Create Group & Add Users

This PnP PowerShell script automates the creation of SharePoint groups and adds specified users to those groups. This streamlines permission management and ensures consistent group setup across your SharePoint environment.

Purpose

SharePoint group management helps maintain security and organization by:

Creating standardized permission groups
Bulk adding users to appropriate groups
Automating user provisioning processes
Ensuring consistent security implementation
Simplifying permission maintenance

Prerequisites

PnP PowerShell module installed
Site collection administrator permissions
Connection to your SharePoint Online site
Valid user email addresses for group members

PowerShell Script

# Connect to SharePoint Online site
Connect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/yoursite" -Interactive

# Define groups configuration directly in script
$groupsConfig = @(
    @{
        name = "HR Team"
        description = "Human Resources team members with access to HR documents"
        permissionLevel = "Contribute"
        users = @("hr.manager@company.com", "hr.assistant@company.com", "hr.coordinator@company.com")
    },
    @{
        name = "IT Administrators"
        description = "IT team members with administrative access"
        permissionLevel = "Full Control"
        users = @("it.admin@company.com", "it.support@company.com", "system.admin@company.com")
    },
    @{
        name = "Finance Team"
        description = "Finance department with access to financial documents"
        permissionLevel = "Edit"
        users = @("finance.manager@company.com", "accountant@company.com", "finance.analyst@company.com")
    },
    @{
        name = "Project Managers"
        description = "Project management team with project oversight access"
        permissionLevel = "Contribute"
        users = @("pm.lead@company.com", "project.coordinator@company.com", "scrum.master@company.com")
    }
)

# Function to create group and add users
function New-SharePointGroupWithUsers {
    param(
        [string]$GroupName,
        [string]$Description,
        [string]$PermissionLevel,
        [array]$Users
    )
    
    try {
        # Check if group already exists
        $existingGroup = Get-PnPGroup -Identity $GroupName -ErrorAction SilentlyContinue
        
        if ($existingGroup) {
            Write-Host "Group '$GroupName' already exists. Skipping creation." -ForegroundColor Yellow
            $group = $existingGroup
        } else {
            # Create the SharePoint group
            Write-Host "Creating group: $GroupName" -ForegroundColor Green
            $group = New-PnPGroup -Title $GroupName -Description $Description
            Write-Host "Group '$GroupName' created successfully." -ForegroundColor Green
        }
        
        # Set permission level if specified
        if ($PermissionLevel -and $PermissionLevel -ne "") {
            try {
                Set-PnPGroupPermissions -Identity $GroupName -AddRole $PermissionLevel
                Write-Host "Permission level '$PermissionLevel' assigned to group '$GroupName'." -ForegroundColor Green
            }
            catch {
                Write-Host "Warning: Could not assign permission level '$PermissionLevel' to group '$GroupName'. Error: $($_.Exception.Message)" -ForegroundColor Yellow
            }
        }
        
        # Add users to the group
        foreach ($user in $Users) {
            try {
                # Check if user is already in the group
                $existingUser = Get-PnPGroupMember -Identity $GroupName | Where-Object { $_.Email -eq $user }
                
                if ($existingUser) {
                    Write-Host "User '$user' is already a member of group '$GroupName'. Skipping." -ForegroundColor Yellow
                } else {
                    Add-PnPGroupMember -Identity $GroupName -Users $user
                    Write-Host "Added user '$user' to group '$GroupName'." -ForegroundColor Green
                }
            }
            catch {
                Write-Host "Error adding user '$user' to group '$GroupName': $($_.Exception.Message)" -ForegroundColor Red
            }
        }
        
        return $group
    }
    catch {
        Write-Host "Error creating group '$GroupName': $($_.Exception.Message)" -ForegroundColor Red
        return $null
    }
}

# Process each group from configuration
foreach ($groupConfig in $groupsConfig) {
    Write-Host "`nProcessing group: $($groupConfig.name)" -ForegroundColor Cyan
    
    $result = New-SharePointGroupWithUsers -GroupName $groupConfig.name `
                                         -Description $groupConfig.description `
                                         -PermissionLevel $groupConfig.permissionLevel `
                                         -Users $groupConfig.users
    
    if ($result) {
        Write-Host "Group '$($groupConfig.name)' processed successfully with $($groupConfig.users.Count) users." -ForegroundColor Green
    }
}

Write-Host "`nGroup creation and user assignment completed." -ForegroundColor Cyan
Write-Host "Total groups processed: $($groupsConfig.Count)" -ForegroundColor Cyan

# Disconnect from SharePoint
Disconnect-PnPOnline

Usage Notes

Update the site URL to match your SharePoint environment
Modify the $groupsConfig array to define your groups, permissions, and users
Ensure all user email addresses are valid and exist in your tenant
Permission levels must match SharePoint's built-in levels (Read, Contribute, Edit, Full Control, etc.)
The script checks for existing groups and users to avoid duplicates
Test in a development environment before production deployment
Monitor the output for any errors during group creation or user assignment

Available Permission Levels

Read: View pages and documents
Contribute: Add, edit, and delete documents
Edit: Add, edit, delete, and approve documents
Full Control: Complete administrative control
Design: Create lists and document libraries, edit pages