none
How can I add Security group to SP group based on the permission?

    Question

  • I have 3000+ sub sites under several site collection. The structure as following.

    • http://webapp/ManagedPath/SiteCollection1/Subsite1
    • http://webapp/ManagedPath/SiteCollection1/Subsite2
    • http://webapp/ManagedPath/SiteCollection1/Subsite3
    • http://webapp/ManagedPath/SiteCollection1/Subsite4
    • http://webapp/ManagedPath/SiteCollection1/Subsite1/Subsite5
    • http://webapp/ManagedPath/SiteCollection1/Subsite1/Subsite6
    • http://webapp/ManagedPath/SiteCollection1/Subsites/Subsite6/subsite7
    • and so on.

    The same kind of structure under several site collections such as http://webapp/ManagedPath/SiteColection2, http://webapp/ManagedPath/SiteColection3 and so on.

    I need to iterate thru all subsites and get each site's SP group which has Full Control permission and add each one with seperate active directory security groups. Any advise on how this can be achieved using powershell.


    • Edited by MC ROY Thursday, March 9, 2017 6:27 PM typo
    Thursday, March 9, 2017 4:33 PM

Answers

  • Hi Rio,

    Per my test, the issue is not resulted by the PowerShell command, the PowerShell command is working.

    The issue is that you delete a user from a group, you add a user to the group again, if you just refresh the page, it executes the delete action once again,  the user is delete from the group again.

    So after you add a user to the group again, don't just refresh the page, navigate to anther group, then navigate to that group again.

    For your issue, after deleting the user from that group and add again through PowerShell, don't refresh the page, navigate to anther group, then navigate to that group again, the user will be added successfully. 

    Best Regards,

    Lisa Chen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by MC ROY Thursday, March 16, 2017 4:32 PM
    Tuesday, March 14, 2017 8:49 AM
    Moderator
  • Hope this will help you

    https://social.technet.microsoft.com/Forums/en-US/998681fc-b83b-42de-a072-372ad584007f/problems-adding-ad-security-group-to-sp-group-using-powershell?forum=sharepointadminprevious


    Please remember to click Mark as Answer on the answer if it helps you

    • Marked as answer by MC ROY Thursday, March 16, 2017 4:31 PM
    Thursday, March 9, 2017 8:34 PM

All replies

  • Hope this will help you

    https://social.technet.microsoft.com/Forums/en-US/998681fc-b83b-42de-a072-372ad584007f/problems-adding-ad-security-group-to-sp-group-using-powershell?forum=sharepointadminprevious


    Please remember to click Mark as Answer on the answer if it helps you

    • Marked as answer by MC ROY Thursday, March 16, 2017 4:31 PM
    Thursday, March 9, 2017 8:34 PM
  • Hi Rio,

    From your description, you want to get each site's SP group which has Full Control permission and add each one with separate active directory security group.

    How to get permission levels of a SharePoint Group using PowerShell script for your reference:

    https://social.technet.microsoft.com/Forums/office/en-US/6c502cd5-04a0-4b9e-a35a-dd7e9cd6d431/get-permission-levels-of-a-sharepoint-group-using-powershell-script-?forum=sharepointadminprevious

    How to add AD Group to SharePoint Group using PowerShell for your reference:

    http://sharepoint.stackexchange.com/questions/133960/how-to-add-ad-group-to-sharepoint-group-using-powershell

    https://social.msdn.microsoft.com/Forums/sqlserver/en-US/a2e7f4e1-b6c9-4f7a-abd5-4e54976868d4/adding-ad-group-users-to-sharepoint-groups-using-powershell?forum=sharepointadmin

    Best Regards,

    Lisa Chen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 10, 2017 8:06 AM
    Moderator
  • It is very weird.

    It works when add a user to a new group using pwoerwhell. if I delete the user from that group and add again thru PowerShell it does not add.

    $SPWebApp = Get-SPWebApplication http://webapp:100

    foreach ($SPSite in $SPWebApp.Sites)
    {
            if($SPSite -ne $null)
            {

                foreach($SPWeb in $SPSite.AllWebs)
                {
                    if(($SPWeb -ne $null) -and ($SPWeb.Url -Like '*orgs*'))
                    {

                        #if permission is broken in sub web
                        if ($SPWeb.HasUniqueRoleAssignments)
                        {
                            #iterate thru all permission levels in sub web
                            foreach($roleAssignment in $SPWeb.RoleAssignments)
                            {

                               foreach($roleDefinition in $roleAssignment.RoleDefinitionBindings)
                                {
                                    #get group for Full Control only
                                    if ($roleDefinition.Name -eq "Full Control" )
                                    {
                                   
                                        $groupname = $roleAssignment.Member.Name
                                        $user = $SPWeb.EnsureUser("DOMAIN\USER" + A_NUMBER_To_BeAdded)
                                        $group = $SPWeb.sitegroups[$groupname]                                                                      
                                       
                                        #add user to group
                                        $group.AddUser($user)
                                        $group.update()

                                    }
                                }
                             
                             }


                        }
                        else
                        {

                        }
                                  
                    }
                    
                }
            $SPSite.Dispose()
            }
            else
            {
                Echo $siteURL "does not exist, check the site collection url"
            }
        }

    • Edited by MC ROY Saturday, March 11, 2017 9:40 AM
    Saturday, March 11, 2017 9:19 AM
  • Hi Rio,

    Per my test, the issue is not resulted by the PowerShell command, the PowerShell command is working.

    The issue is that you delete a user from a group, you add a user to the group again, if you just refresh the page, it executes the delete action once again,  the user is delete from the group again.

    So after you add a user to the group again, don't just refresh the page, navigate to anther group, then navigate to that group again.

    For your issue, after deleting the user from that group and add again through PowerShell, don't refresh the page, navigate to anther group, then navigate to that group again, the user will be added successfully. 

    Best Regards,

    Lisa Chen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by MC ROY Thursday, March 16, 2017 4:32 PM
    Tuesday, March 14, 2017 8:49 AM
    Moderator
  • Hi Rio,

    Is there anything update?

    Best Regards,

    Lisa Chen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, March 15, 2017 3:14 AM
    Moderator
  • U r right. Thanks
    Thursday, March 16, 2017 4:32 PM