<#
NOTE:
-----
In this Powershell Script to achieve Group Creation, Permission Levels Creation, Permission Given to the created group and Add Users to the group.
--------------------------------------------------------------------------------------------------------------------------------------------------
All required data are fetching from CSV file such as GroupName, GroupDescription, PermissionLevelName, PermissionLevelDescription, PermissionLevelList and Users.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
We can use this script in On-Premises(Offline) and Office365(Online).
---------------------------------------------------------------------
When start to run the script it will ask On-Premises (or) Office365 after choose the environment.
-------------------------------------------------------------------------------------------------
If it is On-Premises then it will ask Site URL and CSV file name finally Hit Enter then progress message will display there.
----------------------------------------------------------------------------------------------------------------------------
If it is Office365 then it will ask UserName, Password, Site URL and CSV file name finally Hit Enter then progress message will display there.
----------------------------------------------------------------------------------------------------------------------------------------------
#>
######################### Add SharePoint PowerShell Snapin ###############################################
if ( (Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null )
{
Add-PSSnapin Microsoft.SharePoint.Powershell
}
########################### End of Add SharePoint PowerShell Snapin ##################################
######################## Set Execution Path ################################################
$scriptBase = split-path $SCRIPT:MyInvocation.MyCommand.Path -parent
Set-Location $scriptBase
################################# End of Set Execution Path #################################
############################ Functions Starts Here #########################################
function PermissionLevelCreation([string]$PermissionLevelName, [string]$PermissionLevelDescription, [string]$PermissionLevelList)
{
try
{
$web = $Context.Web
$Context.Load($web)
$permissionlevel = $PermissionLevelList;
#"ManageLists, CancelCheckOut, AddListItems, EditListItems, DeleteListItems, ViewListItems, ApproveItems, OpenItems, ViewVersions, DeleteVersions, CreateAlerts, ViewFormPages, ManagePermissions, BrowseDirectories, ViewPages, EnumeratePermissions, BrowseUserInfo, UseRemoteAPIs, Open"
$RoleDefinitionCol = $web.RoleDefinitions
$Context.Load($RoleDefinitionCol)
$Context.ExecuteQuery()
$permExists = $false
$spRoleDef = New-Object Microsoft.SharePoint.Client.RoleDefinitionCreationInformation
$spBasePerm = New-Object Microsoft.SharePoint.Client.BasePermissions
$permissions = $permissionlevel.split(",");
foreach($perm in $permissions)
{
$spBasePerm.Set($perm)
}
try
{
#Create Permission Levels for group
$spRoleDef.Name = $PermissionLevelName
$spRoleDef.Description = $PermissionLevelDescription
$spRoleDef.BasePermissions = $spBasePerm
$roleDefinition = $web.RoleDefinitions.Add($spRoleDef)
$Context.ExecuteQuery()
Write-Host $PermissionLevelName "Permission Levels created successfully!!!"
}
catch
{
Write-Host "Permission Level Name is already created so try it in different Permission Level Name" -ForegroundColor Red
}
}
catch
{
}
}
function CreateGrpNPermissionLevel([string]$GroupName, [string]$GroupDescription, [string]$PermissionLevelName)
{
try
{
try
{
#Retrieve Groups
$Groups = $Context.Web.SiteGroups
$Context.Load($Groups)
$Context.ExecuteQuery()
#Create Group
$NewGroup = New-Object Microsoft.SharePoint.Client.GroupCreationInformation
$NewGroup.Title = $GroupName
$NewGroup.Description = $GroupDescription
$custGroup = $Context.Web.SiteGroups.Add($NewGroup)
$Context.Load($custGroup)
$Context.ExecuteQuery()
Write-Host $GroupName "Group created successfully!!!"
