DEVHIDE
Login Or Sign up

Azure AD Group and SharePoint

1.2k Views Asked by At

I'm having an issue with the timing around creating a new Azure AD security group and using that group for SharePoint Online folder access.

Using New-PnPAzureADGroup i'm creating the security group, then using Set-PnPListPermission and Set-PnPFolderPermission i'm setting the security group with the required permission for that List or Folder.

It seems that Set-PnPListPermission & Set-PnPFolderPermission are running too quickly after the creation of the group as it reports

Set-PnPListPermission : The specified user XXXX123_SP could not be found.

The strange thing is, once the group has been created I can immediately run Get-PnPAzureADGroup and retrieve the group. I can also manually run the same command a little later and it completes successfully.

I assume the groups take time before they're available in SharePoint, what's the best practice approach to check and wait for these groups before applying them in SharePoint?

Thanks in Advance

azure powershell sharepoint pnp.powershell
Original Q&A
3

There are 3 best solutions below

0
Casey Yang - MSFT On

You could try to use following PnP PowerShell commands:

Set-PnPListPermission -Identity '$LibraryName' -User 'c:0t.c|tenant|$AdGroupID' -AddRole 'Read'

I replaced -Group with -User in the PnP PowerShell command. Then executed successfully with on error message.

1
Derek Gusoff On

I've encountered this issue, except with external users rather than AD Groups but I think the root is the same. The object can be immediately queried from AD but takes times to become resolvable in SharePoint.

I doubt you'll find a documented best practice as this is a bit of an advanced use case. In my case I seem to recall it taking between 5 and 30 seconds to resolve. What I did was loop 10 times with a Thread.Sleep and break out when it succeeds. Event then you'd get occasional failures - you just log them and move on and let support staff deal with it.

Not my proudest coding moment but it (mostly) got the job done.

0
blocktx On 
$condition = $false
do{
    try {
        Set-PnPListPermission [-ErrorAction Stop]
        Set-PnpFolderPermission [-ErrorAction Stop]
        $condition = $true
    }
    catch {}
}
until{$condition}

Related Questions in AZURE

Related Questions in POWERSHELL

Related Questions in SHAREPOINT

Related Questions in PNP.POWERSHELL

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.