SharePoint Online: Create Subsite with Unique Permissions using PowerShell

Requirement: Create a Subsite with Unique Permissions in SharePoint Online using PowerShell

Create Subsite with Unique permissions in SharePoint Online using PowerShell

#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Function to create a subsite with unique permissions
Function New-SPOSubsite($SiteTitle, $SiteURL, $SiteTemplate, $ParentSiteURL)
{
    #Setup Credentials to connect
    $Cred = Get-Credential
    $Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

    Try {
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($ParentSiteURL)
        $Ctx.Credentials = $Cred

        #Provide Subsite Parameters
        $WebCI = New-Object Microsoft.SharePoint.Client.WebCreationInformation
        $WebCI.Title = $SiteTitle
        $WebCI.WebTemplate = $SiteTemplate
        $WebCI.Url = $SiteURL
        $SubWeb = $Ctx.Web.Webs.Add($WebCI)
        $Ctx.ExecuteQuery()

        Write-host "Subsite Created Successfully!" -ForegroundColor Green

        #Break Inheritance
        $SubWeb.BreakRoleInheritance($False, $False)
        $SubWeb.Update()
        $Ctx.ExecuteQuery()
    }
    catch {
        write-host -f Red "Error:" $_.Exception.Message
    }
}

#Variables for processing
$SiteTitle = "Sales Portal"
$SiteTemplate = "STS#0" #Team Site
$SiteURL ="sales"
$ParentSiteURL = "https://crescenttech.sharepoint.com"

#$WCI.Language = "1033"
#Call the function with parameters
New-SPOSubsite -SiteTitle $SiteTitle -SiteURL $SiteURL  -SiteTemplate $SiteTemplate -ParentSiteURL $ParentSiteURL

This script creates a subsite with unique permissions. But wait, we are not yet done! As we specified Unique permissions, we need to create default permission groups: Owners, Members and Visitors for the site.

The Permission Setup page in SharePoint Online lets you to create default groups for the site: https://crescent.sharepoint.com/sales/_layouts/15/permsetup.aspx

PowerShell to Create Default Groups in SharePoint Online:

#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Function to Create a Group
Function Create-SPOGroup([Microsoft.SharePoint.Client.Web]$Web, $GroupName, $PermissionLevel)
{
    Try {
        $Ctx = $Web.Context
        #Get Existing Groups
        $Groups = $Web.SiteGroups
        $Ctx.Load($Groups)
        $Ctx.ExecuteQuery()

        #Check if the Group Exists already
        $Group = $Groups | Where { $_.Title -eq $GroupName}
        If(-Not $Group)
        {
            $GroupInfo = New-Object Microsoft.SharePoint.Client.GroupCreationInformation
            $GroupInfo.Title = $GroupName
            $Group = $Web.SiteGroups.Add($GroupInfo)
            $Ctx.ExecuteQuery()

            #Assign permission to the group
            $RoleDefinition = $web.RoleDefinitions.GetByName($PermissionLevel)
            $RoleDefBinding = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
            $RoleDefBinding.Add($RoleDefinition)
            $Ctx.Load($Web.RoleAssignments.Add($Group,$RoleDefBinding))
            $Ctx.ExecuteQuery()
            Write-host -f Green "Created Group $GroupName and Assigned Permissions $PermissionLevel"
        }
        Return $Group
    }
    catch {
        write-host -f Red "Error:" $_.Exception.Message
    }
}

#Function default "Owners, Members and Visitors Group
Function Create-SPODefaultGroups($SiteURL)
{
    #Setup Credentials to connect
    $Cred = Get-Credential
    $Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

    Try {
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = $Cred

        #Get the Web
        $Web=$Ctx.Web
        $Ctx.Load($Web)
        $Ctx.ExecuteQuery()

        #Set Group Names
        $OwnersGroupName = $Web.Title + " Owners"
        $MembersGroupName = $Web.Title + " Members"
        $VisitorsGroupName = $Web.Title + " Visitors"

        #Create Default Groups
        $OwnersGroup = Create-SPOGroup -Web $Web -GroupName $OwnersGroupName -PermissionLevel "Full Control"
        $MembersGroup = Create-SPOGroup -Web $Web -GroupName $MembersGroupName -PermissionLevel "Edit"
        $VisitorsGroup = Create-SPOGroup -Web $Web -GroupName $VisitorsGroupName -PermissionLevel "Read"

        #Associate Default Groups
        $web.AssociatedOwnerGroup  = $OwnersGroup
        $web.AssociatedOwnerGroup.Update()
        $web.AssociatedMemberGroup = $MembersGroup
        $web.AssociatedMemberGroup.Update()
        $web.AssociatedVisitorGroup = $VisitorsGroup
        $web.AssociatedVisitorGroup.Update()
        $web.Update()
        $Ctx.ExecuteQuery()   
    }
    catch {
        write-host -f Red "Error:" $_.Exception.Message
    }
}

#Call the function to create default site groups
Create-SPODefaultGroups "https://crescenttech.sharepoint.com/sales"

and the Result:

PnP PowerShell to Create a Subsite with Unique Permissions in SharePoint Online:

#Variables for processing
$SiteTitle = "Purchase Portal"
$SiteTemplate = "STS#3" #Modern Team Site
$SubSiteURL ="purchase"
$SiteURL = "https://crescenttech.sharepoint.com"

#Get Credentials to connect
$Cred = Get-Credential

Try {
    #Connect to PNP Online
    Connect-PnPOnline -Url $SiteURL -Credentials $Cred

    #Create new subsite with broken permission
    $Web = New-PnPWeb -Title $SiteTitle -Url $SubSiteURL -Template $SiteTemplate -BreakInheritance  -ErrorAction Stop
    Write-host -f Green "New Subsite '$SiteTitle' created with Unique Permissions..."
    
    #Disconnect Parent Web and connect to newly created subsite
    Disconnect-PnPOnline
    Connect-PnPOnline -Url $Web.Url -Credentials $Cred
    
    #Set Group Names
    $OwnersGroupName = $Web.Title + " Owners"
    $MembersGroupName = $Web.Title + " Members"
    $VisitorsGroupName = $Web.Title + " Visitors"

    #Setup Default Groups
    $OwnersGroup = Get-PnPGroup -Identity $OwnersGroupName -ErrorAction SilentlyContinue
    If(-Not $OwnersGroup)
    {
        $OwnersGroup = New-PnPGroup -Title $OwnersGroupName
        Write-host -f Green "Created Owners Group '$OwnersGroupName'"
    }
    Set-PnPGroup -Identity $OwnersGroup -SetAssociatedGroup Owners -AddRole "Full Control"

    #Members Group
    $MembersGroup = Get-PnPGroup -Identity $MembersGroupName -ErrorAction SilentlyContinue
    If(-Not $MembersGroup)
    {
        $MembersGroup = New-PnPGroup -Title $MembersGroupName
        Write-host -f Green "Created Members Group '$MembersGroupName'"
    }
    Set-PnPGroup -Identity $MembersGroup -SetAssociatedGroup Members -AddRole "Edit"

    #Visitors Group
    $VisitorsGroup = Get-PnPGroup -Identity $VisitorsGroupName -ErrorAction SilentlyContinue
    If(-Not $VisitorsGroup)
    {
        $VisitorsGroup = New-PnPGroup -Title $VisitorsGroupName
        Write-host -f Green "Created Visitors Group '$VisitorsGroupName'"
    }
    Set-PnPGroup -Identity $VisitorsGroup -SetAssociatedGroup Visitors -AddRole "Read"

}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}