Active Directory Azure AD Client Side Object Model (CSOM) Permission PnP PowerShell PowerShell SharePoint SharePoint Online Users and Groups 

Add AD Group to SharePoint Online Group using PowerShell

Salaudeen Rajack 12 Comments , , , , ,

Requirement: Add AD Group to SharePoint Online Group using PowerShell

PowerShell to Add Active Directory Group to SharePoint Online Group

PowerShell to Add Active Directory Group to SharePoint Online Group

In this blog post, we will be looking at how to add an Active Directory security group to SharePoint Online using PowerShell. In just a few quick steps, you can add the security group and grant them the permissions they need. By adding the AD security group to your SharePoint Online site, you can give members of that group permissions to access the site and its contents. Here is the PowerShell add AD group to SharePoint group in SharePoint Online:

#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

Function Add-ADGroupToSP($SiteURL,$ADGroupName,$SPGroupName)
{
    #Setup Credentials to connect
    $Cred = Get-Credential
    $Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
 
    Try {
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = $Cred
     
        #Get the Web and SharePoint Group
        $Web = $Ctx.Web
        $Group= $Web.SiteGroups.GetByName($SPGroupName)
 
        #Resolve the AD Security Group
        $ADGroup = $web.EnsureUser($ADGroupName)
 
        #sharepoint online powershell add AD group to sharepoint group
        $Result = $Group.Users.AddUser($ADGroup)
        $Ctx.Load($Result)
        $Ctx.ExecuteQuery()
 
        write-host  -f Green "Active Directory Group '$ADGroupName' has been added to '$SPGroupName'"
    }
    Catch {
        write-host -f Red "Error:" $_.Exception.Message
    }
}

#Variables for Processing
$SiteURL = "https://Crescent.sharepoint.com/Sales"
$ADGroupName = "Marketing Managers"
$SPGroupName="Sales Portal Members"

#Call the function to add AD group to SharePoint Group
Add-ADGroupToSP -SiteURL $SiteURL -ADGroupName $ADGroupName -SPGroupName $SPGroupName

This adds a given Active directory security group into the SharePoint Online group as a SharePoint user. You can also use AD Group’s Login ID (E.g. c:0t.c|tenant|915xnusf-fbb3-7da1-k252-33e0de69f19″) to Add AD Group to SharePoint Online Group.

SharePoint Online: PnP PowerShell to Add Security Group to Site

Adding a security group to SharePoint Online can be done using PnP PowerShell as well. Here is the PnP PowerShell to add Active directory security group to SharePoint Online group:

#Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/hr"
$AdGroupID = "c:0t.c|tenant|798cb3d4-7ca8-4567-adb5-916bc496d7cd"
$GroupName = "HR Owners"

#Connect to site
Connect-PnPOnline $SiteURL -Interactive

#SharePoint Online powershell add security group
Add-PnPGroupMember -LoginName $AdGroupID -Identity $GroupName

To get all security groups and their IDs, use:

#Connect to Azure AD
Connect-AzureAD

#Get All Security Groups
Get-AzureADGroup -Filter "SecurityEnabled eq true" | Select DisplayName,ObjectID

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

12 thoughts on “Add AD Group to SharePoint Online Group using PowerShell

  • this script only adds the user to a group, I need to add a group to sharepoint site collection sites. how can I add a group to these subsites.

    Reply

  • @Salaudeen Rajack In PnP PowerShell last code line replace “Add-PnPGroupMember” with “Add-PnPUserToGroup”

    Reply

    • In the new Pnp.PowerShell module, Add-PnPUserToGroup cmdlet is replaced with Add-PnPGroupMember.

      Reply

  • The code worked like a charm!! excellent. keep posting such scenarios. thanks 🙂

    Reply

  • Excellent, thanks for sharing!

    Reply

  • Hey Salaudeen,

    Just wanted to say I’ve used your blog posts quite a lot for my current project. Great work!

    Reply

  • Need help with this code, I don’t know how to start this in my sharepoint 2016 on-premise – site colletion

    Reply

  • Could you explain please? I don’t know how this code work in SharePoint on-premise ??

    When I start your code is for SharePoint ONLINE and I get error
    New-Object : Cannot find type [Microsoft.SharePoint.Client.SharePointOnlineCredentials]: verify that the assembly containing this type is loaded.

    Reply

  • What is the same code for PNP Powershell?

    Reply

    • $context = Connect-PnPonline -Url [mysite] -ReturnConnection
      $web = Get-PnPWeb -Connection $context
      $adgroup = “c:0t.c|tenant|[ad id]”
      $ensureUser = $web.EnsureUser($adgroup)
      $adgroup= Get-PnPUser $adgroup -Connection $context
      Add-PnPUserToGroup -LoginName $adgroup.LoginName -Identity “$($web.Title) Owners” -Connection $context

      Reply

Leave a Reply