Search This Blog

Wednesday, August 1, 2018

Import Active Directory Users into SharePoint 2013/2016 Group - PowerShell

Import Active Directory Users into SharePoint 2013/2016 Group 

Write-host "Adding SharePoint Snapin"
$Host.Runspace.ThreadOptions = "ReuseThread"
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue
Write-host "Importing AD module"
import-module activedirectory -ErrorAction SilentlyContinue

write-host "Starting work..."
#Hard coded variables for testing, 
# we need the name of the AD Group, the name of the corresponding group in Sharepoint to sync with, 
#and the URL of the SPWeb where the SP group resides.
$ADgroupname = "CN=XXX,OU=XXXX,DC=XXX,DC=XX,DC=XX"
#Get-ADGroup -Filter * | Select distinguishedName, Name
$SPGroupName = "SPGroup_AllUsers"
$spweburl = "http://xxxxx.com"
#note that it's reasonably easy to turn this hardcoded list into a CSV import and then loop through multiple groups

[Microsoft.ActiveDirectory.Management.ADPropertyValueCollection]$Type = Get-ADGroupMember $ADgroupname | select PropertyNames

#get a list of the AD Users in the AD Group
#$ADGroupMembers = get-adgroupmember -Identity $ADgroupname | select @{name="LoginName";expression={$_.samaccountname}}

$ADGroupMembers = Get-ADGroupMember $ADgroupname | select samaccountname, email, name

if ($ADGroupMembers -eq $null)
{
    write-host "The AD Group we're syncing with is empty - this is usually a problem or typo - the SP group will be left alone" -foregroundcolor red
    return;
}


#get the list of users in the SharePoint Group

$web = get-spweb $spweburl
$group = $web.groups[$SPGroupName]

if ($group -eq $null) {
    write-host "SPGroup Not found" ; return
}

$spusers = $group.users | select @{name="LoginName";expression={$_.LoginName.toupper()}}
  
write-host "Debug: at this point we should have a list of user ID's from SharePoint in domain\user format, uppercase" 


#Remove all Existing Users in SharePoint Group
foreach($x in $spusers)
{
     write-host $x.LoginName -foregroundcolor green

     $User  = Get-SPUser -Identity  $x.LoginName -Web $web

     $group.RemoveUser($User)
}


  
if($spusers -eq $null)
{
    write-host "The SPgroup is empty" -foregroundcolor cyan
    write-host "Adding all AD group members to the SP group"

    foreach ($ADGroupMember in $ADGroupMembers)
    {
        #add the AD group member to the SP group. 
        #Please add code to get the domain or fix it if you have only one doain
        $Domain= "royal_comm\"
        #$SamAccountName = $ADGroupMember.samaccountname
        $UserName = $Domain + $ADGroupMember.samaccountname
        #$DisplayName = $ADGroupMember.name
        #$Email = (Get-ADUser $SamAccountName -Properties mail).mail
        write-host "Adding $()" 
        write-host "new-spuser -useralias $($UserName) -web $($web.url) -group $SPGroupName" -foregroundcolor green
        
        $SPUser = $web.EnsureUser($UserName)
        try
        {
            $group.AddUser($SPUser)
        }
        catch
        {
            Write-Host "User already exists..." -ForegroundColor Red
        }

        write-host "User is Added..." -ForegroundColor Green      
    }
   
    write-host "Done adding users - script will now exit" -foregroundcolor magenta
}

#>


No comments:

Post a Comment