<#*****-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 3rd April - 2021
Description -> This Script will generate the Full control, permission type and modified date, across sub sites on SharePoint online Site collection.
******-----------------------------------------------------------------------******#
##Variables
$SiteURL = "https://contososmstomar93.sharepoint.com/sites/PowerAppsSMS"
$FileUrl = "D:\PowerShell\Report\SubSites_Report.csv"
#Connect to Site Collection
Connect-PnPonline -Url $SiteURL -UseWebLogin
#Get the web
$Site = Get-PnPWeb
# Create header for Report in CSV file
"Site Url `t Site Modified `t SharePoint Group/ Direct Permission `t GroupUser/ User `t PermissionType `t PermissionLevel " | out-file $FileUrl
#Get the Webs/ sub sites
$Web = Get-PnPSubWebs -Recurse -Includes RoleAssignments, LastItemModifiedDate
# Loop through each sub sites
foreach($Subsite in $Web)
{
foreach($RoleAssignment in $Subsite.RoleAssignments)
{
#Get the Permission Levels assigned and Member
Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
#Get the Full control permission Level
$PermissionLevels = ($RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name | Where { $_ -eq "Full Control"} ) -join ","
#Leave Principals with no Permissions
If($PermissionLevels.Length -eq 0)
{
Continue
}
#Check direct permissions
$PermissionType = $RoleAssignment.Member.PrincipalType
#Get SharePoint group members
If($PermissionType -eq "SharePointGroup")
{
#Get Group Members
$GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName
#Leave Empty Groups
If($GroupMembers.count -eq 0)
{
Continue
}
$GroupUsers = ($GroupMembers | Select -ExpandProperty LoginName | Where { $_ -ne "SHAREPOINT\system"}) -join "; "
# Send the Data to Report file, from SharePoint Group
"$($Subsite.Url) `t $($Subsite.LastItemModifiedDate) `t $($RoleAssignment.Member.Title) `t $($GroupUsers) `t $($PermissionType) `t $($PermissionLevels)" | Out-File $FileUrl -Append
}
else
{
# Send the Data to Report file, from direct user permission
"$($Subsite.Url) `t $($Subsite.LastItemModifiedDate) `t Direct Permission `t $($RoleAssignment.Member.LoginName) `t $($PermissionType) `t $($PermissionLevels)" | Out-File $FileUrl -Append
}
}
}