<#
******-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 12th Nov - 2015
Description -> This will get all site collections & no.of sub sites across Web Application.
Path of csv file->$path = "D:\Test\Shiv\ps\TeamSites_Users_Permision_Report_smstest1.csv"
Web Application Name --> "https://sharepoint.contact.contoso.net"
#Call the function to Check all Users Access
GetUserAccessReport "https://sharepoint.contact.contoso.net" "D:\Test\Shiv\ps\TeamSites_Users_Permision_Report_smstest1.csv"
******-----------------------------------------------------------------------******
#>
Add-PSSnapin Microsoft.SharePoint.Powershell -EV Err -EA "SilentlyContinue"
Function GetUserAccessReport($WebAppURL, $FileUrl)
{
#Get All Site Collections of the WebApp
$SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All
#Write CSV- TAB Separated File) Header
"URL `t Title `t PermissionType/Groups Name `t Permissions `t LoginName `t Email" | out-file $FileUrl
#Loop through all site collections
foreach($Site in $SiteCollections)
{
# Skip the Orpahn site using below condition
if($Site.url -ne "https://sharepoint.contact.contoso.net/sites/hrsite")
{
write-host $site.url
#Check Whether the Search User is a Site Collection Administrator
foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators)
{
"$($Site.RootWeb.Url) `t $($Site.RootWeb.Title)`t Site Collection Administrator `t Site Collection Administrator `t $($SiteCollAdmin.LoginName)`t $($SiteCollAdmin.Email)" | Out-File $FileUrl -Append
}
#Loop throuh all Sub Sites
foreach($Web in $Site.AllWebs)
{
if($Web.HasUniqueRoleAssignments -eq $True)
{
#Get all the users granted permissions to the list
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebUserPermissions += $RoleDefinition.Name +";"
}
#write-host "with these permissions: " $WebUserPermissions
#Send the Data to Log file
if($WebRoleAssignment.Member.Email.Length -gt 0)
{
"$($Web.Url) `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)`t $($WebRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
"$($Web.Url) `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)" | Out-File $FileUrl -Append
}
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebGroupPermissions += $RoleDefinition.Name +";"
}
#write-host "Group has these permissions: " $WebGroupPermissions
#Send the Data to Log file
if($user.Email.Length -gt 0)
{
"$($Web.Url) `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
else
{
"$($Web.Url) `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)" | Out-File $FileUrl -Append
}
}
}
}
}
}
}
}
}
#Call the function to Check all Users Access
GetUserAccessReport "https://sharepoint.contact.contoso.net" "D:\Test\Shiv\ps\TeamSites_Users_Permision_Report_smstest1.csv"
******-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 12th Nov - 2015
Description -> This will get all site collections & no.of sub sites across Web Application.
Path of csv file->$path = "D:\Test\Shiv\ps\TeamSites_Users_Permision_Report_smstest1.csv"
Web Application Name --> "https://sharepoint.contact.contoso.net"
#Call the function to Check all Users Access
GetUserAccessReport "https://sharepoint.contact.contoso.net" "D:\Test\Shiv\ps\TeamSites_Users_Permision_Report_smstest1.csv"
******-----------------------------------------------------------------------******
#>
Add-PSSnapin Microsoft.SharePoint.Powershell -EV Err -EA "SilentlyContinue"
Function GetUserAccessReport($WebAppURL, $FileUrl)
{
#Get All Site Collections of the WebApp
$SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All
#Write CSV- TAB Separated File) Header
"URL `t Title `t PermissionType/Groups Name `t Permissions `t LoginName `t Email" | out-file $FileUrl
#Loop through all site collections
foreach($Site in $SiteCollections)
{
# Skip the Orpahn site using below condition
if($Site.url -ne "https://sharepoint.contact.contoso.net/sites/hrsite")
{
write-host $site.url
#Check Whether the Search User is a Site Collection Administrator
foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators)
{
"$($Site.RootWeb.Url) `t $($Site.RootWeb.Title)`t Site Collection Administrator `t Site Collection Administrator `t $($SiteCollAdmin.LoginName)`t $($SiteCollAdmin.Email)" | Out-File $FileUrl -Append
}
#Loop throuh all Sub Sites
foreach($Web in $Site.AllWebs)
{
if($Web.HasUniqueRoleAssignments -eq $True)
{
#Get all the users granted permissions to the list
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebUserPermissions += $RoleDefinition.Name +";"
}
#write-host "with these permissions: " $WebUserPermissions
#Send the Data to Log file
if($WebRoleAssignment.Member.Email.Length -gt 0)
{
"$($Web.Url) `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)`t $($WebRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
"$($Web.Url) `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)" | Out-File $FileUrl -Append
}
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebGroupPermissions += $RoleDefinition.Name +";"
}
#write-host "Group has these permissions: " $WebGroupPermissions
#Send the Data to Log file
if($user.Email.Length -gt 0)
{
"$($Web.Url) `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
else
{
"$($Web.Url) `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)" | Out-File $FileUrl -Append
}
}
}
}
}
}
}
}
}
#Call the function to Check all Users Access
GetUserAccessReport "https://sharepoint.contact.contoso.net" "D:\Test\Shiv\ps\TeamSites_Users_Permision_Report_smstest1.csv"
