Compare commits

...

6 Commits
1.0.1 ... main

3 changed files with 682 additions and 23 deletions

View File

@ -1,19 +1,27 @@
#On vérifie que les modules soient bien installés
if (Get-Module -ListAvailable -Name PSWriteColor) {
$modExiste = $true
}
else {
$modExiste = $false
}
Import-Module ActiveDirectory
#Cette étape permet de désactiver les messages de confirmation d'install
Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted
#On récupere le nom de la forest pour déposer les scripts au bon endroit
$domainInfos = Get-ADDomain
$forestName = $domainInfos.Forest
switch ($modExiste) {
$true{Import-Module ActiveDirectory;Import-Module PSWriteColor}
$false{Install-Module PSWriteColor -Confirm:$False;Import-Module ActiveDirectory;Import-Module PSWriteColor}
Default {Import-Module ActiveDirectory;Import-Module PSWriteColor}
}
#On crée et place les scripts de logon pour tous les users
New-Item -Path C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\ -Name "Tech-N1.bat" -ItemType "file"
$contentToAdd = @"
cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dsa.msc"
cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dhcpmgmt.msc"
cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START printmanagement.msc"
"@
Add-Content C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\Tech-N1.bat $contentToAdd
New-Item -Path C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\ -Name "Tech-N2.bat" -ItemType "file"
$contentToAdd = @"
cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dsa.msc"
cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dhcpmgmt.msc"
cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START printmanagement.msc"
cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dnsmgmt.msc"
cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START gpmc.msc"
"@
Add-Content C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\Tech-N2.bat $contentToAdd
#On crée le CSV pour y stocker les ID
$pcName = (Get-ComputerInfo).CSName
@ -26,7 +34,7 @@ function GenPass { #Genere un mdp aléatoire selon les parametres indiqués
U = [Char[]]'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
L = [Char[]]'abcdefghijklmnopqrstuvwxyz'
N = [Char[]]'0123456789'
S = [Char[]]'!"#$%&()*+,-.:;<=>?@[]^_`{}~'
S = [Char[]]'!"#$%&()*+-.:<=>?@[]^_`{}~'
}
$Upper = Get-Random -Count 5 -InputObject $TokenSet.U
@ -60,8 +68,8 @@ $grpDomainAdm = "S-1-5-21-$domaineSID-512"
$grpPrintOp = "S-1-5-32-550"
#$grpServerOp = "S-1-5-32-549" Pas utilisé
#$grpPowerUsers = "S-1-5-32-547" Déprécié
$grpDHCPadm = "S-1-5-21-$domaineSID-1135"
$grpDHCPuser = "S-1-5-21-$domaineSID-1134"
$grpDHCPadm = "Administrateurs DHCP"
$grpDHCPuser = "Utilisateurs DHCP"
$grpGPOadmin = "S-1-5-21-$domaineSID-520"
$grpNetAdmin = "S-1-5-32-556"
#################################
@ -75,7 +83,7 @@ ForEach($user in $userList){
# On vérifie si l'utilisateur existe déjà, passe au suivant si oui
$existingUser = Get-ADUser -Filter { Name -eq $user } -ErrorAction SilentlyContinue
if ($existingUser) {
Write-Color -Text "L'utilisateur ", $user, " existe deje. Application des permissions." -Color White, Yellow
Write-Host "L'utilisateur " -ForegroundColor White -NoNewline; Write-Host $user -ForegroundColor Yellow -NoNewline; Write-Host " existe deja. Application des permissions." -ForegroundColor White
}
$userPass = (GenPass)
$userEncPass = ConvertTo-SecureString -String $userPass -AsPlainText -Force
@ -91,7 +99,7 @@ ForEach($user in $userList){
#...puis on l'ajoute aux bons groupes
switch ($user) {
"Tech-N1"{$Groups = @($grpAccountOp,$grpPrintOp,$grpDHCPuser)}
"Tech-N2"{$Groups = @($grpAccountOp,$grpPrintOp,$grpDHCPadm,$grpGPOadmin,$grpNetAdmin)}
"Tech-N2"{$Groups = @($grpAccountOp,$grpPrintOp,$grpGPOadmin,$grpNetAdmin,$grpDHCPadm)}
"Tech-N3"{$Groups = @($grpDomainAdm)}
Default {}
}
@ -101,15 +109,16 @@ ForEach($user in $userList){
ForEach ($Group in $Groups) {
Add-ADPrincipalGroupMembership $User -MemberOf $Group
Add-ADPrincipalGroupMembership $User -MemberOf $Group
}
Write-Color -Text "L'utilisateur ",$User," a bien ete cree. Son mot de passe est ",$userPass -Color White,Green,White,Cyan
Write-Host "L'utilisateur " -ForegroundColor White -NoNewline; Write-Host $User -ForegroundColor Green -NoNewline; Write-Host " a bien ete cree. Son mot de passe est " -ForegroundColor White -NoNewline; Write-Host $userPass -ForegroundColor Cyan
}
catch {
Write-Error "Erreur pour l'utilisateur $user : $_"
}
}
Write-Color -Text "Les utilisateurs ainsi que leur mots de passes ont ete exportes ici : ","C:\techLogins-$pcName.csv" -Color White,Green
Get-ADUser Tech-N1 | Set-ADUser -ScriptPath "Tech-N1.bat"
Get-ADUser Tech-N2 | Set-ADUser -ScriptPath "Tech-N2.bat"
Write-Host "Les utilisateurs ainsi que leur mots de passes ont ete exportes ici : " -ForegroundColor White -NoNewline; Write-Host "C:\techLogins-$pcName.csv" -ForegroundColor Green

