PowerShell Script to Find All Active Directory Groups in SharePoint

Requirement: Get the list of All AD Security groups used in SharePoint sites. We need to generate a report on AD groups that are being used in a SharePoint web application.

PowerShell script to find AD Groups in SharePoint:
Here is my PowerShell script to find and export Active Directory groups on all SharePoint sites with in the given web application.
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Change to your web application
$WebAppURL = "http://intranet.crescent.com" 

#Get Web Application
$WebApp = Get-SPWebApplication $WebAppURL

#variable for data collection
$ADGroupCollection= @()
$ReportPath ="C:\ADGroups.csv" 

foreach ($Site in $WebApp.Sites)
    Write-host -foregroundcolor green "Processing Site Collection: "$site.RootWeb.URL
    #Get all AD Security Groups from the site collection
    $ADGroups = Get-SPUser -Web $Site.Url -Limit ALL | Where { $_.IsDomainGroup -and $_.displayName -ne "Everyone" }

    #Iterate through each AD Group
    foreach($Group in $ADGroups)
            Write-host "Found AD Group:" $Group.DisplayName

            #Get Direct Permissions
            $Permissions = $Group.Roles | Where { $_.Name -ne "Limited Access" } | Select -ExpandProperty Name

            #Get SharePoint User Groups where the AD group is a member
            $SiteGroups = $Group.Groups | Select -ExpandProperty Name

            #Send Data to an object array
            $ADGroup = new-object psobject
            $ADGroup | add-member noteproperty -name "Site Collection" -value $Site.RootWeb.Title
            $ADGroup | add-member noteproperty -name "URL" -value $Site.Url
            $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName
            $ADGroup | add-member noteproperty -name "Direct Permissions" -value ($Permissions -join ",")
            $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($SiteGroups -join ",")
            #Add to Array
    #Export Data to CSV
    $ADGroupCollection | export-csv $ReportPath -notypeinformation
    Write-host "SharePoint Security Groups data exported to a CSV file at:"$ReportPath -ForegroundColor Cyan
This script generates a CSV file report with output:
  • Site collection Name and URL
  • Active Directory group name
  • Permissions applied to the AD group either by direct permission level or via SharePoint groups.


  1. Hello, this script does not seems to loop site collection that has subsites.

    how do i do that ?

    1. No need to loop into subsites, because user accounts are stored at site collection level, even though subsite uses unique permissions.

    2. We have a site called /home/Dev and two subsite /home/dev/prop and /home/dev/health

      we give additional permissions to subsites that is different than than the main site. The script is able to pull the AD groups that i am using of the subsites but somehow says that the permissions is for the main site and does not pull the permissions. The direct permissions stays blank

  2. Hi

    I have issue with check permissions in SharePoint 2013 and i am unable to see user added ad groups.

    Can you please help me on this.


  3. Hey Thanks Mate, this script really help me out.

  4. How to get the list with ad login name and not display name.i tried with login name property but there is no property ad such.please help.

  5. HI, is it possible to have a version of this for SharePoint Online?

  6. I am getting only limited groups alphabetically till C. How can i get all the groups?

  7. What should be the script for MOSS 2007

  8. can any one help me with powershell script to get a specific security group from all site collections in sharepoint online

  9. THanks! saved me a lot of time!


Please Login and comment to get your questions answered!

Powered by Blogger.