Create Group & Add Group Members
This PnP PowerShell script automates the creation of SharePoint groups and adds multiple users as members in a single operation. Streamline permission management by creating groups with predefined members for consistent access control.
Purpose
This script helps with SharePoint group management by:
- Creating new SharePoint groups with specific permissions
- Adding multiple users to groups simultaneously
- Automating bulk group provisioning for new projects or teams
- Ensuring consistent permission group setup across sites
- Simplifying user access management through group-based permissions
Prerequisites
- PnP PowerShell module installed
- Site collection administrator permissions
- Connection to your SharePoint Online site
- Valid user accounts in your Microsoft 365 tenant
- Appropriate permissions to create groups and manage membership
PowerShell Script
# Script 1: Create "Intranet Approvers" group and add users
param(
[string]$SiteUrl = "https://tenantName.sharepoint.com/sites/siteName",
[string]$ClientId = "",
[string]$GroupName = "Intranet Approvers", # Define the Group Name
[string]$GroupDescription = "Users who can approve intranet content", # Define the description
[string]$PermissionLevel = "Design" # Define the permission level
)
# Define the list of users to add to the group
$UserEmails = @(
"user@tenant.com"
)
try {
# Connect to SharePoint Online site
Write-Host "Connecting to SharePoint site: $SiteUrl" -ForegroundColor Green
Connect-PnPOnline -Url $SiteUrl -Interactive -ClientId $ClientId
# Check if group already exists
$existingGroup = Get-PnPGroup -Identity $GroupName -ErrorAction SilentlyContinue
if ($existingGroup) {
Write-Host "Group '$GroupName' already exists. Skipping creation." -ForegroundColor Yellow
} else {
# Create the SharePoint group
Write-Host "Creating SharePoint group: $GroupName" -ForegroundColor Green
New-PnPGroup -Title $GroupName -Description $GroupDescription
Write-Host "Group '$GroupName' created successfully!" -ForegroundColor Green
}
# Set permissions for the group
Write-Host "Setting permission level '$PermissionLevel' for group '$GroupName'" -ForegroundColor Green
try {
Set-PnPGroupPermissions -Identity $GroupName -AddRole $PermissionLevel
Write-Host "✓ Permission level '$PermissionLevel' assigned to '$GroupName'" -ForegroundColor Green
} catch {
Write-Host "⚠ Warning: Failed to set permissions - $($_.Exception.Message)" -ForegroundColor Yellow
Write-Host "You may need to set permissions manually or the group may already have permissions assigned." -ForegroundColor Yellow
}
# Add users to the group
Write-Host "Adding users to group: $GroupName" -ForegroundColor Green
foreach ($userEmail in $UserEmails) {
try {
# Check if user is already in the group first
$currentMembers = Get-PnPGroupMember -Identity $GroupName -ErrorAction SilentlyContinue
$existingMember = $currentMembers | Where-Object { $_.Email -eq $userEmail -or $_.LoginName -like "*$userEmail*" }
if ($existingMember) {
Write-Host "⚠ $userEmail is already a member of $GroupName" -ForegroundColor Yellow
continue
}
# Add user to the site first (this ensures the user exists in Site User Info List)
Write-Host "Adding user $userEmail to site..." -ForegroundColor Yellow
$user = New-PnPUser -LoginName $userEmail
Write-Host "✓ User $userEmail added to site" -ForegroundColor Green
# Add user to group using SharePoint group management
$group = Get-PnPGroup -Identity $GroupName
$siteUsers = Get-PnPUser
$targetUser = $siteUsers | Where-Object { $_.Email -eq $userEmail -or $_.LoginName -like "*$userEmail*" }
if ($targetUser) {
# Use SharePoint's native group membership method
$web = Get-PnPWeb
$groupObj = $web.SiteGroups.GetByName($GroupName)
$userObj = $web.SiteUsers.GetByEmail($userEmail)
$groupObj.Users.AddUser($userObj)
$web.Context.ExecuteQuery()
Write-Host "✓ Added $userEmail to $GroupName" -ForegroundColor Green
} else {
Write-Host "✗ Could not find user $userEmail after adding to site" -ForegroundColor Red
}
} catch {
Write-Host "✗ Failed to add $userEmail to $GroupName - Error: $($_.Exception.Message)" -ForegroundColor Red
}
}
# Display group members and permissions
Write-Host "`nCurrent members of '$GroupName':" -ForegroundColor Cyan
$groupMembers = Get-PnPGroupMember -Identity $GroupName
foreach ($member in $groupMembers) {
Write-Host " - $($member.Email) ($($member.Title))" -ForegroundColor White
}
# Display group permissions
Write-Host "`nPermission level for '$GroupName': $PermissionLevel" -ForegroundColor Cyan
} catch {
Write-Host "Error: $($_.Exception.Message)" -ForegroundColor Red
} finally {
Disconnect-PnPOnline
}
Usage Notes
- Update the site URL to match your SharePoint environment
- Ensure all users exist in your Microsoft 365 tenant before adding to groups
- Test group creation and member addition in a development environment first
- Verify proper permissions before running the script
- Consider using existing Active Directory groups for large user sets
- Document group purposes and permissions for future reference