Add an Azure AD Security Group to sub webs under root site with PowerShell

Regular Contributor


I have been knocking up a small PowerShell script to assign a security group to all sub webs with unique permissions under a root site.  Building a list of sub web urls is straighforward. However,   I have looked though the various PnP or SharePoint online commands, but  still can't see how I can add either the security group say with "Full control" permissions or simple add the security group as a member to the web owners group.  


I think we could do this historically with on premise SharePoint using local AD groups. 






1 Reply

@Daniel Westerdale 



Bizarely, after watching the film Fight Club, the answer cam really quickly :beaming_face_with_smiling_eyes:.


1) get locate your Azure AD group


$adGroupToAddtoWeb = Get-PnPAzureADGroup -Identity "YOUR_SG_GROUP_NAME"



2) in your Foreach loop of sites you connect to , locate the owner group and then add the above AD group 

but make sure you you use the client creation into syntax




$ownerGroup = Get-PnPGroup -AssociatedOwnerGroup

      Add-PnPGroupMember -LoginName  ("c:0t.c|tenant|" + $adGroupToAddtoWeb.Id.ToString())   -Group $ownerGroup

     # write output
     $message ='your chosen SG now added to Owners group'

   catch {
      $message = 'AD group not added'
      Write-Error $Error[0]



Hope someone finds this useful.