We help IT Professionals succeed at work.

is it possible to convert ad security groups to the sharepoint groups

Hello,

Is it possible to convert AD Security Groups, used for granting permission in SharePoint on prem, into SharePoint Groups. purpose is to decom ad security groups while keeping the permissions by setting sharepoint groups.

I do not think it is possible but not sure, checked internet , couldn't find anything

Thank
Comment
Watch Question

Server engineer
CERTIFIED EXPERT
Commented:

Create SharePoint group from active directory group:


#Import Active directory & SharePoint PowerShell modules
Import-Module ActiveDirectory
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
   
#Variables for processing
$SiteURL="http://Intranet.crescent.com/"
$ADGroupName="SP13 Authors"
$SPGroupName="Content Authors"
$PermissionLevel="Full Control" #Permission to SPGroup
$Domain="Crescent" #AD Domain
 
#Get the Site collection's Root Web
$web = Get-SPWeb $SiteURL
 
#Check if Group Exists already
 if ($web.SiteGroups[$SPGroupName] -ne $null)  
 {  
  write-Host "Group Name Already in the site!!" -ForegroundColor Red
 }  
 else  
 {  
  #Create New SharePoint Group
  $SPGroup = $web.SiteGroups.Add($SPGroupName, $web.Site.Owner, $web.Site.Owner, $null)
  #Get the newly created group and assign permission to it
  $SPGroup = $web.SiteGroups[$SPGroupName]  
  $RoleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($SPGroup)  
  $RoleDefinition = $web.RoleDefinitions[$PermissionLevel]  
  $RoleAssignment.RoleDefinitionBindings.Add($RoleDefinition)  
  $web.RoleAssignments.Add($RoleAssignment)  
  $web.Update()  
  Write-Host "New Group $SPGroupName has been created!"
 
  #Get Members of AD Group
  $ADGroupMembers = Get-ADGroupMember -Identity $ADGroupName | Select-Object -ExpandProperty SamAccountName    
  Write-host "Total Users Found in the AD Group:"$ADGroupMembers.Count
 
  #Add Members to SPGroup from ADGroup
  $ADGroupMembers | ForEach-Object {
     #Convert to Domain\User format
     $UserID =  "$Domain\$_"
     #Get Claims ID. E.g. Domain\User to i:0#.w|Domain\User
     $UserClaimsID = (New-SPClaimsPrincipal -identity $UserID -IdentityType "WindowsSamAccountName").ToEncodedString()
     $SPGroup.Users.Add($UserClaimsID,"", "", "")
     Write-host "User Added from AD Group to SharePoint Group:" $UserClaimsID
  }  
 }



Walter CurtisSharePoint AED
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:

That's a good looking script. Can't wait to try it.

EricSystem Admin

Author

Commented:
hi gents, I know this script but with this script we need to work with permissions too. it does not make the permissions for a site, is there any way to do so

Explore More ContentExplore courses, solutions, and other research materials related to this topic.