diff --git a/AD/CreateN1-N2Users/Create-ADtechs.ps1 b/AD/CreateN1-N2Users/Create-ADtechs.ps1 index ec9b5f9..44dd9b2 100644 --- a/AD/CreateN1-N2Users/Create-ADtechs.ps1 +++ b/AD/CreateN1-N2Users/Create-ADtechs.ps1 @@ -15,6 +15,29 @@ switch ($modExiste) { Default {Import-Module ActiveDirectory;Import-Module PSWriteColor} } +#On récupere le nom de la forest pour déposer les scripts au bon endroit +$domainInfos = Get-ADDomain +$forestName = $domainInfos.Forest + +#On crée et place les scripts de logon pour tous les users +New-Item -Path C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\ -Name "Tech-N1.bat" -ItemType "file" +$contentToAdd = @" +cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dsa.msc" +cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dhcpmgmt.msc" +cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START printmanagement.msc" +"@ +Add-Content C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\Tech-N1.bat $contentToAdd + +New-Item -Path C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\ -Name "Tech-N2.bat" -ItemType "file" +$contentToAdd = @" +cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dsa.msc" +cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dhcpmgmt.msc" +cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START printmanagement.msc" +cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dnsmgmt.msc" +cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START gpmc.msc" +"@ +Add-Content C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\Tech-N2.bat $contentToAdd + #On crée le CSV pour y stocker les ID $pcName = (Get-ComputerInfo).CSName Set-Content "C:\techLogins-$pcName.csv" -Value "Username,Password" @@ -60,8 +83,8 @@ $grpDomainAdm = "S-1-5-21-$domaineSID-512" $grpPrintOp = "S-1-5-32-550" #$grpServerOp = "S-1-5-32-549" Pas utilisé #$grpPowerUsers = "S-1-5-32-547" Déprécié -$grpDHCPadm = "S-1-5-21-$domaineSID-1135" -$grpDHCPuser = "S-1-5-21-$domaineSID-1134" +$grpDHCPadm = "Administrateurs DHCP" +$grpDHCPuser = "Utilisateurs DHCP" $grpGPOadmin = "S-1-5-21-$domaineSID-520" $grpNetAdmin = "S-1-5-32-556" ################################# @@ -75,7 +98,7 @@ ForEach($user in $userList){ # On vérifie si l'utilisateur existe déjà, passe au suivant si oui $existingUser = Get-ADUser -Filter { Name -eq $user } -ErrorAction SilentlyContinue if ($existingUser) { - Write-Color -Text "L'utilisateur ", $user, " existe deje. Application des permissions." -Color White, Yellow + Write-Color -Text "L'utilisateur ", $user, " existe deja. Application des permissions." -Color White, Yellow } $userPass = (GenPass) $userEncPass = ConvertTo-SecureString -String $userPass -AsPlainText -Force @@ -91,7 +114,7 @@ ForEach($user in $userList){ #...puis on l'ajoute aux bons groupes switch ($user) { "Tech-N1"{$Groups = @($grpAccountOp,$grpPrintOp,$grpDHCPuser)} - "Tech-N2"{$Groups = @($grpAccountOp,$grpPrintOp,$grpDHCPadm,$grpGPOadmin,$grpNetAdmin)} + "Tech-N2"{$Groups = @($grpAccountOp,$grpPrintOp,$grpGPOadmin,$grpNetAdmin,$grpDHCPadm)} "Tech-N3"{$Groups = @($grpDomainAdm)} Default {} } @@ -101,7 +124,7 @@ ForEach($user in $userList){ ForEach ($Group in $Groups) { - Add-ADPrincipalGroupMembership $User -MemberOf $Group + Add-ADPrincipalGroupMembership $User -MemberOf $Group } @@ -111,5 +134,6 @@ ForEach($user in $userList){ Write-Error "Erreur pour l'utilisateur $user : $_" } } - +Get-ADUser Tech-N1 | Set-ADUser -ScriptPath "Tech-N1.bat" +Get-ADUser Tech-N | Set-ADUser -ScriptPath "Tech-N2.bat" Write-Color -Text "Les utilisateurs ainsi que leur mots de passes ont ete exportes ici : ","C:\techLogins-$pcName.csv" -Color White,Green \ No newline at end of file diff --git a/Sharepoint/Sharepoint_Export_v3.ps1 b/Sharepoint/Sharepoint_Export_v3.ps1 new file mode 100644 index 0000000..d2f9837 --- /dev/null +++ b/Sharepoint/Sharepoint_Export_v3.ps1 @@ -0,0 +1,322 @@ + +if($args[0] -eq $null) +{ + $spUrl = Read-Host "Adresse du SharePoint du client (ex: https//client.sharepoint.com) " + $spSite = Read-Host "Nom du site (ce qu'il y a apres '/sites/' dans l'URL du site en question) " + $pnpCiD = Read-Host "Votre Client ID (ex: fa7800b5-0298-4205-a369-ffb976de3058) " + +} +else +{ + $spUrl=$args[0] + $spSite=$args[1] + $pnpCiD=$args[2] +} + + + + + +#Function to Get Permissions Applied on a particular Object, such as: Web, List, Folder or List Item +Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object) +{ + #Determine the type of the object + Switch($Object.TypedObject.ToString()) + { + "Microsoft.SharePoint.Client.Web" { $ObjectType = "Site" ; $ObjectURL = $Object.URL; $ObjectTitle = $Object.Title } + "Microsoft.SharePoint.Client.ListItem" + { + If($Object.FileSystemObjectType -eq "Folder") + { + $ObjectType = "Folder" + #Get the URL of the Folder + $Folder = Get-PnPProperty -ClientObject $Object -Property Folder + $ObjectTitle = $Object.Folder.Name + $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.Folder.ServerRelativeUrl) + } + Else #File or List Item + { + #Get the URL of the Object + Get-PnPProperty -ClientObject $Object -Property File, ParentList + If($Object.File.Name -ne $Null) + { + $ObjectType = "File" + $ObjectTitle = $Object.File.Name + $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.File.ServerRelativeUrl) + } + else + { + $ObjectType = "List Item" + $ObjectTitle = $Object["Title"] + #Get the URL of the List Item + $DefaultDisplayFormUrl = Get-PnPProperty -ClientObject $Object.ParentList -Property DefaultDisplayFormUrl + $ObjectURL = $("{0}{1}?ID={2}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $DefaultDisplayFormUrl,$Object.ID) + } + } + } + Default + { + $ObjectType = "List or Library" + $ObjectTitle = $Object.Title + #Get the URL of the List or Library + $RootFolder = Get-PnPProperty -ClientObject $Object -Property RootFolder + $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $RootFolder.ServerRelativeUrl) + } + } + + #Get permissions assigned to the object + Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments + + #Check if Object has unique permissions + $HasUniquePermissions = $Object.HasUniqueRoleAssignments + + #Loop through each permission assigned and extract details + $PermissionCollection = @() + Foreach($RoleAssignment in $Object.RoleAssignments) + { + #Get the Permission Levels assigned and Member + Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member + + #Get the Principal Type: User, SP Group, AD Group + $PermissionType = $RoleAssignment.Member.PrincipalType + + #Get the Permission Levels assigned + $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name + + #Remove Limited Access + $PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join "," + + #Leave Principals with no Permissions + If($PermissionLevels.Length -eq 0) {Continue} + + #Get SharePoint group members + If($PermissionType -eq "SharePointGroup") + { + #Get Group Members + $GroupMembers = Get-PnPGroupMember -Identity $RoleAssignment.Member.LoginName + + #Leave Empty Groups + If($GroupMembers.count -eq 0){Continue} + $GroupUsers = ($GroupMembers | Select -ExpandProperty Title) -join "," + + #Add the Data to Object + $Permissions = New-Object PSObject + $Permissions | Add-Member NoteProperty Object($ObjectType) + $Permissions | Add-Member NoteProperty Title($ObjectTitle) + $Permissions | Add-Member NoteProperty URL($ObjectURL) + $Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions) + $Permissions | Add-Member NoteProperty Users($GroupUsers) + $Permissions | Add-Member NoteProperty Type($PermissionType) + $Permissions | Add-Member NoteProperty