SharePoint Online: Find All Active Directory Groups in a Site Collection
Requirement: Get All AD Security Groups in a SharePoint Online Site.
CSOM PowerShell to Find All AD Groups in SharePoint Online:
Here is the PowerShell to get all active directory domain groups from SharePoint Online site collection:
Get AD Groups in a Site Collection using SharePoint Online Management Shell:
This time, lets retrieve AD security groups with the help of SharePoint Online management shell.
Export Active Directory Groups of All Site Collections using PowerShell:
Now, lets modify the above script a bit to extract AD groups from all site collections and export to a CSV report.
CSOM PowerShell to Find All AD Groups in SharePoint Online:
Here is the PowerShell to get all active directory domain groups from SharePoint Online site collection:
#Load SharePoint CSOM Assemblies Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll" Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" #Set Variables for Site URL $SiteURL= "https://crescent.sharepoint.com/sites/marketing/" $ADGroupCollection= @() #Setup Credentials to connect $Cred = Get-Credential Try { #Setup the context $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL) $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password) #Get all Users $Users=$Ctx.Web.SiteUsers $Ctx.Load($Users) $Ctx.ExecuteQuery() #Filter AD Groups from Users collection $ADGroups = $Users | Where {$_.PrincipalType -eq "SecurityGroup"} #Get Each AD Group details Foreach($Group in $ADGroups) { #Get SharePoint Groups of the AD Group $Ctx.Load($Group.Groups) $Ctx.ExecuteQuery() $GroupNames = $Group.Groups | Select -ExpandProperty Title #Getting the members $ADGroup = new-object psobject $ADGroup | add-member noteproperty -name "AD Group Name" -value $Group.Title $ADGroup | add-member noteproperty -name "SP Group Membership" -value ($GroupNames -join "; ") #Add to Array $ADGroupCollection+=$ADGroup } #Get the results $ADGroupCollection } Catch { write-host -f Red "Error getting AD Groups:" $_.Exception.Message }
Get AD Groups in a Site Collection using SharePoint Online Management Shell:
This time, lets retrieve AD security groups with the help of SharePoint Online management shell.
#Set Config Variables $AdminCenterURL = "https://crescent-admin.sharepoint.com" $SiteURL = "https://crescent.sharepoint.com/sites/marketing" $ADGroupCollection= @() #Connect to SharePoint Online Connect-SPOService -URL $AdminCenterURL #Get All AD Security Groups from the site collection $ADGroups = Get-SPOUser -Site $SiteUrl -Limit All | Where { $_.IsGroup -and $_.DisplayName -ne "Everyone" -and $_.DisplayName -ne "Everyone except external users" } #Iterate through each AD Group Foreach($Group in $ADGroups) { #Send Data to an object array $ADGroup = new-object psobject $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($Group.Groups -join ",") #Add to Array $ADGroupCollection+=$ADGroup } #Get the Data $ADGroupCollectionMake sure you have SharePoint Online Management Shell installed in your client machine prior executing the script.
Export Active Directory Groups of All Site Collections using PowerShell:
Now, lets modify the above script a bit to extract AD groups from all site collections and export to a CSV report.
#Set Config Variables $AdminCenterURL = "https://crescent-admin.sharepoint.com" $ADGroupCollection= @() $ReportPath ="C:\Temp\ADGroups.csv" #Connect to SharePoint Online Connect-SPOService -URL $AdminCenterURL #Get All Site Collections from the tenant $Sites = Get-SPOSite -Limit ALL #Iterate through each site collection ForEach($Site in $Sites) { Write-host "Processing Site Collection:"$Site.URL -f Yellow #Get All AD Security Groups from the site collection $ADGroups = Get-SPOUser -Site $Site.Url -Limit All | Where { $_.IsGroup -and $_.DisplayName -ne "Everyone" -and $_.DisplayName -ne "Everyone except external users" } #Iterate through each AD Group Foreach($Group in $ADGroups) { #Send Data to an object array $ADGroup = new-object psobject $ADGroup | add-member noteproperty -name "Site Name" -value $Site.Title $ADGroup | add-member noteproperty -name "URL" -value $Site.URL $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($Group.Groups -join ",") #Add to Array $ADGroupCollection+=$ADGroup } } #Export Data to CSV $ADGroupCollection $ADGroupCollection | export-csv $ReportPath -notypeinformation Write-host "SharePoint Online Domain Groups data exported to a CSV file at:"$ReportPath -ForegroundColor CyanMake sure you have permissions to all site collections, otherwise, you may get: "Access denied. You do not have permission to perform this action or access this resource." error!
SharePoint Online: Find All Active Directory Groups in a Site Collection
Reviewed by Salaudeen Rajack
on
January 02, 2019
Rating:

No comments:
Please Login and comment to get your questions answered!