Add AD Group to SharePoint Online Group using PowerShell
Requirement: Add Active Directory security group to SharePoint Online Group using PowerShell.
How to Add AD Group to SharePoint Online Groups?
Adding an Active Directory (AD) group to SharePoint Online is a great way to manage user permissions. By adding AD groups, you can give users access to SharePoint sites, libraries, lists, and items without having to individually add each user to the site. In this blog post, we’ll walk you through the steps to add an AD group to SharePoint Online.
- Sign in to your SharePoint Online site as a site owner or administrator.
- Click on Settings Gear >> Site Permissions >> Share Site.
- Enter the name of the Active Directory group that you want to add. Set the Permissions for the group.
- Finally, click on the “Add” button to save your changes.
The group will now be added to your site, and you can begin managing permissions for the group as needed. You can also go to Advanced permission settings and add the AD group to the relevant SharePoint Online site group.
On Group connected sites, You can click on “Add Members” and then choose the “Share site only” option to grant access to the Active Directory Group to the Sharepoint Online site. The “Add Members to Group” won’t work, as the Office 365 group cannot contain AD security groups.
PowerShell to Add Active Directory Group to SharePoint Online Group
Let’s look at how to add an Active Directory security group to SharePoint Online using PowerShell. In just a few quick steps, you can add the security group and grant them the permissions they need. By adding the AD security group to your SharePoint Online site, you can give members of that group permission to access the site and its contents. Here is the PowerShell add AD group to SharePoint group in SharePoint Online:
#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Function Add-ADGroupToSP($SiteURL,$ADGroupName,$SPGroupName)
{
#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $Cred
#Get the Web and SharePoint Group
$Web = $Ctx.Web
$Group= $Web.SiteGroups.GetByName($SPGroupName)
#Resolve the AD Security Group
$ADGroup = $web.EnsureUser($ADGroupName)
#sharepoint online powershell add AD group to sharepoint group
$Result = $Group.Users.AddUser($ADGroup)
$Ctx.Load($Result)
$Ctx.ExecuteQuery()
write-host -f Green "Active Directory Group '$ADGroupName' has been added to '$SPGroupName'"
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
}
#Variables for Processing
$SiteURL = "https://Crescent.sharepoint.com/Sales"
$ADGroupName = "Marketing Managers"
$SPGroupName="Sales Portal Members"
#Call the function to add AD group to SharePoint Group
Add-ADGroupToSP -SiteURL $SiteURL -ADGroupName $ADGroupName -SPGroupName $SPGroupName
This adds a given Active directory security group into the SharePoint Online group as a SharePoint user. You can also use AD Group’s Login ID (E.g. c:0t.c|tenant|915xnusf-fbb3-7da1-k252-33e0de69f19″) to Add AD Group to SharePoint Online Group.
SharePoint Online: PnP PowerShell to Add Security Group to Site
Adding a security group to SharePoint Online can be done using PnP PowerShell as well. Here is the PnP PowerShell to add the Active Directory security group to the SharePoint Online group:
#Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/hr"
$AdGroupID = "c:0t.c|tenant|798cb3d4-7ca8-4567-adb5-916bc496d7cd"
$GroupName = "HR Owners"
#Connect to site
Connect-PnPOnline $SiteURL -Interactive
#SharePoint Online powershell add security group
Add-PnPGroupMember -LoginName $AdGroupID -Identity $GroupName
The members of the AD group will now have access to the resources and permissions granted to the SharePoint group. To get all security groups and their IDs, use the following:
#Connect to Azure AD
Connect-AzureAD
#Get All Security Groups
Get-AzureADGroup -Filter "SecurityEnabled eq true" | Select DisplayName,ObjectID
Getting the ID of Active Directory Groups is explained in my other post: How to Add AD Security Group as Site Collection Administrator in SharePoint Online?
Thank for wonderful scripts. Would you be able to help in use case, we have AD Groups lets say by name “AB Sec Admins” and it is added in multiple SharePoint Groups in different sites. Now, it name has been renamed in AD, it is now “CD Sec Admins”.
Can we update/resync AD Groups existing in SP Groups? I am aware that I need to manually find by old name, remove from SP Group and add new one.
Hi, thanks for the info
If I have multiple subsites under a project site, can you advise how can I loop first PowerShell code to add AD group to all subsites in SP group?
thanks
this script only adds the user to a group, I need to add a group to sharepoint site collection sites. how can I add a group to these subsites.
@Salaudeen Rajack In PnP PowerShell last code line replace “Add-PnPGroupMember” with “Add-PnPUserToGroup”
In the new Pnp.PowerShell module, Add-PnPUserToGroup cmdlet is replaced with Add-PnPGroupMember.
The code worked like a charm!! excellent. keep posting such scenarios. thanks 🙂
Excellent, thanks for sharing!
Hey Salaudeen,
Just wanted to say I’ve used your blog posts quite a lot for my current project. Great work!
Need help with this code, I don’t know how to start this in my sharepoint 2016 on-premise – site colletion
Here is the script for SharePoint On-premises: How to Add Active Directory Group to SharePoint Group?
Could you explain please? I don’t know how this code work in SharePoint on-premise ??
When I start your code is for SharePoint ONLINE and I get error
New-Object : Cannot find type [Microsoft.SharePoint.Client.SharePointOnlineCredentials]: verify that the assembly containing this type is loaded.
Install either the PowerShell Module for SharePoint Online or SharePoint Online Client SDK!
What is the same code for PNP Powershell?
$context = Connect-PnPonline -Url [mysite] -ReturnConnection
$web = Get-PnPWeb -Connection $context
$adgroup = “c:0t.c|tenant|[ad id]”
$ensureUser = $web.EnsureUser($adgroup)
$adgroup= Get-PnPUser $adgroup -Connection $context
Add-PnPUserToGroup -LoginName $adgroup.LoginName -Identity “$($web.Title) Owners” -Connection $context