How to add AD Group to SharePoint Group using Powershell

Question

I use claim authentication for sharepoint 2016. AD group are Security Group - Domain Local.

I took this code that was on this forum (santosh kondapalli), but does not work for adding AD group. https://sharepoint.stackexchange.com/questions/133960/how-to-add-ad-group-to-sharepoint-group-using-powershell?newreg=70f56cc5e26348b7a5c1161ba894af7b


Function AddADGroup($SPGroupName,$ADGroupName)
{    
    $SiteCollection = "http://yoursitcollectionurl"
    $site = Get-SPWeb $SiteCollection
    $site.EnsureUser($ADGroupName)
    $ADGroupSPFriendly = $site | Get-SPUser $ADGroupName
    Set-SPUser -Identity $ADGroupSPFriendly -Web $SiteCollection -Group $SPGroupName
    Write-Host $ADGroupName
    Write-Host $ADGroupSPFriendly
    Write-Host "Added the ADGroup" + $ADGroupName + "Sucessfully to the SPGroup" + $SPGroupName

    $site.Dispose()
}

#To Execute this function 

AddADGroup "Sharepointgroup" "Domain\ADGroup"

Is this Ok for adding AD secure group ?? Because it does not work!!

AddADGroup "Group1" "i:0#.w|domain\FinanceADGroup"

This is working for adding users, but not for AD GROUP.

AddADGroup "Group1" "i:0#.w|domain\User"

Error

Exception calling "EnsureUser" with "1" argument(s): "The specified user c:0-.t|adfs|fsum/ORG_senat could not be found."
At line:5 char:5
+     $site.EnsureUser($ADGroupName)
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : SPException

Get-SPUser : You must specify a valid user object or user identity.
At line:6 char:34
+     $ADGroupSPFriendly = $site | Get-SPUser $ADGroupName
+                                  ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (Microsoft.Share....SPUserPipeBind:SPUserPipeBind) [Get-SPUser], PSArgumentException
    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletGetUser

Set-SPUser : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for the argument, and then try running the comma
nd again.
At line:7 char:26
+     Set-SPUser -Identity $ADGroupSPFriendly -Web $SiteCollection -Gro ...
+                          ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Set-SPUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.SharePoint.PowerShell.SPCmdletSetUser

Thanks for all help

do you have any -debug output to share or -verbose? What version of the activedirectory powershell module are you using? The cmdlet in the AD ps module I"m using is add-adgroupmember — Citizen, Apr 23 '20 at 23:41

score 0 · Answer 1 · answered Jun 01 '20 at 11:28

0

You can try this:

$ADGroupSPFriendly = $site.EnsureUser($ADGroupName)

answered Jun 01 '20 at 11:28

Nazar Syngaivskyi

1

How to add AD Group to SharePoint Group using Powershell

AddADGroup "Group1" "i:0#.w|domain\FinanceADGroup"

1 Answers1