<#
******-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 27th Jan - 2017
Description -> This Script will generate a report to get users permission across site collections & sub sites at Web Application level with separate Site Collection Url tab and Sub sites TAB.
Path of csv file->$FileUrl "D:\contoso_MWTeam\Shiv\ps\msReport_16thNov15_new13.csv"
Site Collection Name --> $site = Get-msSite "https://ms.contoso.net/global/sapcoe/"
******-----------------------------------------------------------------------******
#>
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
Function GetUserAccessReport($WebAppURL, $FileUrl)
{
#Get All Site Collections of the WebApp
$SiteCollections = Get-Site -WebApplication $WebAppURL -Limit All
#Write CSV- TAB Separated File) Header
"Site Collection `t Sub Site `t Title `t PermissionType/Groups Name `t Permissions `t LoginName `t Email" | out-file $FileUrl
#Loop through all site collections
foreach($Site in $SiteCollections)
{
if($Site.url -ne "https://ms.contoso.net/global/saisentan")
{
write-host $site.url
#Check Whether the Search User is a Site Collection Administrator
foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators)
{
"$($Site.RootWeb.Url) `t $($Site.RootWeb.Url) `t $($Site.RootWeb.Title)`t Site Collection Administrator `t Site Collection Administrator `t $($SiteCollAdmin.LoginName)`t $($SiteCollAdmin.Email)" | Out-File $FileUrl -Append
}
#Loop throuh all Sub Sites
foreach($Web in $Site.AllWebs)
{
if($Web.HasUniqueRoleAssignments -eq $True)
{
#Get all the users granted permissions to the list
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebUserPermissions += $RoleDefinition.Name +";"
}
#write-host "with these permissions: " $WebUserPermissions
#Send the Data to Log file
if($WebRoleAssignment.Member.Email.Length -gt 0)
{
"$($Site.RootWeb.Url) `t $($Web.Url) `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)`t $($WebRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
"$($Site.RootWeb.Url) `t $($Web.Url) `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)" | Out-File $FileUrl -Append
}
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebGroupPermissions += $RoleDefinition.Name +";"
}
#write-host "Group has these permissions: " $WebGroupPermissions
#Send the Data to Log file
if($user.Email.Length -gt 0)
{
"$($Site.RootWeb.Url) `t $($Web.Url) `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
else
{
"$($Site.RootWeb.Url) `t $($Web.Url) `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)" | Out-File $FileUrl -Append
}
}
}
}
}
}
}
}
}
#Call the function to Check User Access
GetUserAccessReport "https://ms.contoso.net" "D:\contosomsSSU_MWTeam\Shiv\ps\msReport_16thNov15_new13.csv"
******-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 27th Jan - 2017
Description -> This Script will generate a report to get users permission across site collections & sub sites at Web Application level with separate Site Collection Url tab and Sub sites TAB.
Path of csv file->$FileUrl "D:\contoso_MWTeam\Shiv\ps\msReport_16thNov15_new13.csv"
Site Collection Name --> $site = Get-msSite "https://ms.contoso.net/global/sapcoe/"
******-----------------------------------------------------------------------******
#>
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
Function GetUserAccessReport($WebAppURL, $FileUrl)
{
#Get All Site Collections of the WebApp
$SiteCollections = Get-Site -WebApplication $WebAppURL -Limit All
#Write CSV- TAB Separated File) Header
"Site Collection `t Sub Site `t Title `t PermissionType/Groups Name `t Permissions `t LoginName `t Email" | out-file $FileUrl
#Loop through all site collections
foreach($Site in $SiteCollections)
{
if($Site.url -ne "https://ms.contoso.net/global/saisentan")
{
write-host $site.url
#Check Whether the Search User is a Site Collection Administrator
foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators)
{
"$($Site.RootWeb.Url) `t $($Site.RootWeb.Url) `t $($Site.RootWeb.Title)`t Site Collection Administrator `t Site Collection Administrator `t $($SiteCollAdmin.LoginName)`t $($SiteCollAdmin.Email)" | Out-File $FileUrl -Append
}
#Loop throuh all Sub Sites
foreach($Web in $Site.AllWebs)
{
if($Web.HasUniqueRoleAssignments -eq $True)
{
#Get all the users granted permissions to the list
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebUserPermissions += $RoleDefinition.Name +";"
}
#write-host "with these permissions: " $WebUserPermissions
#Send the Data to Log file
if($WebRoleAssignment.Member.Email.Length -gt 0)
{
"$($Site.RootWeb.Url) `t $($Web.Url) `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)`t $($WebRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
"$($Site.RootWeb.Url) `t $($Web.Url) `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)" | Out-File $FileUrl -Append
}
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebGroupPermissions += $RoleDefinition.Name +";"
}
#write-host "Group has these permissions: " $WebGroupPermissions
#Send the Data to Log file
if($user.Email.Length -gt 0)
{
"$($Site.RootWeb.Url) `t $($Web.Url) `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
else
{
"$($Site.RootWeb.Url) `t $($Web.Url) `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)" | Out-File $FileUrl -Append
}
}
}
}
}
}
}
}
}
#Call the function to Check User Access
GetUserAccessReport "https://ms.contoso.net" "D:\contosomsSSU_MWTeam\Shiv\ps\msReport_16thNov15_new13.csv"
No comments:
Post a Comment