Forum Discussion

Dustin Dauphin's avatar
Dustin Dauphin
Copper Contributor
Nov 28, 2022
Solved

Find/Replace AD Groups across tenant

Hi All,   We are going through an on-prem Active Directory domain flattening, from many domains into one single domain.  We currently have AD groups from the various on-prem domains syncing to Azur...
admin
Permissions
powershell
security
SharePoint Online
  • NicolasKheirallah's avatar
    NicolasKheirallah
    Dec 02, 2022

    Dustin Dauphin 

    Unfortunately when adding an AD group as a member to a SharePoint site, it's seen as a Person and not as a AD group. So distinguishing it is going to be hard.  I did a blogpost about something similar last year which you can modify, this iterates all the groups and check if the ID exist in the member list foreach site.   What I did was export to CSV and not delete them so you can modify it, I added the snippet down below : 

    https://yourmodernworkplace.com/blog/List-All-AD-Groups-From-All-SharePoint-Sites

     

    Import-Module Microsoft.Graph.Groups
Export-Csv -Path getAllSitesWithADGroup.csv
Connect-Graph -Scopes "Group.Read.All","Directory.Read.All"
$getAllADGroups = Get-MgGroup
$getAllADGroups = Get-AzureADGroup

Connect-PnPOnline -Url "https://-admin.sharepoint.com/" -Interactive

#Get All Site collections data and export to CSV
$getAllSites = Get-PnPTenantSite

foreach($site in $getAllSites.Url)
{

#Connect to PnP Online
Connect-PnPOnline -Url $site -Interactive
#sharepoint online pnp powershell get group members
$site
$getAllMembers = Get-PnPGroup | Get-PnPGroupMember

$getAllADGroups.Id | ForEach-Object {
    if ($getAllMembers.LoginName -match $_) {
#Do your thing
Write-Host "`$getAllMembers contains the `$getAllADGroups ad group [$_]"

 }
    }
}
}
NicolasKheirallah's avatar
NicolasKheirallah
MVP
Dec 02, 2022

Dustin Dauphin 

Unfortunately when adding an AD group as a member to a SharePoint site, it's seen as a Person and not as a AD group. So distinguishing it is going to be hard.  I did a blogpost about something similar last year which you can modify, this iterates all the groups and check if the ID exist in the member list foreach site.   What I did was export to CSV and not delete them so you can modify it, I added the snippet down below : 

https://yourmodernworkplace.com/blog/List-All-AD-Groups-From-All-SharePoint-Sites

 

Import-Module Microsoft.Graph.Groups
Export-Csv -Path getAllSitesWithADGroup.csv
Connect-Graph -Scopes "Group.Read.All","Directory.Read.All"
$getAllADGroups = Get-MgGroup
$getAllADGroups = Get-AzureADGroup

Connect-PnPOnline -Url "https://-admin.sharepoint.com/" -Interactive

#Get All Site collections data and export to CSV
$getAllSites = Get-PnPTenantSite

foreach($site in $getAllSites.Url)
{

#Connect to PnP Online
Connect-PnPOnline -Url $site -Interactive
#sharepoint online pnp powershell get group members
$site
$getAllMembers = Get-PnPGroup | Get-PnPGroupMember

$getAllADGroups.Id | ForEach-Object {
    if ($getAllMembers.LoginName -match $_) {
#Do your thing
Write-Host "`$getAllMembers contains the `$getAllADGroups ad group [$_]"

 }
    }
}
}
Dustin Dauphin's avatar
Dustin Dauphin
Copper Contributor
Dec 05, 2022
Thanks Nicolas, we will take a look at this and see if it can help us!