Forum Discussion

xoxidein's avatar
xoxidein
Iron Contributor
May 12, 2022
Solved

Can I See Where On-Premises Security Groups Are Used in SharePoint?

We have dozens of Security Groups synced to M365. Some of them are used in SharePoint. I'd like to see where these groups are being used so we can determine if they are still needed.
SharePoint Online
  • mr_w1nst0n's avatar
    mr_w1nst0n
    May 13, 2022

    xoxidein you have to create a PowerShell script for that.

     

    As starting point you can use something similar to: 

    https://www.sharepointdiary.com/2017/06/sharepoint-online-site-users-and-groups-report-powershell.html

     

    If you want to report only On-Premises Groups then you have to adapt the above script:

    • You have to export the list of Groups in Azure AD where source is  "Windows Server AD"
    • Save the output in a txt/csv file
    • Adapt the script to match the name of the Groups present in the output file
    • Execute the script on each site collection
mr_w1nst0n's avatar
mr_w1nst0n
Iron Contributor
May 13, 2022

xoxidein you have to create a PowerShell script for that.

 

As starting point you can use something similar to: 

https://www.sharepointdiary.com/2017/06/sharepoint-online-site-users-and-groups-report-powershell.html

 

If you want to report only On-Premises Groups then you have to adapt the above script:

  • You have to export the list of Groups in Azure AD where source is  "Windows Server AD"
  • Save the output in a txt/csv file
  • Adapt the script to match the name of the Groups present in the output file
  • Execute the script on each site collection
xoxidein's avatar
xoxidein
Iron Contributor
May 16, 2022

mr_w1nst0n Thank you for pointing me in the right direction. I ended up finding a more advanced script and was able to enter a Group, have it return all Sites found in my Tenant and display text next to the one that it found the Site that had the Group present!

  • xoxidein's avatar
    xoxidein
    Iron Contributor
    May 16, 2022

    For anyone else who comes here, I started using this script:

    https://knowledge-junction.com/2021/10/04/microsoft-365-powershell-script-get-all-sharepoint-sites-where-respective-security-group-has-permissions-using-sharepoint-online-powershell-connecting-tenant-using-username-and-password/

     

    And changed it into this:

    #Number of results
$numResults = 0

#Intro
Write-Host ""
Write-Host "##########################################" -ForegroundColor "Green"  
Write-Host -NoNewLine "#" -ForegroundColor "Green"  
Write-Host "                                        #" -ForegroundColor "Green"  
Write-Host "#  Find Sites That Contain Target Group  #" -ForegroundColor "Green"  
Write-Host -NoNewLine "#" -ForegroundColor "Green"  
Write-Host "                                        #" -ForegroundColor "Green"  
Write-Host "##########################################" -ForegroundColor "Green"  
Start-Sleep -s 3

#Check to see if the SharePoint Online Module is installed
Write-Host ""
Write-Host "Checking for installation of SharePoint Online module..." -ForegroundColor "Yellow"  
Start-Sleep -s 3

if (Get-Module -ListAvailable -Name Microsoft.Online.SharePoint.PowerShell) {
    Write-Host ""
    Write-Host "SharePoint Online module already installed." -ForegroundColor "Yellow"  
    Start-Sleep -s 3
} 
else 
{
    Write-Host ""
    Write-Host "Installing SharePoint Online module..." -ForegroundColor "Yellow"  
    Start-Sleep -s 3
    Write-Host ""
    Install-Module Microsoft.Online.SharePoint.PowerShell 
}

#Define Security Group
Write-Host ""
Write-Host "Type the name of the target Group: " -ForegroundColor "Yellow" -NoNewLine
$groupName = Read-Host 
Start-Sleep -s 3

#Connect to our M365 tenant - Please change here the tenant SharePoint site admin URL
Write-Host ""
Write-Host "Connecting to SharePoint Online..." -ForegroundColor "Yellow"  
Start-Sleep -s 3
Connect-SPOService "https://site-admin.sharepoint.com/"

#Get all SharePoint sites
Write-Host ""
Write-Host "Collecting Sites..." -ForegroundColor "Yellow"
Start-Sleep -s 3
$spoSites = Get-SPOSite -Limit All

#Seaching Every Site for target Group
Write-Host ""
Write-Host "Searching Sites..." -ForegroundColor "Yellow"
Write-Host ""
Start-Sleep -s 3
foreach ($spoSite in $spoSites)
{

    Write-Host $spoSite.Url -NoNewline

    #Search Groups
    try
    {
        $groups = Get-SPOUser -Site $spoSite.Url -Limit All |
        Where { $_.IsGroup -and $_.DisplayName -ne "Everyone" -and $_.DisplayName -ne "Everyone except external users"} 

        # verifying each group    
        foreach ($group in $groups)
        {
            #Check for Group match
            if($group.DisplayName.Contains($groupName))
            {
                #Site with Group
                Write-Host " *** Group Found ***" -ForegroundColor "Cyan" -NoNewline  
                
                #Add to count
                $numResults = $numResults + 1
            }           
        }        
    }
    catch
    {
        continue;
    }
    Write-Host "`r"
}

#Disconnect from SharePoint Online
Write-Host ""
Write-Host "Disconnecting from SharePoint Online" -ForegroundColor "Yellow"
Disconnect-SPOService

Write-Host ""
Write-Host "Found " -ForegroundColor "Yellow" -NoNewline 
Write-Host $numResults -ForegroundColor "Yellow" -NoNewline 
Write-Host " Site(s) containing " -ForegroundColor "Yellow" -NoNewline 
Write-Host $groupName -ForegroundColor "Yellow"
Write-Host ""
Write-Host "Mission Complete" -ForegroundColor "Green"
Write-Host ""

     

Resources