Get All groups from a SharePoint Site (including Domain Groups)

[skywalkerisnull]

Hello everyone,

I am attempting to get all of the groups that have been assigned to a SharePoint site with the following code snippet. As a side effect, this is only pickup up the SharePoint Groups, and not the Domain Groups. I have attempted to use both PnPGroup and the PnPSiteGroup.

foreach ($site in $AllSites) {
    $PermissionCollection = @()
    # Connect to SharePoint Online
    Write-Host $site.SiteUrl -ForegroundColor "Green"
    Connect-PnPOnline -Url $site.SiteUrl -UseWebLogin
    $x = Get-PnpSiteGroup -Site $site.SiteUrl
    $z = Get-PnPGroup | Select-Object Title, Users
    foreach ($y in $x) {
        $group = Get-PnpSiteGroup -Site $site.SiteUrl -Group $y.Title | Select-Object -ExpandProperty Users
        # $group = Get-PnPGroup -Group $y.Title | Select-Object -ExpandProperty Users
        if ($group.Count -eq 0) {

        }
        else {
            try {
                $permission = Get-PnPGroupPermissions -Identity $y.Title

                Write-Host $y.Title -ForegroundColor "Yellow"
                Write-Host $group -ForegroundColor "Cyan"


                $Permissions = New-Object PSObject
                $Permissions | Add-Member NoteProperty URL($site.SiteUrl)
                $Permissions | Add-Member NoteProperty Title($y.Title)
                $Permissions | Add-Member NoteProperty GroupName($y.OwnerTitle)
                $permissionString = $permission.Name -join "; "
                $Permissions | Add-Member NoteProperty Permission($permissionString)
                $groupString = $group -join "; "
                $Permissions | Add-Member NoteProperty Users($groupString)
            }
            catch {
                Write-Host $y.Title "Doesn't have any permissions" -ForegroundColor "Red"
            }
        }

        $PermissionCollection += $Permissions
    }

When I run the above snippet, I will only get the Inventory Members, Owners, and Visitors, but I will not get the SPO Inventory or SPO SharePoint groups.

Am I missing a Cmdlet? or is there a way to get it to return the Domain Groups as well?

[AndersRask]

The security groups are fetched using Get-PnPUser and are of PrincipalType: SecurityGroup

Also you need to load the properties on the web. Something along these lines

$web = get-pnpweb -Connection $c -Includes RoleAssignments,SiteGroups, RoleDefinitions,HasUniqueRoleAssignments
$web.RoleAssignments | % { Get-PnPProperty -Property Member -ClientObject $_ -Connection $c| select -expand loginname }

Hope this helps

[skywalkerisnull]

In case some needs something similar in the future, I took my original snippet, and the details from AndersRask and created the following:

function Get-SitePermissions ($SiteURL, $ReportFile) {
    # Connect to the site using PnP PowerShell
    Write-Host "Connecting to: " $SiteURL -ForegroundColor "Green"
    $connection = Connect-PnPOnline -Url $SiteURL -UseWebLogin -ReturnConnection
    if ($null -eq $connection)
    {
      Write-Host "Connection failed: " $SiteURL -ForegroundColor "Red"
      return
    }
    # Get the web object
    $web = Get-PnPWeb -Connection $connection -Includes RoleAssignments,SiteGroups,RoleDefinitions,HasUniqueRoleAssignments
    # Create an empty array to store the output
    $output = @()
    # Loop through each role assignment
    $roleAssingments = $web.RoleAssignments
    foreach ($ra in $roleAssingments) {
      # Get the member and role definition objects
      
      $member = Get-PnPProperty -Property Member -ClientObject $ra
      $rolebindings = get-pnpproperty -ClientObject $ra -Property RoleDefinitionBindings
      # Create a custom object with the desired properties
      $obj = [PSCustomObject]@{
        URL = $SiteURL
        SiteTitle = $web.Title
        GroupName = $member.Title
        Permission = $rolebindings.Name -join "; "
        Users = ""
      }

      Write-Host "    Member: " $member.Title -ForegroundColor "Cyan"

      # Check if the member is a group or a user
      if ($member.PrincipalType -eq "SharePointGroup") {
        # Get the users in the group
        $users = Get-PnPProperty -Property Users -ClientObject $member
        # Add the user names to the object
        foreach ($user in $users) {
          $obj.Users += "$($user.Title); "
        }
      }
      else {
        # Add the user name to the object
        $obj.Users = $member.Title
      }
      # Add the object to the output array
      $output += $obj
    }
    # Export the output array to a CSV file
    $output | Export-Csv -Path $ReportFile -NoTypeInformation -Append
  }

[HaraldPfirmann]

Hello

Reading is Ok.
And how can I remove domain groups and users from site permissions?

Best regards
Harald