View File

@ -0,0 +1,322 @@
if($args[0] -eq $null)
{
$spUrl = Read-Host "Adresse du SharePoint du client (ex: https//client.sharepoint.com) "
$spSite = Read-Host "Nom du site (ce qu'il y a apres '/sites/' dans l'URL du site en question) "
$pnpCiD = Read-Host "Votre Client ID (ex: fa7800b5-0298-4205-a369-ffb976de3058) "
}
else
{
$spUrl=$args[0]
$spSite=$args[1]
$pnpCiD=$args[2]
}
#Function to Get Permissions Applied on a particular Object, such as: Web, List, Folder or List Item
Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)
{
#Determine the type of the object
Switch($Object.TypedObject.ToString())
{
"Microsoft.SharePoint.Client.Web" { $ObjectType = "Site" ; $ObjectURL = $Object.URL; $ObjectTitle = $Object.Title }
"Microsoft.SharePoint.Client.ListItem"
{
If($Object.FileSystemObjectType -eq "Folder")
{
$ObjectType = "Folder"
#Get the URL of the Folder
$Folder = Get-PnPProperty -ClientObject $Object -Property Folder
$ObjectTitle = $Object.Folder.Name
$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.Folder.ServerRelativeUrl)
}
Else #File or List Item
{
#Get the URL of the Object
Get-PnPProperty -ClientObject $Object -Property File, ParentList
If($Object.File.Name -ne $Null)
{
$ObjectType = "File"
$ObjectTitle = $Object.File.Name
$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.File.ServerRelativeUrl)
}
else
{
$ObjectType = "List Item"
$ObjectTitle = $Object["Title"]
#Get the URL of the List Item
$DefaultDisplayFormUrl = Get-PnPProperty -ClientObject $Object.ParentList -Property DefaultDisplayFormUrl
$ObjectURL = $("{0}{1}?ID={2}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $DefaultDisplayFormUrl,$Object.ID)
}
}
}
Default
{
$ObjectType = "List or Library"
$ObjectTitle = $Object.Title
#Get the URL of the List or Library
$RootFolder = Get-PnPProperty -ClientObject $Object -Property RootFolder
$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $RootFolder.ServerRelativeUrl)
}
}
#Get permissions assigned to the object
Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments
#Check if Object has unique permissions
$HasUniquePermissions = $Object.HasUniqueRoleAssignments
#Loop through each permission assigned and extract details
$PermissionCollection = @()
Foreach($RoleAssignment in $Object.RoleAssignments)
{
#Get the Permission Levels assigned and Member
Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
#Get the Principal Type: User, SP Group, AD Group
$PermissionType = $RoleAssignment.Member.PrincipalType
#Get the Permission Levels assigned
$PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name
#Remove Limited Access
$PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join ","
#Leave Principals with no Permissions
If($PermissionLevels.Length -eq 0) {Continue}
#Get SharePoint group members
If($PermissionType -eq "SharePointGroup")
{
#Get Group Members
$GroupMembers = Get-PnPGroupMember -Identity $RoleAssignment.Member.LoginName
#Leave Empty Groups
If($GroupMembers.count -eq 0){Continue}
$GroupUsers = ($GroupMembers | Select -ExpandProperty Title) -join ","
#Add the Data to Object
$Permissions = New-Object PSObject
$Permissions | Add-Member NoteProperty Object($ObjectType)
$Permissions | Add-Member NoteProperty Title($ObjectTitle)
$Permissions | Add-Member NoteProperty URL($ObjectURL)
$Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
$Permissions | Add-Member NoteProperty Users($GroupUsers)
$Permissions | Add-Member NoteProperty Type($PermissionType)
$Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
$Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
$PermissionCollection += $Permissions
}
Else
{
#Add the Data to Object
$Permissions = New-Object PSObject
$Permissions | Add-Member NoteProperty Object($ObjectType)
$Permissions | Add-Member NoteProperty Title($ObjectTitle)
$Permissions | Add-Member NoteProperty URL($ObjectURL)
$Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
$Permissions | Add-Member NoteProperty Users($RoleAssignment.Member.Title)
$Permissions | Add-Member NoteProperty Type($PermissionType)
$Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
$Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
$PermissionCollection += $Permissions
}
}
#Export Permissions to CSV File
$PermissionCollection | Export-CSV $ReportFile -NoTypeInformation -Append
}
#Function to get sharepoint online site permissions report
Function Generate-PnPSitePermissionRpt()
{
[cmdletbinding()]
Param
(
[Parameter(Mandatory=$false)] [String] $SiteURL,
[Parameter(Mandatory=$false)] [String] $ReportFile,
[Parameter(Mandatory=$false)] [switch] $Recursive,
[Parameter(Mandatory=$false)] [switch] $ScanItemLevel,
[Parameter(Mandatory=$false)] [switch] $IncludeInheritedPermissions
)
Try {
#Connect to the Site
Connect-PnPOnline -Url $spUrl -Interactive -ClientId $pnpCiD
#Get the Web
$Web = Get-PnPWeb
Write-host -f Yellow "Getting Site Collection Administrators..."
#Get Site Collection Administrators
$SiteAdmins = Get-PnPSiteCollectionAdmin
$SiteCollectionAdmins = ($SiteAdmins | Select -ExpandProperty Title) -join ","
#Add the Data to Object
$Permissions = New-Object PSObject
$Permissions | Add-Member NoteProperty Object("Site Collection")
$Permissions | Add-Member NoteProperty Title($Web.Title)
$Permissions | Add-Member NoteProperty URL($Web.URL)
$Permissions | Add-Member NoteProperty HasUniquePermissions("TRUE")
$Permissions | Add-Member NoteProperty Users($SiteCollectionAdmins)
$Permissions | Add-Member NoteProperty Type("Site Collection Administrators")
$Permissions | Add-Member NoteProperty Permissions("Site Owner")
$Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
#Export Permissions to CSV File
$Permissions | Export-CSV $ReportFile -NoTypeInformation
#Function to Get Permissions of All List Items of a given List
Function Get-PnPListItemsPermission([Microsoft.SharePoint.Client.List]$List)
{
Write-host -f Yellow "`t `t Getting Permissions of List Items in the List:"$List.Title
#Get All Items from List in batches
$ListItems = Get-PnPListItem -List $List -PageSize 500
$ItemCounter = 0
#Loop through each List item
ForEach($ListItem in $ListItems)
{
#Get Objects with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
If($IncludeInheritedPermissions)
{
Get-PnPPermissions -Object $ListItem
}
Else
{
#Check if List Item has unique permissions
$HasUniquePermissions = Get-PnPProperty -ClientObject $ListItem -Property HasUniqueRoleAssignments
If($HasUniquePermissions -eq $True)
{
#Call the function to generate Permission report
Get-PnPPermissions -Object $ListItem
}
}
$ItemCounter++
Write-Progress -PercentComplete ($ItemCounter / ($List.ItemCount) * 100) -Activity "Processing Items $ItemCounter of $($List.ItemCount)" -Status "Searching Unique Permissions in List Items of '$($List.Title)'"
}
}
#Function to Get Permissions of all lists from the given web
Function Get-PnPListPermission([Microsoft.SharePoint.Client.Web]$Web)
{
#Get All Lists from the web
