Shiv Mangal Singh Tomar(SMS) Blog

Friday, April 2, 2021

Export the Full control, permission type and modified date, across sub sites on SharePoint online Site collection

<#*****-----------------------------------------------------------------------******

Author -> Shiv Mangal Singh

Date -> 3rd April - 2021

Description -> This Script will generate the Full control, permission type and modified date, across sub sites on SharePoint online Site collection.

******-----------------------------------------------------------------------******#

##Variables

$SiteURL = "https://contososmstomar93.sharepoint.com/sites/PowerAppsSMS"

$FileUrl = "D:\PowerShell\Report\SubSites_Report.csv"

#Connect to Site Collection

Connect-PnPonline -Url $SiteURL -UseWebLogin

#Get the web

$Site = Get-PnPWeb

# Create header for Report in CSV file

"Site Url `t Site Modified `t SharePoint Group/ Direct Permission `t GroupUser/ User `t PermissionType `t PermissionLevel " | out-file $FileUrl

#Get the Webs/ sub sites

$Web = Get-PnPSubWebs -Recurse -Includes RoleAssignments, LastItemModifiedDate

# Loop through each sub sites

foreach($Subsite in $Web)

{

foreach($RoleAssignment in $Subsite.RoleAssignments)

{

#Get the Permission Levels assigned and Member

Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member

#Get the Full control permission Level

$PermissionLevels = ($RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name | Where { $_ -eq "Full Control"} ) -join ","

#Leave Principals with no Permissions

If($PermissionLevels.Length -eq 0)

{

Continue

}

#Check direct permissions

$PermissionType = $RoleAssignment.Member.PrincipalType

#Get SharePoint group members

If($PermissionType -eq "SharePointGroup")

{

#Get Group Members

$GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName

#Leave Empty Groups

If($GroupMembers.count -eq 0)

{

Continue

}

$GroupUsers = ($GroupMembers | Select -ExpandProperty LoginName | Where { $_ -ne "SHAREPOINT\system"}) -join "; "

# Send the Data to Report file, from SharePoint Group

"$($Subsite.Url) `t $($Subsite.LastItemModifiedDate) `t $($RoleAssignment.Member.Title) `t $($GroupUsers) `t $($PermissionType) `t $($PermissionLevels)" | Out-File $FileUrl -Append

}

else

{

# Send the Data to Report file, from direct user permission

"$($Subsite.Url) `t $($Subsite.LastItemModifiedDate) `t Direct Permission `t $($RoleAssignment.Member.LoginName) `t $($PermissionType) `t $($PermissionLevels)" | Out-File $FileUrl -Append

}

Thursday, January 28, 2021

Get Full Control permission report from SharePoint online site collection along with respective sub sites

******-----------------------------------------------------------------------******

Author -> Shiv Mangal Singh

Date -> 29th January - 2021

Description -> This Script will generate the Full Control user's permission rport acrosss sub sites along with SharePoint online Site collection.

Path of csv file -->$FileUrl ="D:\PowerShell\Report\Sitecol_Web_Report25.csv"

--> $currentLogPath ="D:\shiv\Powershell\Onlinelog_16August2017.csv"

Tenant Site URL -->$SiteURL="https://work.sharepoint.com/sites/test"

******-----------------------------------------------------------------------******

Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll"

Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll"

#Variables for SharePoint Online site collection

$SiteURL="https://work.sharepoint.com/sites/test"

$FileUrl ="D:\PowerShell\Report\Sitecol_Web_Report.csv"

##Setup Authentication Manager

$AuthenticationManager = New-Object OfficeDevPnP.Core.AuthenticationManager

$ctx = $AuthenticationManager.GetWebLoginClientContext($SiteUrl)

$ctx.Load($ctx.Web)

$ctx.ExecuteQuery()

Write-Host $ctx.Web.Title -ForegroundColor Yellow

# Create header for Report in CSV file

"Site Collection `t Permission Type/ Group Name `t Login Name `t Permission " | out-file $FileUrl

# Access the Site collection

$rootWeb = $ctx.Web

# Load the Site collection

$ctx.Load($rootWeb)

$spWebs=$rootWeb.Webs

$ctx.Load($spWebs)

$ctx.ExecuteQuery()

function GetSitesOwners($Web)
{

# Load the role

$WebRoleAssignments = $Web.RoleAssignments

$ctx.Load($WebRoleAssignments)

