Sharepoint Online permission management - grant an AD group SPO permission

This topic contains 5 replies, has 4 voices, and was last updated by Profile photo of thom schumacher thom schumacher 3 months, 2 weeks ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #42273
    Profile photo of TheDL
    TheDL
    Participant

    This is probably an easy one, but I'm a sharepoint online noob and just learning powershell, so a push in the right direction would be very helpful from this awesome community.

    Here's what I'm trying to do:

    Grant an Active Directory group: "group 1"
    a custom permission I created in SPO "custom permission"
    to a library "library 1"
    in my site collection "site1"

    I can't figure it out, but I'm sure it's possible. I found some articles detailing processes that would effectively allow me to do this, but involved adding an AD group to SPO group, which would necessitate creating a SPO group for every library.

    Any ideas?

    #42430
    Profile photo of Jack Neff
    Jack Neff
    Participant
    #42561
    Profile photo of TheDL
    TheDL
    Participant

    Thanks for the help Jack! I actually didn't come across that post, but it's for sharepoint and I'm using Sharepoint online. The cmdlets are different, and I'm trying to make it work, but so far no luck.

    #42605
    Profile photo of Matt McNabb
    Matt McNabb
    Participant

    Are you syncing your AD groups to Office 365? You'll be assigning permissions to a Sharepoint group (security group in Office 365), but these can be synced over from your on-premise AD using Dirsync/AADSync.

    Once the group is in Sharepoint, you should be able to set permissions on a site using Set-SPOSiteGroup:

    https://technet.microsoft.com/en-us/library/fp161387.aspx

    #42736
    Profile photo of TheDL
    TheDL
    Participant

    Thanks for the help Matt!

    I think you can only add sharepoint groups to site permissions with that commandlet (I could be wrong), I'm trying to add AD-groups to sharepoint libraries' permissions and still can't get it working.

    Our AD groups are sync'd with O365, and they do show up in the Azure AD portal. I can also accomplish fine through the Sharepoint online administration center in the library permissions group, so I know that sharepoint online recognizes the groups, I just can't figure out how to automate this with powershell.

    #42752
    Profile photo of thom schumacher
    thom schumacher
    Participant

    Not sure if this helps or not but I've found this set of modules to be very beneficial when dealing with Sharepoint Online: https://github.com/OfficeDev/PnP-PowerShell

    OfficeDevPnP.PowerShell.V16.Commands
    OfficeDevPnP.PowerShell.V15.Commands

    Here are all the commands with Permissions in them:

    get-command -module officedevpnP* *Permissions*

    CommandType Name Version Source
    ———– —- ——- ——
    Cmdlet Get-SPOGroupPermissions 2.3.1604.1 OfficeDevPnP.PowerShell.V16.Commands
    Cmdlet Get-SPOGroupPermissions 2.3.1604.1 OfficeDevPnP.PowerShell.V15.Commands
    Cmdlet Set-SPOGroupPermissions 2.3.1604.1 OfficeDevPnP.PowerShell.V16.Commands
    Cmdlet Set-SPOGroupPermissions 2.3.1604.1 OfficeDevPnP.PowerShell.V15.Commands

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.