Problems adding AD Security Group to SP Group using PowerShell RRS feed

  • Question

  • I am trying to create a powershell script that will enumerate SharePoint 2010 permissions and groups from a .csv file. The script needs to

    1) Create the SharePoint groups
    2) Add an owner
    3) Add an active directory doman security group
    4) Add a permission level to the SharePoint group.

    However, I can't seem to add active directory groups to the SharePoint groups even though the groups exist in SharePoint, as they have been imported through the UPS synch.  This is the code I have been using:

    param (


        [string] $createspgroups = "SPGroupssh.csv"



    $web = Get-SPWeb http://myserver


    ipcsv $createspgroups | foreach {

    $owner = $web.AllUsers[$_.Owner];

    $adgroupname = $web.AllUsers[$_.ADGroupName]; 

    $GroupName =$_.GroupName; 

    $web.SiteGroups.Add($GroupName,$owner, $adgroupname, $GroupName) 

    $memberGrp = $web.SiteGroups[$GroupName] 

    $web.AssociatedMemberGroup = $memberGrp 


    $memberAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($memberGrp)   









    The .csv file format is as follows:

    GroupName Permissions Owner ADGroupName
    PW Group,Read,domain\administrator,domain\pwgroup
    When I run the script, I get an error in powershell that tells me that I can't add a 'domain group to a group'. I have tested the script substituting the $adgroupname with $owner (eg adding a user to the group instead of an AD group)and the script works with no errors. The script also works if the AD group does not exist in SHarepoint (although the group is empty!)

    Perhaps I have misunderstood, but I have assumed from what I have read that you use the same method for adding a group as you would a user.

    Any help greatly appreciated!

    Many thanks


    Monday, October 4, 2010 8:27 PM


  • Hi Chris,

    You might find that you need to specify a default user in the $web.SiteGroups.Add command and then add a domain group to the SharePoint group after it has been added to the web.

    I would first try replacing $adgroupname = $web.AllUsers[$_.ADGroupName] with this command: $adgroupname = $web.EnsureUser($_.ADGroupName)

    If that doesn't work, specify a default user in your $web.SiteGroups.Add command and add the AD group to the SharePoint group after it has been added to the web.



    Phil Childs
    • Marked as answer by Nishant - MSFT Wednesday, January 19, 2011 9:25 AM
    Friday, October 15, 2010 2:24 PM