Sharepoint Online permission management - grant an AD group SPO permission

david-love · June 8, 2016, 9:39am

This is probably an easy one, but I’m a sharepoint online noob and just learning powershell, so a push in the right direction would be very helpful from this awesome community.

Here’s what I’m trying to do:

Grant an Active Directory group: “group 1”
a custom permission I created in SPO “custom permission”
to a library “library 1”
in my site collection “site1”

I can’t figure it out, but I’m sure it’s possible. I found some articles detailing processes that would effectively allow me to do this, but involved adding an AD group to SPO group, which would necessitate creating a SPO group for every library.

Any ideas?

jack-neff · June 9, 2016, 7:23am

Have you seen this yet?
https://social.technet.microsoft.com/Forums/en-US/9bb172d8-bfb2-4442-a45b-3e369c566ca4/powershell-command-to-add-activedirectory-group-to-sitelibrary?forum=sharepointadminprevious

david-love · June 10, 2016, 12:01pm

Thanks for the help Jack! I actually didn’t come across that post, but it’s for sharepoint and I’m using Sharepoint online. The cmdlets are different, and I’m trying to make it work, but so far no luck.

matt-mcnabb · June 10, 2016, 8:47pm

Are you syncing your AD groups to Office 365? You’ll be assigning permissions to a Sharepoint group (security group in Office 365), but these can be synced over from your on-premise AD using Dirsync/AADSync.

Once the group is in Sharepoint, you should be able to set permissions on a site using Set-SPOSiteGroup:

https://technet.microsoft.com/en-us/library/fp161387.aspx

david-love · June 13, 2016, 10:53am

Thanks for the help Matt!

I think you can only add sharepoint groups to site permissions with that commandlet (I could be wrong), I’m trying to add AD-groups to sharepoint libraries’ permissions and still can’t get it working.

Our AD groups are sync’d with O365, and they do show up in the Azure AD portal. I can also accomplish fine through the Sharepoint online administration center in the library permissions group, so I know that sharepoint online recognizes the groups, I just can’t figure out how to automate this with powershell.

thom-schumacher · June 13, 2016, 12:26pm

Not sure if this helps or not but I’ve found this set of modules to be very beneficial when dealing with Sharepoint Online: GitHub - pnp/PnP-PowerShell: SharePoint PnP PowerShell CmdLets

OfficeDevPnP.PowerShell.V16.Commands
OfficeDevPnP.PowerShell.V15.Commands

Here are all the commands with Permissions in them:

get-command -module officedevpnP* Permissions

CommandType Name Version Source

Cmdlet Get-SPOGroupPermissions 2.3.1604.1 OfficeDevPnP.PowerShell.V16.Commands
Cmdlet Get-SPOGroupPermissions 2.3.1604.1 OfficeDevPnP.PowerShell.V15.Commands
Cmdlet Set-SPOGroupPermissions 2.3.1604.1 OfficeDevPnP.PowerShell.V16.Commands
Cmdlet Set-SPOGroupPermissions 2.3.1604.1 OfficeDevPnP.PowerShell.V15.Commands

Topic		Replies	Views
Sharepoint online group based on ad groups PowerShell Help	1	120	May 23, 2017
Sharepoint online: change user permissions PowerShell Help	2	125	April 19, 2017
Delegate permissions to Active Directory objects PowerShell Help	24	332	September 25, 2019
AD Command help PowerShell Help	6	84	June 17, 2016
Powershell script to replace usergroup in SPO PowerShell Help	1	137	November 30, 2020

Sharepoint Online permission management - grant an AD group SPO permission

Related Topics