Search for user or group in Sharepoint groups with Powershell

If you would like to search for a user o domain group in your SharePoint on-premises groups, the following script will help you

The needed mandatory paramaters are:

$searchelement , which is the name or a port of the name of the user/group
$DC which is the Domain Controller name , used to search for the user in the domain

Running the script you will be asked to fill the credentials for an user with read permission in DC

To run the script and get informations from al sites in your farm you shoul run it under a farm admin account

This script can be useful to search specific user or group in sharepoint on-premises, in all sites.
The search will be made in all Sharepoint groups, based on the ideea that permissions aren’t inherited in all list
or libraries in each site.
The mandatory parameters are:
– $searchelement     : The searched user or group
– $DC : the DC name
This script can be use as it is or can be changed based on your needs. For more details please feel free to contact me
Romeo Donca, May 2017
[Parameter(Mandatory=$true,HelpMessage=”The searched user or group”)][string]$searchelement,
[Parameter(Mandatory=$true,HelpMessage=”The DC name ”)][string]$DC
Add-PSSnapin microsoft.sharepoint.powershell
#$site = Get-SPWeb http://wssp2013
$cred = Get-Credential -Message ” Insert DC admin credentials “
#$DC = “sp2013-single”
function searchgroups($searchelement,$site)
      $myuser = $site.Groups.users | Where-Object {$_.DisplayName -match $searchelement}
     if ($myuser.count -gt 0)
        Write-Host ” The searched user/group: $searchelement is member of following Sharepoint Groups”
        $ | Sort-Object -Unique
        Write-Host ” The searched user/group $searchelement IS NOT present directly in Sharepoint groups”
function main_search($searchelement,$site){
    searchgroups $searchelement $site
    foreach ($user in ($site.Groups.users | Select-Object -Unique))
        if ($user.IsDomainGroup -like $true )
            $user_inAD = $user.DisplayName.Split(“\”)[1]
$command =@”
Get-adgroupmember -identity  $user_inAD
     $scriptBlock = [Scriptblock]::Create($command)
            $AD_users = Invoke-Command -ComputerName $DC -Credential $cred -ScriptBlock $scriptBlock
            foreach ($ad_user in $ad_users)
                if ($ad_user.Name -match  $searchelement)
                    Write-Host $ad_user.Name “is member of the domain group ” $user.DisplayName
                    searchgroups $user.DisplayName.Split(“\”)[1]
write-host “Searching for $searchelement in this farm ” -BackgroundColor White -ForegroundColor Red
foreach ($webapplication in (Get-SPWebApplication))
    foreach ($website in $webapplication.Sites)
        $site = get-spweb -Identity $website.Url
        “`n`t———- $website   ————–`n”
        main_search $searchelement $site
This entry was posted in Powershell, Sharepoint. Bookmark the permalink.