Permissions($PermissionLevels) + $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)") + $PermissionCollection += $Permissions + } + Else + { + #Add the Data to Object + $Permissions = New-Object PSObject + $Permissions | Add-Member NoteProperty Object($ObjectType) + $Permissions | Add-Member NoteProperty Title($ObjectTitle) + $Permissions | Add-Member NoteProperty URL($ObjectURL) + $Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions) + $Permissions | Add-Member NoteProperty Users($RoleAssignment.Member.Title) + $Permissions | Add-Member NoteProperty Type($PermissionType) + $Permissions | Add-Member NoteProperty Permissions($PermissionLevels) + $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions") + $PermissionCollection += $Permissions + } + } + #Export Permissions to CSV File + $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation -Append +} + +#Function to get sharepoint online site permissions report +Function Generate-PnPSitePermissionRpt() +{ +[cmdletbinding()] + + Param + ( + [Parameter(Mandatory=$false)] [String] $SiteURL, + [Parameter(Mandatory=$false)] [String] $ReportFile, + [Parameter(Mandatory=$false)] [switch] $Recursive, + [Parameter(Mandatory=$false)] [switch] $ScanItemLevel, + [Parameter(Mandatory=$false)] [switch] $IncludeInheritedPermissions + ) + Try { + #Connect to the Site + Connect-PnPOnline -Url $spUrl -Interactive -ClientId $pnpCiD + #Get the Web + $Web = Get-PnPWeb + + Write-host -f Yellow "Getting Site Collection Administrators..." + #Get Site Collection Administrators + $SiteAdmins = Get-PnPSiteCollectionAdmin + + $SiteCollectionAdmins = ($SiteAdmins | Select -ExpandProperty Title) -join "," + #Add the Data to Object + $Permissions = New-Object PSObject + $Permissions | Add-Member NoteProperty Object("Site Collection") + $Permissions | Add-Member NoteProperty Title($Web.Title) + $Permissions | Add-Member NoteProperty URL($Web.URL) + $Permissions | Add-Member NoteProperty HasUniquePermissions("TRUE") + $Permissions | Add-Member NoteProperty Users($SiteCollectionAdmins) + $Permissions | Add-Member NoteProperty Type("Site Collection Administrators") + $Permissions | Add-Member NoteProperty Permissions("Site Owner") + $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions") + + #Export Permissions to CSV File + $Permissions | Export-CSV $ReportFile -NoTypeInformation + + #Function to Get Permissions of All List Items of a given List + Function Get-PnPListItemsPermission([Microsoft.SharePoint.Client.List]$List) + { + Write-host -f Yellow "`t `t Getting Permissions of List Items in the List:"$List.Title + + #Get All Items from List in batches + $ListItems = Get-PnPListItem -List $List -PageSize 500 + + $ItemCounter = 0 + #Loop through each List item + ForEach($ListItem in $ListItems) + { + #Get Objects with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch + If($IncludeInheritedPermissions) + { + Get-PnPPermissions -Object $ListItem + } + Else + { + #Check if List Item has unique permissions + $HasUniquePermissions = Get-PnPProperty -ClientObject $ListItem -Property HasUniqueRoleAssignments + If($HasUniquePermissions -eq $True) + { + #Call the function to generate Permission report + Get-PnPPermissions -Object $ListItem + } + } + $ItemCounter++ + Write-Progress -PercentComplete ($ItemCounter / ($List.ItemCount) * 100) -Activity "Processing Items $ItemCounter of $($List.ItemCount)" -Status "Searching Unique Permissions in List Items of '$($List.Title)'" + } + } + + #Function to Get Permissions of all lists from the given web + Function Get-PnPListPermission([Microsoft.SharePoint.Client.Web]$Web) + { + #Get All Lists from the web + $Lists = Get-PnPProperty -ClientObject $Web -Property Lists + + #Exclude system lists + $ExcludedLists = @("Access