SharePoint Online: Find All Active Directory Groups in a Site Collection

Requirement: Get All AD Security Groups in a SharePoint Online Site.

CSOM PowerShell to Find All AD Groups in SharePoint Online:
Here is the PowerShell to get all active directory domain groups from SharePoint Online site collection:
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
   
#Set Variables for Site URL
$SiteURL= "https://crescent.sharepoint.com/sites/marketing/"
$ADGroupCollection= @()
 
#Setup Credentials to connect
$Cred = Get-Credential
 
Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
 
    #Get all Users
    $Users=$Ctx.Web.SiteUsers
    $Ctx.Load($Users)
    $Ctx.ExecuteQuery()
 
    #Filter AD Groups from Users collection
    $ADGroups  = $Users | Where {$_.PrincipalType -eq "SecurityGroup"}

    #Get Each AD Group details
    Foreach($Group in $ADGroups)
    {
        #Get SharePoint Groups of the AD Group
        $Ctx.Load($Group.Groups)
        $Ctx.ExecuteQuery()
        $GroupNames = $Group.Groups | Select -ExpandProperty Title

        #Getting the members
        $ADGroup = new-object psobject
        $ADGroup | add-member noteproperty -name "AD Group Name" -value $Group.Title
        $ADGroup | add-member noteproperty -name "SP Group Membership" -value ($GroupNames -join "; ")
        #Add to Array
        $ADGroupCollection+=$ADGroup 
    }
    #Get the results
    $ADGroupCollection
}
Catch {
    write-host -f Red "Error getting AD Groups:" $_.Exception.Message
}

Get AD Groups in a Site Collection using SharePoint Online Management Shell: 
This time, lets retrieve AD security groups with the help of SharePoint Online management shell.
#Set Config Variables
$AdminCenterURL = "https://crescent-admin.sharepoint.com"
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ADGroupCollection= @()

#Connect to SharePoint Online
Connect-SPOService -URL $AdminCenterURL

#Get All AD Security Groups from the site collection
$ADGroups = Get-SPOUser -Site $SiteUrl -Limit All | Where { $_.IsGroup -and $_.DisplayName -ne "Everyone" -and $_.DisplayName -ne "Everyone except external users" }
 
#Iterate through each AD Group
Foreach($Group in $ADGroups)
{
        #Send Data to an object array
        $ADGroup = new-object psobject
        $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName
        $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($Group.Groups -join ",")
        #Add to Array
        $ADGroupCollection+=$ADGroup          
}
#Get the Data
$ADGroupCollection
Make sure you have SharePoint Online Management Shell installed in your client machine prior executing the script.

Export Active Directory Groups of All Site Collections using PowerShell:
Now, lets modify the above script a bit to extract AD groups from all site collections and export to a CSV report.
#Set Config Variables
$AdminCenterURL = "https://crescent-admin.sharepoint.com"
$ADGroupCollection= @()
$ReportPath ="C:\Temp\ADGroups.csv"

#Connect to SharePoint Online
Connect-SPOService -URL $AdminCenterURL

#Get All Site Collections from the tenant
$Sites  = Get-SPOSite -Limit ALL

#Iterate through each site collection
ForEach($Site in $Sites)
{
    Write-host "Processing Site Collection:"$Site.URL -f Yellow

    #Get All AD Security Groups from the site collection
    $ADGroups = Get-SPOUser -Site $Site.Url -Limit All | Where { $_.IsGroup -and $_.DisplayName -ne "Everyone" -and $_.DisplayName -ne "Everyone except external users" }
 
    #Iterate through each AD Group
    Foreach($Group in $ADGroups)
    {
            #Send Data to an object array
            $ADGroup = new-object psobject
            $ADGroup | add-member noteproperty -name "Site Name" -value $Site.Title
            $ADGroup | add-member noteproperty -name "URL" -value $Site.URL
            $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName
            $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($Group.Groups -join ",")
            #Add to Array
            $ADGroupCollection+=$ADGroup          
    }
}
#Export Data to CSV
$ADGroupCollection
$ADGroupCollection | export-csv $ReportPath -notypeinformation
Write-host "SharePoint Online Domain Groups data exported to a CSV file at:"$ReportPath -ForegroundColor Cyan
Make sure you have permissions to all site collections, otherwise, you may get: "Access denied. You do not have permission to perform this action or access this resource." error!
SharePoint Online Find All Active Directory Groups
SharePoint Online: Find All Active Directory Groups in a Site Collection SharePoint Online: Find All Active Directory Groups in a Site Collection Reviewed by Salaudeen Rajack on January 02, 2019 Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.