$ctx.ExecuteQuery()

# Load the site group

$SiteGroup=$Web.SiteGroups

$ctx.Load($SiteGroup)

# Execute Query to the server

$ctx.ExecuteQuery()

# Get direct/explicit users permission from site collection

foreach($WebRoleAssignment in $WebRoleAssignments)

{

$ctx.Load($WebRoleAssignment.Member)

$ctx.Load($WebRoleAssignment.RoleDefinitionBindings)

$ctx.ExecuteQuery()

if($WebRoleAssignment.Member.PrincipalType -eq [Microsoft.SharePoint.Client.Utilities.PrincipalType]::User)

{

Write-Host $WebRoleAssignment.Member.LoginName

#Get the Permissions assigned to user

$WebUserPermissions=@()

foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)

{

$ctx.Load($RoleDefinition)

$ctx.ExecuteQuery()

# Exclue 'Limited Access'

if($RoleDefinition.Name -like "*Full*")

{

$WebUserPermissions += $RoleDefinition.Name +";"

}

# split login name

$UsersLoginName =$WebRoleAssignment.Member.LoginName.split('|')[2]

if($WebUserPermissions)

{

"$($Web.Url)`t Direct Permission `t $($UsersLoginName) `t $($WebUserPermissions)" | Out-File $FileUrl -Append

}

# Ended loop direct users permission list from site

#Get users permission list from SharePoint group

foreach($grpUser in $SiteGroup)

{

try

{

$ctx.Load($grpUser)

$ctx.ExecuteQuery()

$siteuser = $grpUser.Users

$ctx.Load($siteuser)

$ctx.ExecuteQuery()

$grpWebRoleAssignment = $Web.RoleAssignments.GetByPrincipal($grpUser)

foreach($WebRoleAssignment in $grpWebRoleAssignment)

{

$ctx.Load($WebRoleAssignment)

$RoleDefinitions =$WebRoleAssignment.RoleDefinitionBindings

$ctx.Load($RoleDefinitions)

$ctx.ExecuteQuery()

$WebUserPermissions=@()

foreach ($RoleDefinition in $RoleDefinitions)

{

if($RoleDefinition.Name -like "*Full*")

{

$WebUserPermissions += $RoleDefinition.Name +";"

}

# Iterate users

$FullControlOwner =@()

foreach($user in $siteuser)

{

$ctx.Load($user)

$ctx.ExecuteQuery()

write-host $user.Title -BackgroundColor yellow

$FullControlOwner +=$user.Title + ";"

}

if($WebUserPermissions)

{

"$($Web.Url) `t $($grpUser.Title) `t $($FullControlOwner) `t $($WebUserPermissions)" | Out-File $FileUrl -Append

}

catch [System.Exception]

{

$Errormessage =$_.Exception.Message

Write-Host "Can not find the user in this SharePoint group ID" "[$Errormessage]" -ForegroundColor Cyan

}

GetSitesOwners($rootWeb)

#********************** checking for sub sites***************************************#

# $spWebs for all sub sites

foreach($subsite in $spWebs)

{

# Invoke-LoadMethod is a function to get unique sub site details

#Invoke-LoadMethod -Object $subsite -PropertyName "HasUniqueRoleAssignments"

$ctx.Load($subsite)

$ctx.Load($subsite.Webs)

$ctx.ExecuteQuery()

GetSitesOwners($subsite)

# checked one level of sub sites

foreach($Subsiteonelevel in $subsite.Webs)

{

try

{

# Invoke-LoadMethod -Object $Subsiteonelevel -PropertyName "HasUniqueRoleAssignments"

$ctx.Load($Subsiteonelevel)

$ctx.ExecuteQuery()

GetInnerSubsite($Subsiteonelevel)

}

catch

{

if($_.Exception.Message -like '*(401) Unauthorized*' -or $_.Exception.Message -like '*Access denied*')

{

LogMessage("You need permission to access this site: "+ $Subsiteonelevel.Url)

}

else

{

LogError $_.Exception.Message $_.Exception.GetType().FullName $_.InvocationInfo.PositionMessage

}

} # closing one level of sub sites

}

#**************Recrusive Sub Sites **********************************************************#

function GetInnerSubsite($subWeb)

