How to get/see which security group has a SharePoint online site tied-up/Linked for permission or any other purposes in M365 tenant?

Vinod Survase 4,756 Reputation points
2023-09-13T09:41:19.7766667+00:00

How to get/see which security group has a SharePoint online site tied-up/Linked for permission or any other purposes in M365 tenant?

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,320 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,975 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Yanli Jiang - MSFT 27,961 Reputation points Microsoft Vendor
    2023-09-22T08:47:21.65+00:00

    Hi @Vinod Survase ,

    Your needs need to be divided into two parts of PowerShell to achieve:

    1. Use PowerShell to obtain the security group linked to each site collection in the tenant. But the prerequisite is that you need to have permissions on all site collections. Because it needs to traverse each site collection.

    Here is the code:

    #Parameters
    $AdminCenterUrl = "https://tenant-admin.sharepoint.com"
    $CSVPath = 'c:\Temp\ADGroupsInSPO.csv'
     
    #Connect to SharePoint admin center
    Connect-PnPOnline -Url $AdminCenterUrl -Interactive
     
    #Get all SharePoint sites
    $Sites = Get-PnPTenantSite
    $Report = @()
     
    #Loop through each site
    ForEach ($Site in $Sites)
    {
        Try {
            Write-host "Processing Site:"$Site.URL -f Yellow
            Connect-PnPOnline -Url $Site.Url -Interactive
            $ADGroups = Get-PnPUser | Where { $_.PrincipalType -eq "SecurityGroup" -and $_.Title -Notin ("Everyone","Everyone except external users", "Company Administrator", "SharePoint Service Administrator","All Users `(windows`)") }
     
            ForEach ($Group in $ADGroups)
            {
                $Report += New-Object Pscustomobject -Property @{
                SiteURL = $Site.URL
                GroupName = $Group.Title
                LoginName = $Group.LoginName
                GroupEmail = $Group.Email
                }
            }       
        }
        Catch {
            continue;
       }
    }
     
    $Report
      
    #Generate a CSV file from the data
    $Report | Export-Csv $CSVPath -NoTypeInformation
    

    For more details, please refer to:

    https://www.sharepointdiary.com/2019/01/sharepoint-online-find-all-active-directory-groups-using-powershell.html

    1. For export of permission for all levels (site/list-library/folder/...), currently, in SharePoint, only site collection/site/list-library/folder/.. is supported for permission traversal. Instead of User/Group. As a workaround, you can export a CSV file and then filter and integrate the results.

    For the code part, please refer to:

    https://www.sharepointdiary.com/2018/09/sharepoint-online-site-collection-permission-report-using-powershell.html

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.