Requests","App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms", + "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Images", "site collection images" + ,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Reporting Metadata", "Reporting Templates", "Search Config List","Site Assets","Preservation Hold Library", + "Site Pages", "Solution Gallery","Style Library","Suggested Content Browser Locations","Theme Gallery", "TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Pages") + + $Counter = 0 + #Get all lists from the web + ForEach($List in $Lists) + { + #Exclude System Lists + If($List.Hidden -eq $False -and $ExcludedLists -notcontains $List.Title) + { + $Counter++ + Write-Progress -PercentComplete ($Counter / ($Lists.Count) * 100) -Activity "Exporting Permissions from List '$($List.Title)' in $($Web.URL)" -Status "Processing Lists $Counter of $($Lists.Count)" + + #Get Item Level Permissions if 'ScanItemLevel' switch present + If($ScanItemLevel) + { + #Get List Items Permissions + Get-PnPListItemsPermission -List $List + } + + #Get Lists with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch + If($IncludeInheritedPermissions) + { + Get-PnPPermissions -Object $List + } + Else + { + #Check if List has unique permissions + $HasUniquePermissions = Get-PnPProperty -ClientObject $List -Property HasUniqueRoleAssignments + If($HasUniquePermissions -eq $True) + { + #Call the function to check permissions + Get-PnPPermissions -Object $List + } + } + } + } + } + + #Function to Get Webs's Permissions from given URL + Function Get-PnPWebPermission([Microsoft.SharePoint.Client.Web]$Web) + { + #Call the function to Get permissions of the web + Write-host -f Yellow "Getting Permissions of the Web: $($Web.URL)..." + Get-PnPPermissions -Object $Web + + #Get List Permissions + Write-host -f Yellow "`t Getting Permissions of Lists and Libraries..." + Get-PnPListPermission($Web) + + #Recursively get permissions from all sub-webs based on the "Recursive" Switch + If($Recursive) + { + #Get Subwebs of the Web + $Subwebs = Get-PnPProperty -ClientObject $Web -Property Webs + + #Iterate through each subsite in the current web + Foreach ($Subweb in $web.Webs) + { + #Get Webs with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch + If($IncludeInheritedPermissions) + { + Get-PnPWebPermission($Subweb) + } + Else + { + #Check if the Web has unique permissions + $HasUniquePermissions = Get-PnPProperty -ClientObject $SubWeb -Property HasUniqueRoleAssignments + + #Get the Web's Permissions + If($HasUniquePermissions -eq $true) + { + #Call the function recursively + Get-PnPWebPermission($Subweb) + } + } + } + } + } + + #Call the function with RootWeb to get site collection permissions + Get-PnPWebPermission $Web + + Write-host -f Green "`n*** Site Permission Report Generated Successfully!***" + } + Catch { + write-host -f Red "Error Generating Site Permission Report!" $_.Exception.Message + } +} + + + +Function Get-FileName($initialDirectory) { + [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") | + Out-Null + + $SaveFileDialog = New-Object System.Windows.Forms.SaveFileDialog + $SaveFileDialog.initialDirectory = $initialDirectory + $SaveFileDialog.filter = "CSV (*.csv)|*.csv"; + $SaveFileDialog.ShowDialog() | Out-Null + $SaveFileDialog.filename +} +$SaveMyFile = Get-Filename + +#region ***Parameters*** +$SiteURL=$spUrl+"/sites/"+$spSite +$ReportFile="$SaveMyFile" +#endregion + +#Call the function to generate permission report +Generate-PnPSitePermissionRpt -SiteURL $SiteURL -ReportFile $ReportFile -Recursive \ No newline at end of file diff --git a/Sharepoint/Sharepoint_Export_v3_mass.ps1 b/Sharepoint/Sharepoint_Export_v3_mass.ps1 new file mode 100644 index 0000000..b0f58aa --- /dev/null +++ b/Sharepoint/Sharepoint_Export_v3_mass.ps1 @@ -0,0 +1,337 @@ +if($args[0] -eq $null) +{ + #$spUrl = Read-Host "Adresse du SharePoint du client (ex: https//client.sharepoint.com) " + #$spSite = Read-Host "Nom du site (ce qu'il y a apres '/sites/' dans l'URL du site en question) " + $pnpCiD = Read-Host "Votre Client ID (ex: fa7800b5-0298-4205-a369-ffb976de3058) " + $csvSPpath = Read-Host "Chemin vers la liste des sites (CSV) " + +} +else +{ + $spUrl=$args[0] + $spSite=$args[1] + $pnpCiD=$args[2] + $csvSPpath=$args[3] +} + +$csvSPfile = Import-Csv -Path "$csvSPpath" + + + +#Function to Get Permissions Applied on a particular Object, such as: Web, List, Folder or List Item +Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object) +{ + #Determine the type of the object + Switch($Object.TypedObject.ToString()) + { + "Microsoft.SharePoint.Client.Web" { $ObjectType = "Site" ; $ObjectURL = $Object.URL; $ObjectTitle = $Object.Title } + "Microsoft.SharePoint.Client.ListItem" + { + If($Object.FileSystemObjectType -eq "Folder") + { + $ObjectType = "Folder" + #Get the URL of the Folder + $Folder = Get-PnPProperty -ClientObject $Object -Property Folder + $ObjectTitle = $Object.Folder.Name + $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.Folder.ServerRelativeUrl) + } + Else #File or List Item + { + #Get the URL of the Object + Get-PnPProperty -ClientObject $Object -Property File, ParentList + If($Object.File.Name -ne $Null) + { + $ObjectType = "File" + $ObjectTitle = $Object.File.Name + $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.File.ServerRelativeUrl) + } + else + { + $ObjectType = "List Item" + $ObjectTitle = $Object["Title"] + #Get the URL of the List Item + $DefaultDisplayFormUrl = Get-PnPProperty -ClientObject $Object.ParentList -Property DefaultDisplayFormUrl + $ObjectURL = $("{0}{1}?ID={2}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $DefaultDisplayFormUrl,$Object.ID) + } + } + } + Default + { + $ObjectType = "List or Library" + $ObjectTitle = $Object.Title + #Get the URL of the List or Library + $RootFolder = Get-PnPProperty -ClientObject $Object -Property RootFolder + $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $RootFolder.ServerRelativeUrl) + } + } + + #Get permissions assigned to the object + Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments + + #Check if Object has unique permissions + $HasUniquePermissions = $Object.HasUniqueRoleAssignments + + #Loop through each permission assigned and extract details + $PermissionCollection = @() + Foreach($RoleAssignment in $Object.RoleAssignments) + { + #Get the Permission Levels assigned and Member + Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member + + #Get the Principal Type: User, SP Group, AD Group + $PermissionType = $RoleAssignment.Member.PrincipalType + + #Get the Permission Levels assigned + $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name + + #Remove Limited Access + $PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join "," + + #Leave Principals with no Permissions + If($PermissionLevels.Length -eq 0) {Continue} + + #Get SharePoint group members + If($PermissionType -eq "SharePointGroup") + { + #Get Group Members + $GroupMembers = Get-PnPGroupMember -Identity $RoleAssignment.Member.LoginName + + #Leave Empty Groups + If($GroupMembers.count -eq 0){Continue} + $GroupUsers = ($GroupMembers | Select -ExpandProperty Title) -join "," + + #Add the Data to Object + $Permissions = New-Object PSObject + $Permissions | Add-Member NoteProperty Object($ObjectType) + $Permissions | Add-Member NoteProperty Title($ObjectTitle) + $Permissions | Add-Member NoteProperty URL($ObjectURL) + $Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions) + $Permissions | Add-Member NoteProperty Users($GroupUsers) + $Permissions | Add-Member NoteProperty Type($PermissionType) + $Permissions | Add-Member NoteProperty