Forum Discussion

Douglas Clelland's avatar
Douglas Clelland
Brass Contributor
Nov 01, 2017

Adding Security groups in SharePoint and Office 365 groups

Hello all! We have several sites I have created for departments as Modern Team Sites connected to Groups (we are in SharePoint Online). I want to be able to utilize AD security groups for permssions...
SharePoint Online
PittSharePointPro's avatar
PittSharePointPro
Iron Contributor
Jul 15, 2020

Adam Weldon-Ming This is pretty good but looks like I'd have to connect to each site one at a time.  My customer will have a couple hundred modern SPO M365 Team Sites with Groups.  One for each of their clients.  I can get the internal users setup with no problem to access the SP resources using 'Everyone Except External'.  Problem is, they can't get the Planner because they need to be site members.  OK so not a problem, just add the existing users as 'site members' into the provisioning site template that I'm building.  But what about new hires moving forward?  I need an easy to use method for my customer to add their new hires into hundreds of existing groups.  I can't add a security group, as others mentioned in this thread, which would resolve this issue by simply adding the new hire to the security group.  Any thoughts on my situation and how to best manage this?

trenish's avatar
trenish
Copper Contributor
Sep 09, 2020

PittSharePointPro  did you ever get an answer to this?  I'm also about to run into a scalability problem where adding new users is concerned.

  • PittSharePointPro's avatar
    PittSharePointPro
    Iron Contributor
    Sep 10, 2020

    trenish - The site members won't carry over into my provisioning template, presumably since that is basically managed as a Group resource.  I understand that this can be achieved in a 'tenant template' which I haven't yet mastered.  Or the preferred method of building an Azure Package which is a bit beyond my pay grade but also the client would require additional licensing. However, I've been able to craft two serviceable powershell methods.  One for my initial setup as I build sites and the other for future new hires to all existing sites:

     

    1. Add a list of employees as 'Site Members' to a M365 Group

    2. Add a new hire to a list of M365 Groups

     

    Both processes worked for me.  They require exchange admin and a connect to exchange via powershell.  I believe you need a cmdlet installed first and local admin rights to the machine.

     

     

    Connect-ExchangeOnline -UserPrincipalName you@email.com -ShowProgress $true

#Add multiple users to a single group.  Replace path and file name for your CSV and the O365 group name.  CSV header should be a single column with a header of 'Member' without quotes

Import-CSV "C:\path\members.csv" | ForEach-Object {
Add-UnifiedGroupLinks –Identity "O365GroupName" –LinkType Members  –Links $_.member
}

#Add single users to list of groups.  Replace path and file name of the TXT and the email

Foreach ($group in (get-content "c:\path\groups.txt")){
    Add-UnifiedGroupLinks $group –LinkType Member -Links "newhire@email.com"
}

     

Resources