{

try

{

# Invoke-LoadMethod -Object $subWeb -PropertyName "HasUniqueRoleAssignments"

$ctx.Load($subWeb)

$ctx.Load($subWeb.Webs)

$ctx.ExecuteQuery()

GetSitesOwners($subWeb)

}

catch

{

if($_.Exception.Message -like '*(401) Unauthorized*' -or $_.Exception.Message -like '*Access denied*')

{

LogMessage("You need permission to access this site: "+ $subWeb.Url)

}

else

{

LogError $_.Exception.Message $_.Exception.GetType().FullName $_.InvocationInfo.PositionMessage

}

foreach($subsubinnersite in $subWeb.Webs)

{

try

{

# Invoke-LoadMethod -Object $subsubinnersite -PropertyName "HasUniqueRoleAssignments"

$ctx.Load($subsubinnersite)

$ctx.ExecuteQuery()

GetInnerSubsite($subsubinnersite)

}

catch

{

if($_.Exception.Message -like '*(401) Unauthorized*' -or $_.Exception.Message -like '*Access denied*')

{

LogMessage("You need permission to access this site: "+ $subsubinnersite.Url)

}

else

{

LogError $_.Exception.Message $_.Exception.GetType().FullName $_.InvocationInfo.PositionMessage

}

#Ended users permission reports

Sunday, February 23, 2020

Delete/ Recycle documents from SharePoint Site

<#
******-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 20th February - 2020
Description -> Delete and recycle the documents in SharePoint Site
$web = "Site Url"

******-----------------------------------------------------------------------******
#>
Add-PSSnapin Microsoft.SharePoint.PowerShell

# Get Site name
$web =Get-SPWeb "https://contoso.microsoft.com/sites/abc"

# Get document librray/ list name
$list = $web.GetList("https://contoso.microsoft.com/sites/abc/test/")

$spQuery = New-Object Microsoft.SharePoint.SPQuery;

# Pass the document ID in below camel Query ex--> <Value Type='Integer'>6</Value>
$camlQuery = "<Where><In><FieldRef Name='ID' /><Values>
<Value Type='Integer'>6</Value>
<Value Type='Integer'>7</Value>

</Values></In></Where>";
$spQuery.Query = $camlQuery
$sourceItems = $list.GetItems($spQuery)
foreach($item in $sourceItems)
{
# To delete the documents and send to Recycle bin, use Recycle() function
$file=$item.File.Recycle()
# To delete the documents permanently , use Delete() function
# $file=$item.File.Delete()

}

Tuesday, February 11, 2020

Get Document library permission

******-----------------------------------------------------------------------******

Author -> Shiv Mangal Singh

Date -> 5th August - 2019

Description -> This Script will generate document library permission(folder/ sub folder) with unique folder and item level Permission

Site Collection Name --> $site = Get-SPWeb "Site Url"

******-----------------------------------------------------------------------******

Add-PsSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Get Site Name

$web = Get-SPWeb "Site Url”

#Write-Host $web

#Get the document library name

$list =$web.GetList("Document library Url”)

Write-Host $list.Title

#Write-Host $list.RoleAssignments.Count

# export report path

$FileUrl = "E:\SharePoint_Report\AR_4thFeb20_RW_Permission.csv"

#Create header in CSV file for report

"URl `t Document Library/folder/file `t Title `t PermissionType/Groups Name `t Permissions `t LoginName `t Email" | out-file $FileUrl

###******************** Check Lists/libraries Permissions ********************************###

# To check the list's Role Assignmnet

if($list.RoleAssignments.Count -ne $null)

{

foreach($ListRoleAssignment in $list.RoleAssignments)

{

if($ListRoleAssignment.Member.userlogin)

{

#Get the Permissions assigned to user

$ListUserPermissions=@()

foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)

{

if($RoleDefinition.Name -ne "Limited Access")

{

$ListUserPermissions += $RoleDefinition.Name +";"

#Send the Data to Log file

"$($list.ParentWeb.Url)/$($list.RootFolder.Url)`t List `t $($list.Title)`t Direct Permission `t $($ListUserPermissions) `t $($ListRoleAssignment.Member.LoginName)`t $($ListRoleAssignment.Member.Email)" | Out-File $FileUrl -Append

}

else

{

foreach($user in $ListRoleAssignment.Member.users)

