PowerShell Script to Find All Active Directory Groups in SharePoint
Requirement: Get the list of All AD Security groups used in SharePoint sites. We need to generate a report on AD groups used in a SharePoint web application.
PowerShell script to find AD Groups in SharePoint:
Here is my PowerShell script to find and export Active Directory groups on all SharePoint sites in the given web application.
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Change to your web application
$WebAppURL = "https://intranet.crescent.com"
#Get Web Application
$WebApp = Get-SPWebApplication $WebAppURL
#variable for data collection
$ADGroupCollection= @()
$ReportPath ="C:\ADGroups.csv"
foreach ($Site in $WebApp.Sites)
{
Write-host -foregroundcolor green "Processing Site Collection: "$site.RootWeb.URL
#Get all AD Security Groups from the site collection
$ADGroups = Get-SPUser -Web $Site.Url -Limit ALL | Where { $_.IsDomainGroup -and $_.displayName -ne "Everyone" }
#Iterate through each AD Group
ForEach($Group in $ADGroups)
{
Write-host "Found AD Group:" $Group.DisplayName
#Get Direct Permissions
$Permissions = $Group.Roles | Where { $_.Name -ne "Limited Access" } | Select -ExpandProperty Name
#Get SharePoint User Groups where the AD group is a member
$SiteGroups = $Group.Groups | Select -ExpandProperty Name
#Send Data to an object array
$ADGroup = new-object psobject
$ADGroup | add-member noteproperty -name "Site Collection" -value $Site.RootWeb.Title
$ADGroup | add-member noteproperty -name "URL" -value $Site.Url
$ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName
$ADGroup | add-member noteproperty -name "Direct Permissions" -value ($Permissions -join ",")
$ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($SiteGroups -join ",")
#Add to Array
$ADGroupCollection+=$ADGroup
}
}
#Export Data to CSV
$ADGroupCollection | export-csv $ReportPath -notypeinformation
Write-host "SharePoint Security Groups data exported to a CSV file at:"$ReportPath -ForegroundColor Cyan
This script generates a CSV file report with output:
- Site collection Name and URL
- Active Directory group name
- Permissions applied to the AD group either by direct permission level or via SharePoint groups.
I keep getting an error “Get-SPWebapplication : The term ‘Get-SPWebapplication’ is not recognized as the name of a cmdlet”.
You must run this script from a server where SharePoint is installed!
THanks! saved me a lot of time!
can any one help me with powershell script to get a specific security group from all site collections in sharepoint online
Here you go: Find All Active Directory Security Groups in SharePoint Online
What should be the script for MOSS 2007
Refer this post How to use PowerShell in MOSS 2007?
I am getting only limited groups alphabetically till C. How can i get all the groups?
With Get-SPUser add a switch -Limit ALL
HI, is it possible to have a version of this for SharePoint Online?
Yes, Here you go: SharePoint Online: Find All Active Directory Groups in a Site Collection
How to get the list with ad login name and not display name.i tried with login name property but there is no property ad such.please help.
Hey Thanks Mate, this script really help me out.
Hi
I have issue with check permissions in SharePoint 2013 and i am unable to see user added ad groups.
Can you please help me on this.
Thank’s
Abdul
Hello, this script does not seems to loop site collection that has subsites.
how do i do that ?
No need to loop into subsites, because user accounts are stored at site collection level, even though subsite uses unique permissions.
We have a site called /home/Dev and two subsite /home/dev/prop and /home/dev/health
we give additional permissions to subsites that is different than than the main site. The script is able to pull the AD groups that i am using of the subsites but somehow says that the permissions is for the main site and does not pull the permissions. The direct permissions stays blank