Permissions($PermissionLevels) + $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)") + $PermissionCollection += $Permissions + } + Else + { + #Add the Data to Object + $Permissions = New-Object PSObject + $Permissions | Add-Member NoteProperty Object($ObjectType) + $Permissions | Add-Member NoteProperty Title($ObjectTitle) + $Permissions | Add-Member NoteProperty URL($ObjectURL) + $Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions) + $Permissions | Add-Member NoteProperty Users($RoleAssignment.Member.Title) + $Permissions | Add-Member NoteProperty Type($PermissionType) + $Permissions | Add-Member NoteProperty Permissions($PermissionLevels) + $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions") + $PermissionCollection += $Permissions + } + } + #Export Permissions to CSV File + $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation -Append +} + +#Function to get sharepoint online site permissions report +Function Generate-PnPSitePermissionRpt() +{ +[cmdletbinding()] + + Param + ( + [Parameter(Mandatory=$false)] [String] $SiteURL, + [Parameter(Mandatory=$false)] [String] $ReportFile, + [Parameter(Mandatory=$false)] [switch] $Recursive, + [Parameter(Mandatory=$false)] [switch] $ScanItemLevel, + [Parameter(Mandatory=$false)] [switch] $IncludeInheritedPermissions + ) + Try { + #Connect to the Site + Connect-PnPOnline -Url $SiteURL -Interactive -ClientId $pnpCiD + #Get the Web + $Web = Get-PnPWeb + + Write-host -f Yellow "Getting Site Collection Administrators..." + #Get Site Collection Administrators + $SiteAdmins = Get-PnPSiteCollectionAdmin + + $SiteCollectionAdmins = ($SiteAdmins | Select -ExpandProperty Title) -join "," + #Add the Data to Object + $Permissions = New-Object PSObject + $Permissions | Add-Member NoteProperty Object("Site Collection") + $Permissions | Add-Member NoteProperty Title($Web.Title) + $Permissions | Add-Member NoteProperty URL($Web.URL) + $Permissions | Add-Member NoteProperty HasUniquePermissions("TRUE") + $Permissions | Add-Member NoteProperty Users($SiteCollectionAdmins) + $Permissions | Add-Member NoteProperty Type("Site Collection Administrators") + $Permissions | Add-Member NoteProperty Permissions("Site Owner") + $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions") + + #Export Permissions to CSV File + $Permissions | Export-CSV $ReportFile -NoTypeInformation + + #Function to Get Permissions of All List Items of a given List + Function Get-PnPListItemsPermission([Microsoft.SharePoint.Client.List]$List) + { + Write-host -f Yellow "`t `t Getting Permissions of List Items in the List:"$List.Title + + #Get All Items from List in batches + $ListItems = Get-PnPListItem -List $List -PageSize 500 + + $ItemCounter = 0 + #Loop through each List item + ForEach($ListItem in $ListItems) + { + #Get Objects with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch + If($IncludeInheritedPermissions) + { + Get-PnPPermissions -Object $ListItem + } + Else + { + #Check if List Item has unique permissions + $HasUniquePermissions = Get-PnPProperty -ClientObject $ListItem -Property HasUniqueRoleAssignments + If($HasUniquePermissions -eq $True) + { + #Call the function to generate Permission report + Get-PnPPermissions -Object $ListItem + } + } + $ItemCounter++ + Write-Progress -PercentComplete ($ItemCounter / ($List.ItemCount) * 100) -Activity "Processing Items $ItemCounter of $($List.ItemCount)" -Status "Searching Unique Permissions in List Items of '$($List.Title)'" + } + } + + #Function to Get Permissions of all lists from the given web + Function Get-PnPListPermission([Microsoft.SharePoint.Client.Web]$Web) + { + #Get All Lists from the web + $Lists = Get-PnPProperty -ClientObject $Web -Property Lists + + #Exclude system lists + $ExcludedLists = @("Access