Create a SharePoint group with permissions and add an AD group to it



  • Create a SharePoint group in a site collection
  • Assign that group an existing permission for Site Permissions list
  • Add an Active Directory group to that SharePoint group
  • Read the values from a CSV file
  • Repeat for 1000 groups spread across multiple site collections
  • The Site Collection Admin will run the script and be added as owner automatically



function global:New-SPGroup {
#Parameters that the script offers out to use,
# e.g. New-SPGroup -SiteCollection “
http://intranet/sitecollection” -ADGroupName “domain\ADgroup” -SPGroupName “SharePoint Group 1” -SPGroupDescription “Group Description” -SPGroupPermission “Permission”

#Required variabales for dev or single item runs, remove # and highlight from here down to above CSV section in Powershell ISE
#$SiteCollection = “
#$ADGroupName = “domain\adgroup”
#$SPGroupName = “My Test Group A1”
#$SPGroupDescription = “Test Group A1’s Description” #Note: do not use” – ” in description, i.e. space hyphen space
#$SPGroupPermission = “Read”

#Start of script
$site = Get-SPWeb $SiteCollection

#Check if the group already exists
if ($site.SiteGroups[“SPGroupName”] -eq $null)

#Ensure Group/User is part of site collection users beforehand and add them if needed

# Get the AD Group/User in a format that PowerShell can use otherwise there will be a string error
$ADGroupSPFriendly = $site | Get-SPUser $ADGroupName

#Create the SharePoint Group – Group Name, Group Owner, Group Member, Group Description. Can’t add AD group yet…
$NewSPGroup = $site.SiteGroups.Add($SPGroupName, $site.CurrentUser, $site.CurrentUser, $SPGroupDescription)
$NewSPAccount = $site.SiteGroups[“$SPGroupName”]

#Assign the Group permission
$GroupAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($NewSPAccount)
$GroupRole = $site.RoleDefinitions[“$SPGroupPermission”]

#Add the AD Group/User to the group, can’t be done during group creation when using Powershell otherwise errors so is done now.
Set-SPUser -Identity $ADGroupSPFriendly -Web $SiteCollection -Group $SPGroupName

#Read from the CSV input file
#CSV file must have header row – SiteColl, AdSecGroup, SPSecGroupName, SPGroupDesc, SPGroupPerm
#No “” around any items in the CSV file are needed
$csv = Import-csv -path D:\DEVGroupNameCSVFile2.csv
if ($csv -ne $null) {
foreach($line in $csv)
[string]$SiteCollection = $line.SiteColl;
[string]$ADGroupName = $line.AdSecGroup;
[string]$SPGroupName = $line.SPSecGroupName;
[string]$SPGroupDescription = $line.SPGroupDesc;
[string]$SPGroupPermission = $line.SPGroupPerm

New-SPGroup -Site $SiteCollection -ADGroupName $ADGroupName -SPGroupName $SPGroupName -SPGroupDescription $SPGroupDescription -SPGroupPermission $SPGroupPermission;


I hope someone else finds this script useful since all I found on the web were partial answers at best, and with a few solutions that didn’t match the requirement.

Errors encountered along the way and running the script

“You cannot add a domain group to a group.” – You can however add your AD group to the SharePoint group after is it created, just not while you are creating it. Resolved by the last part of the function.

Exception calling “Add” with “4” argument(s): “The specified name is already in use. Please try again with a new name.” – As it implies, this is a duplicate item in your CSV file.


Basis for script –

Additional information that you might find useful –

[aboutme username=”ashley.lawrence”]


Senior consultant and company director at The Full Circle. Passionate about automation scripting, end user experience and cloud technology.