PowerShell to pull direct and SP/AD groups permissions for an SPO Site Collection

%3CLINGO-SUB%20id%3D%22lingo-sub-795432%22%20slang%3D%22en-US%22%3EPowerShell%20to%20pull%20direct%20and%20SP%2FAD%20groups%20permissions%20for%20an%20SPO%20Site%20Collection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-795432%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20tested%20below%20script%20for%20pulling%20SharePoint%20groups%20(%20including%20their%20members%20)%20and%20the%20permissions%20for%20a%20SharePoint%20Online%20site%20collection%20%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EImport-Module%20Microsoft.Online.Sharepoint.PowerShell%20-DisableNameChecking%3C%2FP%3E%3CP%3E%24AdminSiteURL%3D%22%3CA%20href%3D%22https%3A%2F%2Fadmin.accenture.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EURL%3C%2FA%3E%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Connect%20To%20SharePoint%20Online%3C%2FP%3E%3CP%3EConnect-SPOService%20-url%20%24AdminSiteURL%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Get%20the%20Site%20collection%3C%2FP%3E%3CP%3E%24URL%20%3D%20Get-SPOSite%20-Identity%20%3CA%20href%3D%22https%3A%2F%2Fts.accenture.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%22URL%3C%2FA%3E%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23Get%20all%20Groups%20of%20the%20site%20collection%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%24GroupColl%20%3D%20Get-SPOSiteGroup%20-Site%20%24URL%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EForeach(%24Group%20in%20%24GroupColl)%3C%2FP%3E%3CP%3E%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%23Get%20Permissions%20assigned%20to%20the%20Group%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24GroupPermissions%3D%22%22%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20ForEach(%24Role%20in%20%24Group.Roles)%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24GroupPermissions%2B%3D%20%24Role%2B%22%3B%22%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Write-host%20-f%20Yellow%20%22Group%20Name%3A%20%24(%24Group.Title)%20-%20Permissions%3A%20%24(%24GroupPermissions)%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%23Get%20each%20member%20of%20the%20group%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20foreach(%24User%20in%20%24Group.Users)%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20write-host%20-f%20Green%20%24user%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%2C%20we%20have%20a%20requirement%20to%20get%20direct%20and%20domain%20group%20permissions%20as%20well.%20I%20am%20not%20getting%20any%20leads%20to%20how%20modify%20the%20above%20script%20.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anyone%20worked%20on%20such%20script%20before%20or%20have%20any%20idea%20how%20to%20modify%20the%20above%20one%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3EVimmi%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi All,

 

I have tested below script for pulling SharePoint groups ( including their members ) and the permissions for a SharePoint Online site collection :

 

Import-Module Microsoft.Online.Sharepoint.PowerShell -DisableNameChecking

$AdminSiteURL="URL"

 

#Connect To SharePoint Online

Connect-SPOService -url $AdminSiteURL

 

#Get the Site collection

$URL = Get-SPOSite -Identity "URL"

 

#Get all Groups of the site collection   

$GroupColl = Get-SPOSiteGroup -Site $URL

 

Foreach($Group in $GroupColl)

{

    #Get Permissions assigned to the Group

    $GroupPermissions=""

    ForEach($Role in $Group.Roles)

    {

        $GroupPermissions+= $Role+";"

    }

    Write-host -f Yellow "Group Name: $($Group.Title) - Permissions: $($GroupPermissions)"

 

    #Get each member of the group

    foreach($User in $Group.Users)

    {

         write-host -f Green $user

    }             

}

 

But, we have a requirement to get direct and domain group permissions as well. I am not getting any leads to how modify the above script .

 

Has anyone worked on such script before or have any idea how to modify the above one ?

 

Regards,

Vimmi

0 Replies