Requests","App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms", + "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Images", "site collection images" + ,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Reporting Metadata", "Reporting Templates", "Search Config List","Site Assets","Preservation Hold Library", + "Site Pages", "Solution Gallery","Style Library","Suggested Content Browser Locations","Theme Gallery", "TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Pages") + + $Counter = 0 + #Get all lists from the web + ForEach($List in $Lists) + { + #Exclude System Lists + If($List.Hidden -eq $False -and $ExcludedLists -notcontains $List.Title) + { + $Counter++ + Write-Progress -PercentComplete ($Counter / ($Lists.Count) * 100) -Activity "Exporting Permissions from List '$($List.Title)' in $($Web.URL)" -Status "Processing Lists $Counter of $($Lists.Count)" + + #Get Item Level Permissions if 'ScanItemLevel' switch present + If($ScanItemLevel) + { + #Get List Items Permissions + Get-PnPListItemsPermission -List $List + } + + #Get Lists with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch + If($IncludeInheritedPermissions) + { + Get-PnPPermissions -Object $List + } + Else + { + #Check if List has unique permissions + $HasUniquePermissions = Get-PnPProperty -ClientObject $List -Property HasUniqueRoleAssignments + If($HasUniquePermissions -eq $True) + { + #Call the function to check permissions + Get-PnPPermissions -Object $List + } + } + } + } + } + + #Function to Get Webs's Permissions from given URL + Function Get-PnPWebPermission([Microsoft.SharePoint.Client.Web]$Web) + { + #Call the function to Get permissions of the web + Write-host -f Yellow "Getting Permissions of the Web: $($Web.URL)..." + Get-PnPPermissions -Object $Web + + #Get List Permissions + Write-host -f Yellow "`t Getting Permissions of Lists and Libraries..." + Get-PnPListPermission($Web) + + #Recursively get permissions from all sub-webs based on the "Recursive" Switch + If($Recursive) + { + #Get Subwebs of the Web + $Subwebs = Get-PnPProperty -ClientObject $Web -Property Webs + + #Iterate through each subsite in the current web + Foreach ($Subweb in $web.Webs) + { + #Get Webs with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch + If($IncludeInheritedPermissions) + { + Get-PnPWebPermission($Subweb) + } + Else + { + #Check if the Web has unique permissions + $HasUniquePermissions = Get-PnPProperty -ClientObject $SubWeb -Property HasUniqueRoleAssignments + + #Get the Web's Permissions + If($HasUniquePermissions -eq $true) + { + #Call the function recursively + Get-PnPWebPermission($Subweb) + } + } + } + } + } + + #Call the function with RootWeb to get site collection permissions + Get-PnPWebPermission $Web + + Write-host -f Green "`n*** Site Permission Report Generated Successfully!***" + } + Catch { + write-host -f Red "Error Generating Site Permission Report!" $_.Exception.Message + } +} + + + +Function Get-Folder($initialDirectory="") + +{ + [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms")|Out-Null + + $foldername = New-Object System.Windows.Forms.FolderBrowserDialog + $foldername.Description = "Select a folder" + $foldername.rootfolder = "MyComputer" + $foldername.SelectedPath = $initialDirectory + + if($foldername.ShowDialog() -eq "OK") + { + $folder += $foldername.SelectedPath + } + return $folder +} + +$destinationFolder = Get-Folder + +#region ***Parameters*** +#$SiteURL=$spUrl+"/sites/"+$spSite +#$ReportFile="$SaveMyFile" +#endregion + +foreach ($site in $csvSPfile) +{ + #Call the function to generate permission report + $siteName = $site.SiteName + Write-Host $siteName + $siteUrlin = $site.URL + Write-Host $siteUrlin + Generate-PnPSitePermissionRpt -SiteURL $siteUrlin -ReportFile "$destinationFolder\$siteName.csv" -Recursive +}