}
catch
{
Write-Host $GroupName "Group Name is already created so try it in different Group Name" -ForegroundColor Red
}
try
{
#Retrieve Permission Level by Name
$grpPermissionLevel = $Context.Web.RoleDefinitions.GetByName($PermissionLevelName)
#Bind Permission Level to Group
$currentGroupName = $Context.Web.SiteGroups.GetByName($GroupName)
$RoleDefBind = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Context)
$RoleDefBind.Add($grpPermissionLevel)
$Assignments = $Context.Web.RoleAssignments
$RoleAssignOneNote = $Assignments.Add($currentGroupName,$RoleDefBind)
$Context.Load($currentGroupName)
$Context.ExecuteQuery()
Write-Host $PermissionLevelName "Group permission level activated successfully!!!"
}
catch
{
Write-Host $PermissionLevelName "Group Permission Level is already active only" -ForegroundColor Red
}
}
catch
{
}
}
function addUsernGrp([string]$GroupName, [string]$Users)
{
try
{
$spoGName=$GroupName
$currentGroup = $Web.SiteGroups.GetByName($spoGName)
$userToAdd=$Users
$userList = $userToAdd.split(",");
foreach($NUsers in $userList)
{
#$spGrpUsers.Set($NUsers)
$Member = $Context.Web.EnsureUser($NUsers)
$Context.Load($Member)
# Add Member (can be user or Security Group)
$addMember=$currentGroup.Users.AddUser($Member)
$Context.Load($addMember)
$Context.ExecuteQuery()
}
Write-Host "Users Added Successfully to" $GroupName "!!!"
}
catch
{
}
}
########################### Functions Ends Here ###########################################
#Add references to SharePoint client assemblies and authenticate to Office 365 site - required for CSOM
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Taxonomy.dll"
$question = Read-Host "Are you proceed with On-Premises or Office365? If On-Premises Type ON Else Type OFF for Office365"
If (($question -eq "ON") -or ($question -eq "on") -or ($question -eq "On") -or ($question -eq "oN"))
{
$SiteURL = Read-Host -Prompt "Please enter the Site URL"
$CSVFileName=Read-Host -Prompt "Please enter Your CSV file Name"
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
if (!$Context.ServerObjectIsNull.Value)
{
Write-Host "Connected to SharePoint On-Premises site: '$SiteURL'" -ForegroundColor Green
$web = $Context.Web
$Context.Load($web)
$Context.ExecuteQuery()
}
}
Elseif (($question -eq "OFF") -or ($question -eq "off") -or ($question -eq "Off") -or ($question -eq "oFF"))
{
$User = Read-Host -Prompt "Please enter your Login Name"
$Password = Read-Host -Prompt "Please enter your password" -AsSecureString
$Creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($User,$Password)
$SiteURL = Read-Host -Prompt "Please enter the Site URL"
$CSVFileName=Read-Host -Prompt "Please enter Your CSV file Name"
#Bind to site collection
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($User,$Password)
$Context.Credentials = $Creds
if (!$Context.ServerObjectIsNull.Value)
{
Write-Host "Connected to SharePoint Office365 site: '$SiteURL'" -ForegroundColor Green
$web = $Context.Web
$Context.Load($web)
$Context.ExecuteQuery()
}
}
Else
{
Write-Host -BackgroundColor White -ForegroundColor Red "INVALID ENTRY! Please try again."
Break
#Exit
}
#################Creating Group##########################################################
$permissionLevelsCSV = $scriptBase + "\" + $CSVFileName
import-csv $permissionLevelsCSV |select -first 1 | where {
PermissionLevelCreation $_.PermissionLevelName $_.PermissionLevelDescription $_.PermissionLevelList
}
$GrpCreationPermissionLvlBindingtoGrpCSV = $scriptBase + "\" + $CSVFileName
import-csv $GrpCreationPermissionLvlBindingtoGrpCSV | where {
CreateGrpNPermissionLevel $_.GroupName $_.GroupDescription $_.PermissionLevelName
}
$AddUserstoGrpCSV = $scriptBase + "\" + $CSVFileName
import-csv $AddUserstoGrpCSV | where {
addUsernGrp $_.GroupName $_.Users
}
Sample CSV file: