically till C. How can i get all the groups?

    Reply
  • HI, is it possible to have a version of this for SharePoint Online?

    Reply
  • How to get the list with ad login name and not display name.i tried with login name property but there is no property ad such.please help.

    Reply
  • Hey Thanks Mate, this script really help me out.

    Reply
  • Hi

    I have issue with check permissions in SharePoint 2013 and i am unable to see user added ad groups.

    Can you please help me on this.

    Thank’s
    Abdul

    Reply
  • Hello, this script does not seems to loop site collection that has subsites.

    how do i do that ?

    Reply
    • No need to loop into subsites, because user accounts are stored at site collection level, even though subsite uses unique permissions.

      Reply
    • We have a site called /home/Dev and two subsite /home/dev/prop and /home/dev/health

      we give additional permissions to subsites that is different than than the main site. The script is able to pull the AD groups that i am using of the subsites but somehow says that the permissions is for the main site and does not pull the permissions. The direct permissions stays blank

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *