Date and Month display

Friday, April 2, 2021

Export the Full control, permission type and modified date, across sub sites on SharePoint online Site collection

<#*****-----------------------------------------------------------------------******

Author          -> Shiv Mangal Singh

Date            -> 3rd April - 2021

Description     -> This Script will generate the Full control, permission type and modified date, across sub sites on SharePoint online Site collection.

******-----------------------------------------------------------------------******#

##Variables 

$SiteURL = "https://contososmstomar93.sharepoint.com/sites/PowerAppsSMS"

$FileUrl = "D:\PowerShell\Report\SubSites_Report.csv"


#Connect to Site  Collection

Connect-PnPonline -Url $SiteURL -UseWebLogin

 

#Get the web

$Site = Get-PnPWeb


# Create header for Report in CSV file

"Site Url `t Site Modified `t SharePoint Group/ Direct Permission `t GroupUser/ User `t PermissionType `t PermissionLevel " | out-file $FileUrl


#Get the Webs/ sub sites

 $Web = Get-PnPSubWebs -Recurse -Includes RoleAssignments, LastItemModifiedDate


# Loop through each sub sites 

foreach($Subsite in $Web)

{

foreach($RoleAssignment in $Subsite.RoleAssignments)

{

    #Get the Permission Levels assigned and Member

    Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member

     

    #Get the Full control permission Level

    $PermissionLevels = ($RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name | Where { $_ -eq "Full Control"} ) -join ","

     

    #Leave Principals with no Permissions

    If($PermissionLevels.Length -eq 0) 

    {

    Continue

    }

 

 #Check direct permissions

    $PermissionType = $RoleAssignment.Member.PrincipalType

 

 #Get SharePoint group members

    If($PermissionType -eq "SharePointGroup")

    {

        #Get Group Members

        $GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName

                   

        #Leave Empty Groups

        If($GroupMembers.count -eq 0)

        { 

        Continue 

        }

        $GroupUsers = ($GroupMembers | Select -ExpandProperty LoginName | Where { $_ -ne "SHAREPOINT\system"}) -join "; "

   

   # Send the Data to Report file, from SharePoint Group

    "$($Subsite.Url) `t $($Subsite.LastItemModifiedDate) `t $($RoleAssignment.Member.Title) `t $($GroupUsers) `t $($PermissionType) `t $($PermissionLevels)" | Out-File $FileUrl -Append

    }


   else

     {

     # Send the Data to Report file, from direct user permission

  

      "$($Subsite.Url) `t $($Subsite.LastItemModifiedDate) `t Direct Permission `t $($RoleAssignment.Member.LoginName) `t $($PermissionType) `t $($PermissionLevels)" | Out-File $FileUrl -Append

     }

    }

    }

   

Thursday, January 28, 2021

Get Full Control permission report from SharePoint online site collection along with respective sub sites

 <#

******-----------------------------------------------------------------------******

Author          -> Shiv Mangal Singh

Date            -> 29th January - 2021

Description     -> This Script will generate the Full Control user's permission rport acrosss sub sites along with SharePoint online Site collection.

                ->


Path of csv file -->$FileUrl ="D:\PowerShell\Report\Sitecol_Web_Report25.csv"

                 --> $currentLogPath ="D:\shiv\Powershell\Onlinelog_16August2017.csv"

Tenant Site URL  -->$SiteURL="https://work.sharepoint.com/sites/test"


******-----------------------------------------------------------------------******

 #>

Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll"

Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll"


#Variables for SharePoint Online site collection

$SiteURL="https://work.sharepoint.com/sites/test"

$FileUrl ="D:\PowerShell\Report\Sitecol_Web_Report.csv"

##Setup Authentication Manager

$AuthenticationManager = New-Object OfficeDevPnP.Core.AuthenticationManager

$ctx = $AuthenticationManager.GetWebLoginClientContext($SiteUrl)

$ctx.Load($ctx.Web)

$ctx.ExecuteQuery()

Write-Host $ctx.Web.Title -ForegroundColor Yellow

# Create header for Report in CSV file

"Site Collection `t Permission Type/ Group Name `t Login Name `t Permission " | out-file $FileUrl

# Access the Site collection

$rootWeb = $ctx.Web

# Load the Site collection

$ctx.Load($rootWeb)

$spWebs=$rootWeb.Webs

$ctx.Load($spWebs)

$ctx.ExecuteQuery()

function GetSitesOwners($Web)
{

# Load the role

           $WebRoleAssignments = $Web.RoleAssignments

           $ctx.Load($WebRoleAssignments)

           $ctx.ExecuteQuery()

            # Load the site group

$SiteGroup=$Web.SiteGroups

$ctx.Load($SiteGroup)

# Execute Query to the server

$ctx.ExecuteQuery()

  # Get direct/explicit  users permission from site collection

    foreach($WebRoleAssignment in $WebRoleAssignments)

    {

     $ctx.Load($WebRoleAssignment.Member)

     $ctx.Load($WebRoleAssignment.RoleDefinitionBindings)

     $ctx.ExecuteQuery()

  if($WebRoleAssignment.Member.PrincipalType -eq [Microsoft.SharePoint.Client.Utilities.PrincipalType]::User)  

            {

            Write-Host $WebRoleAssignment.Member.LoginName

            #Get the Permissions assigned to user

             $WebUserPermissions=@()

              foreach ($RoleDefinition  in $WebRoleAssignment.RoleDefinitionBindings)

               {

                $ctx.Load($RoleDefinition)

                $ctx.ExecuteQuery()

                 # Exclue 'Limited Access'

                 if($RoleDefinition.Name -like "*Full*")

                  {

                  $WebUserPermissions += $RoleDefinition.Name +";"

                  }

                }

                # split login name

               $UsersLoginName =$WebRoleAssignment.Member.LoginName.split('|')[2]

              if($WebUserPermissions)

                     {

                   "$($Web.Url)`t Direct Permission `t $($UsersLoginName) `t $($WebUserPermissions)" | Out-File $FileUrl -Append

                   }

             

             }

        }

      # Ended loop direct users permission list from site

   

      #Get users permission list from SharePoint group

             foreach($grpUser in $SiteGroup)

              {

              try

              {

               $ctx.Load($grpUser)

               $ctx.ExecuteQuery()

                $siteuser = $grpUser.Users

                $ctx.Load($siteuser)

                $ctx.ExecuteQuery()

             

                  $grpWebRoleAssignment = $Web.RoleAssignments.GetByPrincipal($grpUser)

                  foreach($WebRoleAssignment in $grpWebRoleAssignment)

                    {

                    $ctx.Load($WebRoleAssignment)

                    $RoleDefinitions =$WebRoleAssignment.RoleDefinitionBindings

                    $ctx.Load($RoleDefinitions)

                    $ctx.ExecuteQuery()

                    $WebUserPermissions=@()

                    foreach ($RoleDefinition in $RoleDefinitions)

                     {

                     if($RoleDefinition.Name -like "*Full*")

                      {

                      $WebUserPermissions += $RoleDefinition.Name +";"

                      }

                     }

                     # Iterate users

                     

                     $FullControlOwner =@()

                     foreach($user in $siteuser)

                       {


                       $ctx.Load($user)

                       $ctx.ExecuteQuery()

                        write-host  $user.Title -BackgroundColor yellow

                         $FullControlOwner +=$user.Title + ";"

                      }

                        if($WebUserPermissions)

                       {

                       "$($Web.Url) `t $($grpUser.Title) `t $($FullControlOwner) `t $($WebUserPermissions)" | Out-File $FileUrl -Append

                       }

                   }      

          }


        catch [System.Exception]

            {

            $Errormessage =$_.Exception.Message

               Write-Host "Can not find the user in this SharePoint group ID" "[$Errormessage]" -ForegroundColor Cyan

            }

         

          }


       }

GetSitesOwners($rootWeb)

           #********************** checking for sub sites***************************************#

 # $spWebs for all sub sites


   foreach($subsite in $spWebs)

   {

   # Invoke-LoadMethod is a function to get unique sub site details

   #Invoke-LoadMethod -Object $subsite -PropertyName "HasUniqueRoleAssignments"

   $ctx.Load($subsite)

   $ctx.Load($subsite.Webs)

   $ctx.ExecuteQuery()

  

   GetSitesOwners($subsite)

   

   # checked one level of sub sites

   foreach($Subsiteonelevel in $subsite.Webs)

   {

    try

     {

   #  Invoke-LoadMethod -Object $Subsiteonelevel -PropertyName "HasUniqueRoleAssignments"

     $ctx.Load($Subsiteonelevel)

     $ctx.ExecuteQuery()

         

         GetInnerSubsite($Subsiteonelevel)

         

      }

          catch

          {

           if($_.Exception.Message -like '*(401) Unauthorized*' -or $_.Exception.Message -like '*Access denied*')

             {

              LogMessage("You need permission to access this site: "+ $Subsiteonelevel.Url)

             }

             else

              {

                LogError $_.Exception.Message $_.Exception.GetType().FullName $_.InvocationInfo.PositionMessage

              }

           }

 

   }  # closing one level of sub sites

  }

 #**************Recrusive Sub Sites **********************************************************#

  function GetInnerSubsite($subWeb)

        {

          try

          {

       #  Invoke-LoadMethod -Object $subWeb -PropertyName "HasUniqueRoleAssignments"

         $ctx.Load($subWeb)

         $ctx.Load($subWeb.Webs)

         $ctx.ExecuteQuery()


        

          GetSitesOwners($subWeb)

          

         }

          catch

          {

           if($_.Exception.Message -like '*(401) Unauthorized*' -or $_.Exception.Message -like '*Access denied*')

             {

              LogMessage("You need permission to access this site: "+ $subWeb.Url)

             }

             else

              {

                LogError $_.Exception.Message $_.Exception.GetType().FullName $_.InvocationInfo.PositionMessage

              }

           }

        foreach($subsubinnersite in $subWeb.Webs)

            {

            try

            {

            # Invoke-LoadMethod -Object $subsubinnersite -PropertyName "HasUniqueRoleAssignments"

             $ctx.Load($subsubinnersite)

             $ctx.ExecuteQuery()

          

              GetInnerSubsite($subsubinnersite)

              

             }

              catch

              {

               if($_.Exception.Message -like '*(401) Unauthorized*' -or $_.Exception.Message -like '*Access denied*')

                 {

                  LogMessage("You need permission to access this site: "+ $subsubinnersite.Url)

                 }

                 else

                  {

                    LogError $_.Exception.Message $_.Exception.GetType().FullName $_.InvocationInfo.PositionMessage

                  }

               }


            }


        }

       #Ended users permission reports

Sunday, February 23, 2020

Delete/ Recycle documents from SharePoint Site

<#
******-----------------------------------------------------------------------******
Author          -> Shiv Mangal Singh
Date            -> 20th February - 2020
Description     -> Delete and recycle the documents in SharePoint Site
$web =    "Site Url"

******-----------------------------------------------------------------------******
  #>
Add-PSSnapin Microsoft.SharePoint.PowerShell

# Get Site name 
$web =Get-SPWeb "https://contoso.microsoft.com/sites/abc"

# Get document librray/ list name
$list = $web.GetList("https://contoso.microsoft.com/sites/abc/test/")

$spQuery = New-Object Microsoft.SharePoint.SPQuery;

# Pass the document ID in below camel Query ex-->  <Value Type='Integer'>6</Value>
$camlQuery = "<Where><In><FieldRef Name='ID' /><Values>
                                        <Value Type='Integer'>6</Value>
                                        <Value Type='Integer'>7</Value>
                                     
                </Values></In></Where>";
$spQuery.Query = $camlQuery
$sourceItems = $list.GetItems($spQuery)
    foreach($item in $sourceItems)
    {
# To delete the documents and send to Recycle bin, use Recycle() function
    $file=$item.File.Recycle()
# To delete the documents permanently , use Delete() function
   # $file=$item.File.Delete()
   
    }

Tuesday, February 11, 2020

Get Document library permission


<#
 ******-----------------------------------------------------------------------******
 Author          -> Shiv Mangal Singh
 Date            -> 5th August - 2019
 Description     -> This Script will generate document library permission(folder/ sub folder) with unique folder and item level Permission
 Site Collection Name --> $site = Get-SPWeb "Site Url"

 ******-----------------------------------------------------------------------******
  #>

 Add-PsSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Get Site Name
 $web = Get-SPWeb "Site Url”
 #Write-Host $web
#Get the document library name 
 $list =$web.GetList("Document library Url”)
 Write-Host $list.Title
 #Write-Host $list.RoleAssignments.Count
 # export report path
  $FileUrl = "E:\SharePoint_Report\AR_4thFeb20_RW_Permission.csv"
 #Create header in CSV file for report
 "URl `t Document Library/folder/file `t Title `t PermissionType/Groups Name `t Permissions `t LoginName `t Email" | out-file $FileUrl

###********************  Check Lists/libraries Permissions ********************************###

