Share via

Add "Domain Group" to SharePoint Online site as seen in "Advanced permissions" using PowerShell

Brandon Inabinet 1 Reputation point
2021-04-15T22:30:32.34+00:00

We have an existing "Domain Group" that comes from our on-premise AD, but is synchronized with Azure AD.
for example: DomainGroup1 AKA DomainGroup1@keyman .com

We have over 100 SharePoint Online sites we want to add this group to as a contributor.

When we go to any one of these sites, we can go to the "Advanced Permissions" And we can see some existing "Domain Groups" already on the site, with contribute permission.

Note, they are not members of any other SharePoint group, they are somehow added simply as the "Domain Group" with Contribute permissions at the site level.
Below is an image of the "Advanced Permissions" on one of the sites showing that we have "domain groups" with "Contribute" permission.

We want to be able to do this using powershell so we can make a script to do this for all of the sites we need.

Any help with this would be greatly appreciated!

88327-image.png

Microsoft 365 and Office | SharePoint | For business | Windows

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Emily Du-MSFT 51,846 Reputation points Microsoft External Staff
    2021-04-16T09:52:35.303+00:00

    @Brandon Inabinet

    Note: The account to be used in the PowerShell should be the administrator of these site collections.

    1.Create a csv file as following picture shows.
    89848-csv.png

    2.Please run below PowerShell.

     $Credentials=Get-Credential  
 $DomainGroup = "******@domain.com"  
 $PermissionLevel = "Contribute"  

 $filePath = “the local path of csv file, such as C:\sites.csv”  

 $csv = Import-Csv $filePath  
 $a = $csv.Url  

 ForEach($_ in $a) {  

      Connect-pnponline $_ -Credential $Credentials  

      Set-PnPWebPermission -User $DomainGroup -AddRole $PermissionLevel  -Identity "/"  

 }

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Brandon Inabinet 1 Reputation point
    2021-04-19T04:27:33.047+00:00

    This site will not allow me to edit my earlier response, or add any new reply...

    So I'm trying to add my response here, even though it's not an answer.

    I have run into multiple issues.
    I need to only add the permission for some sites, not all sites.

    So I create a CSV file with the site URLs 1 per line.
    Then I modify the code to read from CSV, but it asks me for identity:

    cmdlet Set-PnPWebPermission at command pipeline position 1
    Supply values for the following parameters:
    Identity:

    When I add "-Identity $site" to the code, I get this result:

    Cannot bind parameter 'Identity'. Cannot convert the "@{siteURL}" value of type
    "System.Management.Automation.PSCustomObject" to type "PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind"

    If I use:
    $SiteCollections = Get-PnPTenantSite
    Set-PnPWebPermission -User $DomainGroup -AddRole $PermissionLevel -Identity $Sitecollections[25]

    I get this error:
    Cannot bind parameter 'Identity'. Cannot convert the "PnP.PowerShell.Commands.Model.SPOSite" value of type "PnP.PowerShell.Commands.Model.SPOSite" to type
    "PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind"

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.