Removing SharePoint Groups With PowerShell
Recently, we had to load-test a Dynamics CRM plugin to see how it would perform under significant user load. One of the side-effects of the plugin we were testing was that it would generate hundreds of SharePoint groups.
Later on, we made some enhancements and wanted to quantify the changes in performance. The groups in SharePoint, however, remained from the previous run. In order to get a clean read on the performance gains, we had to clear them all out. If you’ve ever had to remove hundreds of SharePoint groups through the GUI, you know that it is a slow, dull task.
That’s where this little script comes in! We came up with it to clear out the SharePoint groups in a a site collection. By default, it will protect the default Member, Visitor, and Owner Groups. Furthermore, it allows you to specify some additional protected groups that you want to be excluded from the delete.
This script uses the SharePoint Patterns and Practices PowerShell library. Its a great library that works against both SharePoint Online and on-premises. Their site has installation instructions, too.
param(
[Parameter(Mandatory=$true)]
[string] $SiteCollection,
[Parameter(Mandatory=$true)]
[string] $Username,
[Parameter(Mandatory=$true)]
[string] $Password,
[Parameter(Mandatory=$true)]
[string[]] $ProtectedGroups
)
# Imports
Import-Module SharePointPnPPowerShellOnline -WarningAction SilentlyContinue
# Credentials
[SecureString]$SecurePass = ConvertTo-SecureString $Password -AsPlainText -Force
[System.Management.Automation.PSCredential]$PSCredentials = New-Object System.Management.Automation.PSCredential($Username, $SecurePass)
# ConnectPnPOnline
try {
Connect-PnPOnline -Url $SiteCollection -Credentials $PSCredentials
if (-not (Get-PnPContext)) {
Write-Host "Error connecting to SharePoint Online, unable to establish context" -foregroundcolor black -backgroundcolor Red
return
}
} catch {
Write-Host "Error connecting to SharePoint Online: $_.Exception.Message" -foregroundcolor black -backgroundcolor Red
return
}
# Get the default Member, Visitor, and Owner Groups to ensure we dont delete those
$associatedGroup = (Get-PnPGroup -AssociatedMemberGroup).Title;
$a = $ProtectedGroups.Add($associatedGroup);
$associatedGroup = (Get-PnPGroup -AssociatedVisitorGroup).Title;
$a = $ProtectedGroups.Add($associatedGroup);
$associatedGroup = (Get-PnPGroup -AssociatedOwnerGroup).Title;
$a = $ProtectedGroups.Add($associatedGroup);
$groups = Get-PnPGroup;
foreach($group in $groups)
{
if ($ProtectedGroups.Contains($group.Title))
{
Write-Host "Protected: $($group.Title)";
continue;
}
Remove-PnpGroup -Identity $group.Title -Force;
Write-Host "Removed: $($group.Title)";
}
Remove SharePoint Groups in your DevOps Process
This little script has saved us hundreds of man-hours, and allows us to clean up our environment in a normalized, repeatable way.
Furthermore, this script is also usable in an automated build and release process to assist with functional testing. It can help to create a sterile environment against which the tests can run. This can be useful when resetting or rebuilding an environment is not a viable solution (e.g. building something that targets SharePoint Online).
Code Vanguard has built out several Dynamics-centered build and release pipelines for various projects in service to the federal government. A lot of our build and release process is around normalizing these environments. Since production data lives on these instances, its not so easy as to just reset them. Thus, we’ve built out a whole set of automated actions that we can use on release to bring them back into conformity. Most of these custom build processes are built on top of a set of PowerShell libraries that we have developed while working with clients. Check out some of our other posts about PowerShell to see some other scripts we’ve developed.
If you’d like Code Vanguard to help your organization with its DevOps process, feel free to reach out to us!
Check out some of our other posts about SharePoint!