$Lists = Get-PnPProperty -ClientObject $Web -Property Lists
#Exclude system lists
$ExcludedLists = @("Access Requests","App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",
"Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Images", "site collection images"
,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Reporting Metadata", "Reporting Templates", "Search Config List","Site Assets","Preservation Hold Library",
"Site Pages", "Solution Gallery","Style Library","Suggested Content Browser Locations","Theme Gallery", "TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Pages")
$Counter = 0
#Get all lists from the web
ForEach($List in $Lists)
{
#Exclude System Lists
If($List.Hidden -eq $False -and $ExcludedLists -notcontains $List.Title)
{
$Counter++
Write-Progress -PercentComplete ($Counter / ($Lists.Count) * 100) -Activity "Exporting Permissions from List '$($List.Title)' in $($Web.URL)" -Status "Processing Lists $Counter of $($Lists.Count)"
#Get Item Level Permissions if 'ScanItemLevel' switch present
If($ScanItemLevel)
{
#Get List Items Permissions
Get-PnPListItemsPermission -List $List
}
#Get Lists with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
If($IncludeInheritedPermissions)
{
Get-PnPPermissions -Object $List
}
Else
{
#Check if List has unique permissions
$HasUniquePermissions = Get-PnPProperty -ClientObject $List -Property HasUniqueRoleAssignments
If($HasUniquePermissions -eq $True)
{
#Call the function to check permissions
Get-PnPPermissions -Object $List
}
}
}
}
}
#Function to Get Webs's Permissions from given URL
Function Get-PnPWebPermission([Microsoft.SharePoint.Client.Web]$Web)
{
#Call the function to Get permissions of the web
Write-host -f Yellow "Getting Permissions of the Web: $($Web.URL)..."
Get-PnPPermissions -Object $Web
#Get List Permissions
Write-host -f Yellow "`t Getting Permissions of Lists and Libraries..."
Get-PnPListPermission($Web)
#Recursively get permissions from all sub-webs based on the "Recursive" Switch
If($Recursive)
{
#Get Subwebs of the Web
$Subwebs = Get-PnPProperty -ClientObject $Web -Property Webs
#Iterate through each subsite in the current web
Foreach ($Subweb in $web.Webs)
{
#Get Webs with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
If($IncludeInheritedPermissions)
{
Get-PnPWebPermission($Subweb)
}
Else
{
#Check if the Web has unique permissions
$HasUniquePermissions = Get-PnPProperty -ClientObject $SubWeb -Property HasUniqueRoleAssignments
#Get the Web's Permissions
If($HasUniquePermissions -eq $true)
{
#Call the function recursively
Get-PnPWebPermission($Subweb)
}
}
}
}
}
#Call the function with RootWeb to get site collection permissions
Get-PnPWebPermission $Web
Write-host -f Green "`n*** Site Permission Report Generated Successfully!***"
}
Catch {
write-host -f Red "Error Generating Site Permission Report!" $_.Exception.Message
}
}
Function Get-FileName($initialDirectory) {
[System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") |
Out-Null
$SaveFileDialog = New-Object System.Windows.Forms.SaveFileDialog
$SaveFileDialog.initialDirectory = $initialDirectory
$SaveFileDialog.filter = "CSV (*.csv)|*.csv";
$SaveFileDialog.ShowDialog() | Out-Null
$SaveFileDialog.filename
}
$SaveMyFile = Get-Filename
#region ***Parameters***
$SiteURL=$spUrl+"/sites/"+$spSite
$ReportFile="$SaveMyFile"
#endregion
#Call the function to generate permission report
Generate-PnPSitePermissionRpt -SiteURL $SiteURL -ReportFile $ReportFile -Recursive

