Provisioning Template role:
- Hold a reference (URL) to the site where various site artifacts, such as lists and libraries, are copied and then applied to a new or existing site.
- Construct the logic used to generate a Site URL: The site name in the URL will have illegal characters, such as %, æ, ø, å, automatically stripped. Placeholders (see table below) can be used alongside constant values to generate the URL name.
| Placeholder name | Placeholders for the template column [New Site URL Name] and PowerShell commands for assigning site permissions. |
|---|---|
| {PlaceholderSiteURL} (PowerShell commands only) |
Full URL generated based on the Site Name Generation section in the Site Template where all placeholders have been resolved |
| {PlaceholderPrefix} | Value from the column [PlaceholderPrefix] |
| {PlaceholderSuffix} | Value from the column [PlaceholderSuffix] |
| {PlaceholderCounter} | Value generated in the column [Counter] using the format mask from the column [PlaceholderCounter] |
| {PlaceholderJobSiteTitle} | Value from the job column [Site Title] |
| {PlaceholderJobSiteOwner} | Value from the job column [Site Owner] |
| {PlaceholderJobSiteDescription} | Value from the job column [Site Description] |
| {PlaceholderJobName} | Value from the job column [Job Name] |
| {PlaceholderJobDescription} | Value from the job column [JobDescription] |
The following PowerShell connads are allowed:
- Add-PnPGroupMember
- Get-AzADUser
- Get-AzADGroup
- Get-PnPGroup
- New-AzADGroupOwner
- New-AzADGroup (Enhanced with automatic duplicate management so your script can run multiple times.)
- Set-PnPList
- Set-PnPListPermission
- Start-Sleep
- Write-Host (for your custom script debugging)
# ---- Create ADGroup
$GroupName = "SP-{PlaceholderJobSiteTitle}-members"
$GroupOwner = "{PlaceholderJobSiteOwner}"
New-AzADGroup -DisplayName $GroupName -MailNickname $GroupName -SecurityEnabled -Description "hello: {PlaceholderSiteURL}" -ErrorAction Stop
$userId = (Get-AzADUser -UserPrincipalName $GroupOwner).Id
$groupId = (Get-AzADGroup -DisplayName $GroupName).Id
New-AzADGroupOwner -GroupId $groupId -OwnerId $userId
# ---- Add AD group to member group in SharePoint
$GroupClaims = "c:0t.c|tenant|$groupId"
$SPGroupVisitors = Get-PnPGroup -AssociatedVisitorGroup
Add-PnPGroupMember -LoginName $GroupClaims -Group $SPGroupVisitors.Id
# ---- Break inheritance for a Library named MyLib
Set-PnPList -Identity "MyList" -BreakRoleInheritance -CopyRoleAssignments:$false -ClearSubscopes:$true
# ---- Set permissions for a Library named MyLib
Set-PnPListPermission -Identity "MyLib" -User $GroupClaims -AddRole "Contribute"- PowerShell version 7.4 or later (The Microsoft recommended installation procedure)
- PnP.PowerShell version 2.12.0 or later (
Install-Module -Name PnP.PowerShell) PnP - If you want to assign permission to sites the AzureAD module must be installed. Notice the instalaltion can take up to 15 minutes.
Install-Module -Name Az -Force -AllowClobber - Import Excel version 7.10.0 or later (
Install-Module -Name ImportExcel) YouTube - Execution policy
(
Set-ExecutionPolicy Unrestricted)
Last modified:
10 January 2025