<#
******-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 25th Nov - 2015
Description -> This Script will generate Full Control user's list across Web Application(with all Custom permission's wherever custom permission alias with Full name)level.
Path of csv file->$path = "D:\contoso_MWTeam\Shiv\ms_Publishing.csv"
Web Application Name --> "https://sharepoint.contoso.net"
#Call the function to Check all Users Access
GetUserAccessReport "https://sharepoint.contoso.net" "D:\contoso_MWTeam\Shiv\ms_Publishing.csv"
******-----------------------------------------------------------------------******
#>
Add-PSSnapin Microsoft.SharePoint.Powershell -EV Err -EA "SilentlyContinue"
Function GetUserAccessReport($WebAppURL, $FileUrl)
{
#Get All Site Collections of the WebApp
$SiteCollections = Get-SPSite -Webapplication $WebAppURL -Limit All
#Write CSV- TAB Separated File) Header
"URL `t Site `t Title `t PermissionType `t Permissions `t LoginName" | out-file $FileUrl
#Loop throuh all Site collection level
foreach($site in $SiteCollections)
{
#Loop throuh all Sub Sites
foreach($Web in $site.AllWebs)
{
write-host -forgroundcolor red $Web.URL
#Iterate through all SPRoleAssignments on the web
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$FullPerm ="Full Control"
if($RoleDefinition.Name.Contains($FullPerm))
{
$WebUserPermissions += $RoleDefinition.Name +";"
#Send the Data to Log file
"$($Web.Url) `t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)" | Out-File $FileUrl -Append
}
}
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.member.users)
{
#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
# $grpControlFullPerm ="Full": Wehave talen this variable to get the Full control permission or wherever the custom permissions name alias Full
$grpControlFullPerm ="Full"
if($RoleDefinition.Name.Contains($grpControlFullPerm))
{
$WebGroupPermissions += $RoleDefinition.Name +";"
#Send the Data to Log file
"$($Web.Url) `t Site `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)" | Out-File $FileUrl -Append
}
}
write-host "Group has these permissions: " $WebGroupPermissions
}
}
}
}
}
}
GetUserAccessReport "https://ms.contoso.net/" "D:\contoso_MWTeam\Shiv\ms_Publishing.csv"
******-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 25th Nov - 2015
Description -> This Script will generate Full Control user's list across Web Application(with all Custom permission's wherever custom permission alias with Full name)level.
Path of csv file->$path = "D:\contoso_MWTeam\Shiv\ms_Publishing.csv"
Web Application Name --> "https://sharepoint.contoso.net"
#Call the function to Check all Users Access
GetUserAccessReport "https://sharepoint.contoso.net" "D:\contoso_MWTeam\Shiv\ms_Publishing.csv"
******-----------------------------------------------------------------------******
#>
Add-PSSnapin Microsoft.SharePoint.Powershell -EV Err -EA "SilentlyContinue"
Function GetUserAccessReport($WebAppURL, $FileUrl)
{
#Get All Site Collections of the WebApp
$SiteCollections = Get-SPSite -Webapplication $WebAppURL -Limit All
#Write CSV- TAB Separated File) Header
"URL `t Site `t Title `t PermissionType `t Permissions `t LoginName" | out-file $FileUrl
#Loop throuh all Site collection level
foreach($site in $SiteCollections)
{
#Loop throuh all Sub Sites
foreach($Web in $site.AllWebs)
{
write-host -forgroundcolor red $Web.URL
#Iterate through all SPRoleAssignments on the web
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$FullPerm ="Full Control"
if($RoleDefinition.Name.Contains($FullPerm))
{
$WebUserPermissions += $RoleDefinition.Name +";"
#Send the Data to Log file
"$($Web.Url) `t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)" | Out-File $FileUrl -Append
}
}
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.member.users)
{
#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
# $grpControlFullPerm ="Full": Wehave talen this variable to get the Full control permission or wherever the custom permissions name alias Full
$grpControlFullPerm ="Full"
if($RoleDefinition.Name.Contains($grpControlFullPerm))
{
$WebGroupPermissions += $RoleDefinition.Name +";"
#Send the Data to Log file
"$($Web.Url) `t Site `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)" | Out-File $FileUrl -Append
}
}
write-host "Group has these permissions: " $WebGroupPermissions
}
}
}
}
}
}
GetUserAccessReport "https://ms.contoso.net/" "D:\contoso_MWTeam\Shiv\ms_Publishing.csv"
No comments:
Post a Comment