使用 PowerShell 从 Active Directory 组创建 SharePoint 组

要求：将 Active Directory 组转换为 SharePoint 组！

解决方案： 在 Active Directory 安全组和 SharePoint 内管理 SharePoint 用户也有其优点和缺点！现在，我们需要从 AD 组迁移到 SharePoint 组。因此，让我们使用 PowerShell 从 Active Directory 安全组创建一个新的 SharePoint 组。这是我的 PowerShell 脚本：

从 Active Directory 组创建 SharePoint 组：

如果您有现有的 Active Directory 组，您可能希望将其转换为 SharePoint 组以删除对 AD 管理员的依赖。

#Import Active directory & SharePoint PowerShell modules
Import-Module ActiveDirectory
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
  
#Variables for processing
$SiteURL="https://Intranet.crescent.com/"
$ADGroupName="SP13 Authors"
$SPGroupName="Content Authors"
$PermissionLevel="Full Control" #Permission to SPGroup
$Domain="Crescent" #AD Domain

#Get the Site collection's Root Web
$web = Get-SPWeb $SiteURL

#Check if Group Exists already
 if ($web.SiteGroups[$SPGroupName] -ne $null)  
 {  
  write-Host "Group Name Already in the site!!" -ForegroundColor Red 
 }  
 else  
 {  
  #Create New SharePoint Group
  $SPGroup = $web.SiteGroups.Add($SPGroupName, $web.Site.Owner, $web.Site.Owner, $null)
  #Get the newly created group and assign permission to it
  $SPGroup = $web.SiteGroups[$SPGroupName]  
  $RoleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($SPGroup)  
  $RoleDefinition = $web.RoleDefinitions[$PermissionLevel]  
  $RoleAssignment.RoleDefinitionBindings.Add($RoleDefinition)  
  $web.RoleAssignments.Add($RoleAssignment)  
  $web.Update()  
  Write-Host "New Group $SPGroupName has been created!" 
 
  #Get Members of AD Group
  $ADGroupMembers = Get-ADGroupMember -Identity $ADGroupName | Select-Object -ExpandProperty SamAccountName    
  Write-host "Total Users Found in the AD Group:"$ADGroupMembers.Count

  #Add Members to SPGroup from ADGroup
  $ADGroupMembers | ForEach-Object {
     #Convert to Domain\User format
     $UserID =  "$Domain$_" 
     #Get Claims ID. E.g. Domain\User to i:0#.w|Domain\User
     $UserClaimsID = (New-SPClaimsPrincipal -identity $UserID -IdentityType "WindowsSamAccountName").ToEncodedString() 
     $SPGroup.Users.Add($UserClaimsID,"", "", "") 
     Write-host "User Added from AD Group to SharePoint Group:" $UserClaimsID
  }  
 }

Active Directory PowerShell 模块：
您需要在 Windows Server 2008/2012 成员服务器中拥有“适用于 Windows PowerShell 的 Active Directory 模块”。使用此 PowerShell cmdlet 添加此功能：

Add-WindowsFeature RSAT-AD-PowerShell 

或者，您可以转至：服务器管理器 >> 添加角色和功能 >> 在远程服务器管理工具下选择“Windows PowerShell 的 Active Directory 模块”。