Managing SharePoint Groups is a crucial task for administrators to control access and permissions. With PnP PowerShell, you can efficiently add or remove users from SharePoint groups, ensuring proper access control.
This guide will walk you through:
✔ Listing SharePoint Groups
✔ Adding a User to a SharePoint Group
✔ Removing a User from a SharePoint Group
✔ Verifying Changes
Prerequisites
Before executing commands, ensure that you have:
SharePoint Admin or Site Owner permissions
PnP PowerShell module installed
Connected to SharePoint Online
Step 1: Install and Import PnP PowerShell Module
If you haven’t installed PnP PowerShell, install it using:
Install-Module -Name PnP.PowerShell -Scope CurrentUser -AllowClobber -Force
Then, import the module:
Import-Module PnP.PowerShell
Step 2: Connect to SharePoint Online
To manage SharePoint groups, connect to SharePoint Online:
Connect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/YourSite" -Interactive
🔹 Replace "yourtenant" with your SharePoint tenant name.
🔹 Replace "YourSite" with your actual site name.
🔹 The -Interactive flag prompts for authentication.
For App-based authentication, use:
Connect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/YourSite" -ClientId "Your-App-Client-ID" -Tenant "yourtenant.onmicrosoft.com" -CertificatePath "Path\To\Certificate.pfx"
Step 3: List SharePoint Groups in a Site
To get a list of all SharePoint Groups in a site:
Get-PnPGroup
🔹 This command retrieves a list of all groups available in the SharePoint site.
If you need a specific group, use:
Get-PnPGroup -Identity "Your Group Name"
Step 4: Add a User to a SharePoint Group
To add a user to a SharePoint group, use:
Add-PnPGroupMember -Group "Your Group Name" -Users "user@yourtenant.com"
🔹 Replace "Your Group Name" with the actual SharePoint Group name.
🔹 Replace "user@yourtenant.com" with the user’s email address.
🔹 You can add multiple users by separating emails with commas:
Add-PnPGroupMember -Group "Your Group Name" -Users "user1@yourtenant.com","user2@yourtenant.com"
The specified user(s) will now be a member of the group.
Step 5: Remove a User from a SharePoint Group
To remove a user from a SharePoint Group, use:
Remove-PnPGroupMember -Group "Your Group Name" -Users "user@yourtenant.com"
🔹 Replace "Your Group Name" with the actual SharePoint Group name.
🔹 Replace "user@yourtenant.com" with the email of the user to be removed.
🔹 You can remove multiple users by adding more emails:
Remove-PnPGroupMember -Group "Your Group Name" -Users "user1@yourtenant.com","user2@yourtenant.com"
Note: Ensure at least one valid Site Owner or Admin remains before removing all users.
Step 6: Verify Users in a Group
To check who is in a SharePoint Group, use:
Get-PnPGroupMembers -Group "Your Group Name"
This will display a list of users in the specified group.
Step 7: Disconnect PowerShell Session
Once the task is complete, disconnect the session:
Disconnect-PnPOnline
This prevents unauthorized access and ensures security.
Common Errors & Troubleshooting
| Error | Possible Cause | Solution |
|---|---|---|
Group not found | Group name is incorrect | Verify the group name with Get-PnPGroup |
User not found | Email format incorrect | Ensure the user exists in Microsoft 365 |
Cannot connect to SharePoint Online | Authentication issues | Use -Interactive login mode |
Access Denied | Insufficient permissions | Ensure you are a SharePoint Admin or Site Owner |
Command not recognized | PnP PowerShell module missing | Run Install-Module -Name PnP.PowerShell |