    # To check the list's Role Assignmnet
               
     if($list.RoleAssignments.Count -ne $null)
      {

       foreach($ListRoleAssignment in $list.RoleAssignments)
        {
          if($ListRoleAssignment.Member.userlogin)
           {
       #Get the Permissions assigned to user
             $ListUserPermissions=@()
               foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings)
                {
                 if($RoleDefinition.Name -ne "Limited Access")
                   {
                      $ListUserPermissions += $RoleDefinition.Name +";"
                     #Send the Data to Log file
                      "$($list.ParentWeb.Url)/$($list.RootFolder.Url)`t List `t $($list.Title)`t Direct Permission `t $($ListUserPermissions) `t $($ListRoleAssignment.Member.LoginName)`t $($ListRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
                   }
                 }
               }
             else
              {
               foreach($user in $ListRoleAssignment.Member.users)
                {
                #Get the Group's Permissions on list
                 $ListGrpUserPermissions=@()
                  foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings)
                  {
                   if($RoleDefinition.Name -ne "Limited Access")
                    {
                     $ListGrpUserPermissions += $RoleDefinition.Name +";"
                     "$($list.ParentWeb.Url)/$($list.RootFolder.Url) `t list `t $($list.Title)`t  $($ListRoleAssignment.Member.Name) `t $($ListGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
                     }
                    } # foreach loop to get the Group's Permissions on list
                   }
                 }
                 }
                 } # count list roleassignment
###########################To get item level permission###########################################################################
                 $listcoll =$list.Items
                 if($listcoll.Count -ne $null)
                 {
                 foreach($item in $listcoll)
                 {
       #########################To check he unique item level permission#########################
                 if($item.HasUniqueRoleAssignments -eq $true)
                 {
                 foreach($itemRoleAssignment in $item.RoleAssignments)
                 {
                  if($itemRoleAssignment.Member.userlogin)
                     {
                     #Get the Permissions assigned to user at item level
                      $ItemUserPermissions=@()
                       foreach ($itemRoleDefinition  in $itemRoleAssignment.RoleDefinitionBindings)
                        {
                        if($itemRoleDefinition.Name -ne "Limited Access")
                           {
                            $ItemUserPermissions += $itemRoleDefinition.Name +";"
                             "$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
                           }
                        }
                        #Send the Data to Log file
                       # "$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
                     }
                     else
                     {
                      foreach($user in $itemRoleAssignment.Member.users)
                       {
                           #Get the Group's Permissions on site
                           $ItemGrpUserPermissions=@()
                           foreach ($itemGrpRoleDefinition  in $itemRoleAssignment.RoleDefinitionBindings)
                           {
                           if($itemGrpRoleDefinition.Name -ne "Limited Access")
                           {
                           $ItemGrpUserPermissions += $itemGrpRoleDefinition.Name +";"
                            "$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t  $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
                           }
                           }
                       
                       }
                     }
                 }
                 }
       #########################End loop to check unique item level permission##########################
                  } # foreach $item Closing loop
                 }#check list item count

###################################To Check the folder level permission#########################
   $foldercoll =$list.Folders
   if($foldercoll.Count -ne $null)
     {
      foreach($folder in $foldercoll)
       {
       ###################To Check the folder Inheriting permission ###########################
         if($folder.HasUniqueRoleAssignments -eq $false)
                 {
                 foreach($folderRoleAssignment in $folder.RoleAssignments)
                 {
                 if($folderRoleAssignment.Member.userlogin)
                     {
                  #Get the Permissions assigned to user at item level
                      $FolderUserPermissions=@()
                      foreach($folderRoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
                      {
                      if($folderRoleDefinition.Name -ne "Limited Access")
                           {
                           $FolderUserPermissions +=$folderRoleDefinition.Name + ";"
                             "$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
                           }
                      }
                      #Send the Data to Log file
                      #  "$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
                     }
                     else
                     {
                      foreach($user in $folderRoleAssignment.Member.users)
                       {
                           #Get the Group's Permissions on site
                           $folderGroupRoleAssignment=@()
                           foreach ($folderGrpRoleDefinition  in $folderRoleAssignment.RoleDefinitionBindings)
                           {
                           if($folderGrpRoleDefinition.Name -ne "Limited Access")
                           {
                           $folderGroupRoleAssignment += $folderGrpRoleDefinition.Name +";"
                            "$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t  $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
                           }
                           }
                         #Send the Data to Log file
                        # "$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t  $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
                       }
                     }
                 }
                 } #shiv
###################################################To Check the folder unique permission list########################
             elseif($folder.HasUniqueRoleAssignments -eq $true)
             {
              foreach($folderRoleAssignment in $folder.RoleAssignments)
                 {
                 if($folderRoleAssignment.Member.userlogin)
                     {
                  #Get the Permissions assigned to user at item level
                      $FolderUserPermissions=@()
                      foreach($folderRoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
                      {
                      if($folderRoleDefinition.Name -ne "Limited Access")
                           {
                           $FolderUserPermissions +=$folderRoleDefinition.Name + ";"
                             "$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
                           }
                      }
                      #Send the Data to Log file
                      #  "$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
                     }
                     else
                     {
                      foreach($user in $folderRoleAssignment.Member.users)
                       {
                           #Get the Group's Permissions on site
                           $folderGroupRoleAssignment=@()
                           foreach ($folderGrpRoleDefinition  in $folderRoleAssignment.RoleDefinitionBindings)
                           {
                           if($folderGrpRoleDefinition.Name -ne "Limited Access")
                           {
                           $folderGroupRoleAssignment += $folderGrpRoleDefinition.Name +";"
                            "$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t  $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
                           }
                           }
                         #Send the Data to Log file
                        # "$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t  $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
                       }
                     }
                 }

             }
######################################## End to Check the folder unique permission ########################
       } # $folder closing loop
     }# Check Folder count