SharePoint Online: Find All Active Directory Security Groups in a Site Collection

Requirement: Get All AD Security Groups in a SharePoint Online Site.

CSOM PowerShell to Find All AD Groups in SharePoint Online:
Here is the PowerShell to get all active directory domain groups from SharePoint Online site collection:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
   
#Set Variables for Site URL
$SiteURL= "https://crescent.sharepoint.com/sites/marketing/"
$ADGroupCollection= @()
 
#Setup Credentials to connect
$Cred = Get-Credential
 
Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
 
    #Get all Users
    $Users=$Ctx.Web.SiteUsers
    $Ctx.Load($Users)
    $Ctx.ExecuteQuery()
 
    #Filter AD Groups from Users collection
    $ADGroups  = $Users | Where {$_.PrincipalType -eq "SecurityGroup"}

    #Get Each AD Group details
    Foreach($Group in $ADGroups)
    {
        #Get SharePoint Groups of the AD Group
        $Ctx.Load($Group.Groups)
        $Ctx.ExecuteQuery()
        $GroupNames = $Group.Groups | Select -ExpandProperty Title

        #Getting the members
        $ADGroup = new-object psobject
        $ADGroup | add-member noteproperty -name "AD Group Name" -value $Group.Title
        $ADGroup | add-member noteproperty -name "SP Group Membership" -value ($GroupNames -join "; ")
        #Add to Array
        $ADGroupCollection+=$ADGroup 
    }
    #Get the results
    $ADGroupCollection
}
Catch {
    write-host -f Red "Error getting AD Groups:" $_.Exception.Message
}

Get AD Groups in a Site Collection using SharePoint Online Management Shell:
This time, lets retrieve AD security groups with the help of SharePoint Online management shell.

#Set Config Variables
$AdminCenterURL = "https://crescent-admin.sharepoint.com"
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ADGroupCollection= @()

#Connect to SharePoint Online
Connect-SPOService -URL $AdminCenterURL

#Get All AD Security Groups from the site collection
$ADGroups = Get-SPOUser -Site $SiteUrl -Limit All | Where { $_.IsGroup -and $_.DisplayName -ne "Everyone" -and $_.DisplayName -ne "Everyone except external users" }
 
#Iterate through each AD Group
Foreach($Group in $ADGroups)
{
        #Send Data to an object array
        $ADGroup = new-object psobject
        $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName
        $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($Group.Groups -join ",")
        #Add to Array
        $ADGroupCollection+=$ADGroup          
}
#Get the Data
$ADGroupCollection

Make sure you have SharePoint Online Management Shell installed in your client machine prior executing the script.

Export Active Directory Groups of All Site Collections using PowerShell:
Now, lets modify the above script a bit to extract AD groups from all site collections and export to a CSV report.

#Set Config Variables
$AdminCenterURL = "https://crescent-admin.sharepoint.com"
$ADGroupCollection= @()
$ReportPath ="C:\Temp\ADGroups.csv"

#Connect to SharePoint Online
Connect-SPOService -URL $AdminCenterURL

#Get All Site Collections from the tenant
$Sites  = Get-SPOSite -Limit ALL

#Iterate through each site collection
ForEach($Site in $Sites)
{
    Write-host "Processing Site Collection:"$Site.URL -f Yellow

    #Get All AD Security Groups from the site collection
    $ADGroups = Get-SPOUser -Site $Site.Url -Limit All | Where { $_.IsGroup -and $_.DisplayName -ne "Everyone" -and $_.DisplayName -ne "Everyone except external users" }
 
    #Iterate through each AD Group
    Foreach($Group in $ADGroups)
    {
            #Send Data to an object array
            $ADGroup = new-object psobject
            $ADGroup | add-member noteproperty -name "Site Name" -value $Site.Title
            $ADGroup | add-member noteproperty -name "URL" -value $Site.URL
            $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName
            $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($Group.Groups -join ",")
            #Add to Array
            $ADGroupCollection+=$ADGroup          
    }
}
#Export Data to CSV
$ADGroupCollection
$ADGroupCollection | export-csv $ReportPath -notypeinformation
Write-host "SharePoint Online Domain Groups data exported to a CSV file at:"$ReportPath -ForegroundColor Cyan

Make sure you have permissions to all site collections, otherwise, you may get: "Access denied. You do not have permission to perform this action or access this resource." error!

SharePoint Online Find All Active Directory Groups

Disclaimer

This is my personal blog. Articles written on this blog are from my experience for my own reference and to help others.

Do not reproduce my content anywhere, in any form without my permission. If any article written on this blog violates copyright, please contact me! If you have a more elegant solution on any of the topics discussed - please post a comment, I'll be happy to hear!

This site uses cookies to personalize content, advertisements, and to analyze traffic. More here: Privacy Policy

SharePoint Diary

SharePoint Online: Find All Active Directory Security Groups in a Site Collection

No comments:

Social Profiles

About Me

Archive

Popular

Labels

Total Views

Disclaimer

SharePoint Video Tutors

Follow by Email

Blog Awards