{

#Get the Group's Permissions on list

$ListGrpUserPermissions=@()

foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)

{

if($RoleDefinition.Name -ne "Limited Access")

{

$ListGrpUserPermissions += $RoleDefinition.Name +";"

"$($list.ParentWeb.Url)/$($list.RootFolder.Url) `t list `t $($list.Title)`t $($ListRoleAssignment.Member.Name) `t $($ListGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append

}

} # foreach loop to get the Group's Permissions on list

}

} # count list roleassignment

###########################To get item level permission###########################################################################

$listcoll =$list.Items

if($listcoll.Count -ne $null)

{

foreach($item in $listcoll)

{

#########################To check he unique item level permission#########################

if($item.HasUniqueRoleAssignments -eq $true)

{

foreach($itemRoleAssignment in $item.RoleAssignments)

{

if($itemRoleAssignment.Member.userlogin)

{

#Get the Permissions assigned to user at item level

$ItemUserPermissions=@()

foreach ($itemRoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)

{

if($itemRoleDefinition.Name -ne "Limited Access")

{

$ItemUserPermissions += $itemRoleDefinition.Name +";"

"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append

}

#Send the Data to Log file

# "$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append

}

else

{

foreach($user in $itemRoleAssignment.Member.users)

{

#Get the Group's Permissions on site

$ItemGrpUserPermissions=@()

foreach ($itemGrpRoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)

{

if($itemGrpRoleDefinition.Name -ne "Limited Access")

{

$ItemGrpUserPermissions += $itemGrpRoleDefinition.Name +";"

"$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append

}

#########################End loop to check unique item level permission##########################

} # foreach $item Closing loop

}#check list item count

###################################To Check the folder level permission#########################

$foldercoll =$list.Folders

if($foldercoll.Count -ne $null)

{

foreach($folder in $foldercoll)

{

###################To Check the folder Inheriting permission ###########################

if($folder.HasUniqueRoleAssignments -eq $false)

{

foreach($folderRoleAssignment in $folder.RoleAssignments)

{

if($folderRoleAssignment.Member.userlogin)

{

#Get the Permissions assigned to user at item level

$FolderUserPermissions=@()

foreach($folderRoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)

{

if($folderRoleDefinition.Name -ne "Limited Access")

{

$FolderUserPermissions +=$folderRoleDefinition.Name + ";"

"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append

}

#Send the Data to Log file

# "$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append

}

else

{

foreach($user in $folderRoleAssignment.Member.users)

{

#Get the Group's Permissions on site

$folderGroupRoleAssignment=@()

foreach ($folderGrpRoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)

{

if($folderGrpRoleDefinition.Name -ne "Limited Access")

{

$folderGroupRoleAssignment += $folderGrpRoleDefinition.Name +";"

"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append

}

#Send the Data to Log file

# "$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append

}

} #shiv

###################################################To Check the folder unique permission list########################

elseif($folder.HasUniqueRoleAssignments -eq $true)

{

foreach($folderRoleAssignment in $folder.RoleAssignments)

{

if($folderRoleAssignment.Member.userlogin)

{

#Get the Permissions assigned to user at item level

$FolderUserPermissions=@()

foreach($folderRoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)

{

if($folderRoleDefinition.Name -ne "Limited Access")

{

$FolderUserPermissions +=$folderRoleDefinition.Name + ";"

}

#Send the Data to Log file

}

else

{

foreach($user in $folderRoleAssignment.Member.users)

{

#Get the Group's Permissions on site

$folderGroupRoleAssignment=@()

foreach ($folderGrpRoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)

{

if($folderGrpRoleDefinition.Name -ne "Limited Access")

{

$folderGroupRoleAssignment += $folderGrpRoleDefinition.Name +";"

}

#Send the Data to Log file

}

######################################## End to Check the folder unique permission ########################

} # $folder closing loop

}# Check Folder count

Shiv Mangal Singh Tomar(SMS) Blog

Date and Month display

About Me

Friday, April 2, 2021

Export the Full control, permission type and modified date, across sub sites on SharePoint online Site collection

Thursday, January 28, 2021

Get Full Control permission report from SharePoint online site collection along with respective sub sites

Sunday, February 23, 2020

Delete/ Recycle documents from SharePoint Site

Tuesday, February 11, 2020

Get Document library permission