Provisioning Template role:

  1. Hold a reference (URL) to the site where various site artifacts, such as lists and libraries, are copied and then applied to a new or existing site.
  2. Construct the logic used to generate a Site URL: The site name in the URL will have illegal characters, such as %, æ, ø, å, automatically stripped. Placeholders (see table below) can be used alongside constant values to generate the URL name.
Placeholder name Placeholders for the template column [New Site URL Name] and PowerShell commands for assigning site permissions.
{PlaceholderSiteURL}
(PowerShell commands only)
Full URL generated based on the Site Name Generation section in the Site Template where all placeholders have been resolved
{PlaceholderPrefix} Value from the column [PlaceholderPrefix]
{PlaceholderSuffix} Value from the column [PlaceholderSuffix]
{PlaceholderCounter} Value generated in the column [Counter] using the format mask from the column [PlaceholderCounter]
{PlaceholderJobSiteTitle} Value from the job column [Site Title]
{PlaceholderJobSiteOwner} Value from the job column [Site Owner]
{PlaceholderJobSiteDescription} Value from the job column [Site Description]
{PlaceholderJobName} Value from the job column [Job Name]
{PlaceholderJobDescription} Value from the job column [JobDescription]

The following PowerShell connads are allowed:

  • Add-PnPGroupMember
  • Get-AzADUser
  • Get-AzADGroup
  • Get-PnPGroup
  • New-AzADGroupOwner
  • New-AzADGroup (Enhanced with automatic duplicate management so your script can run multiple times.)
  • Set-PnPList
  • Set-PnPListPermission
  • Start-Sleep
  • Write-Host (for your custom script debugging)
# ---- Create ADGroup
$GroupName = "SP-{PlaceholderJobSiteTitle}-members"
$GroupOwner = "{PlaceholderJobSiteOwner}"
New-AzADGroup -DisplayName $GroupName -MailNickname $GroupName -SecurityEnabled -Description "hello: {PlaceholderSiteURL}" -ErrorAction Stop
$userId = (Get-AzADUser -UserPrincipalName $GroupOwner).Id
$groupId = (Get-AzADGroup -DisplayName $GroupName).Id
New-AzADGroupOwner -GroupId $groupId -OwnerId $userId


# ---- Add AD group to member group in SharePoint
$GroupClaims = "c:0t.c|tenant|$groupId"
$SPGroupVisitors = Get-PnPGroup -AssociatedVisitorGroup
Add-PnPGroupMember -LoginName $GroupClaims -Group $SPGroupVisitors.Id

# ---- Break inheritance for a Library named MyLib
Set-PnPList -Identity "MyList" -BreakRoleInheritance -CopyRoleAssignments:$false -ClearSubscopes:$true


# ---- Set permissions for a Library named MyLib
Set-PnPListPermission -Identity "MyLib" -User $GroupClaims -AddRole "Contribute"
  • PowerShell version 7.4 or later (The Microsoft recommended installation procedure)
  • PnP.PowerShell version 2.12.0 or later (Install-Module -Name PnP.PowerShell) PnP
  • If you want to assign permission to sites the AzureAD module must be installed. Notice the instalaltion can take up to 15 minutes.
    Install-Module -Name Az -Force -AllowClobber
  • Import Excel version 7.10.0 or later (Install-Module -Name ImportExcel) YouTube
  • Execution policy (Set-ExecutionPolicy Unrestricted )
Last modified: 10 January 2025