View File

@ -0,0 +1,328 @@
if($args[0] -eq $null)
{
$pnpCiD = Read-Host "Votre Client ID (ex: fa7800b5-0298-4205-a369-ffb976de3058) "
$csvSPpath = Read-Host "Chemin vers la liste des sites (CSV) "
}
else
{
$pnpCiD=$args[0]
$csvSPpath=$args[1]
}
$csvSPfile = Import-Csv -Path "$csvSPpath"
#Function to Get Permissions Applied on a particular Object, such as: Web, List, Folder or List Item
Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)
{
#Determine the type of the object
Switch($Object.TypedObject.ToString())
{
"Microsoft.SharePoint.Client.Web" { $ObjectType = "Site" ; $ObjectURL = $Object.URL; $ObjectTitle = $Object.Title }
"Microsoft.SharePoint.Client.ListItem"
{
If($Object.FileSystemObjectType -eq "Folder")
{
$ObjectType = "Folder"
#Get the URL of the Folder
$Folder = Get-PnPProperty -ClientObject $Object -Property Folder
$ObjectTitle = $Object.Folder.Name
$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.Folder.ServerRelativeUrl)
}
Else #File or List Item
{
#Get the URL of the Object
Get-PnPProperty -ClientObject $Object -Property File, ParentList
If($Object.File.Name -ne $Null)
{
$ObjectType = "File"
$ObjectTitle = $Object.File.Name
$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.File.ServerRelativeUrl)
}
else
{
$ObjectType = "List Item"
$ObjectTitle = $Object["Title"]
#Get the URL of the List Item
$DefaultDisplayFormUrl = Get-PnPProperty -ClientObject $Object.ParentList -Property DefaultDisplayFormUrl
$ObjectURL = $("{0}{1}?ID={2}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $DefaultDisplayFormUrl,$Object.ID)
}
}
}
Default
{
$ObjectType = "List or Library"
$ObjectTitle = $Object.Title
#Get the URL of the List or Library
$RootFolder = Get-PnPProperty -ClientObject $Object -Property RootFolder
$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $RootFolder.ServerRelativeUrl)
}
}
#Get permissions assigned to the object
Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments
#Check if Object has unique permissions
$HasUniquePermissions = $Object.HasUniqueRoleAssignments
#Loop through each permission assigned and extract details
$PermissionCollection = @()
Foreach($RoleAssignment in $Object.RoleAssignments)
{
#Get the Permission Levels assigned and Member
Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
#Get the Principal Type: User, SP Group, AD Group
$PermissionType = $RoleAssignment.Member.PrincipalType
#Get the Permission Levels assigned
$PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name
#Remove Limited Access
$PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join ","
#Leave Principals with no Permissions
If($PermissionLevels.Length -eq 0) {Continue}
#Get SharePoint group members
If($PermissionType -eq "SharePointGroup")
{
#Get Group Members
$GroupMembers = Get-PnPGroupMember -Identity $RoleAssignment.Member.LoginName
#Leave Empty Groups
If($GroupMembers.count -eq 0){Continue}
$GroupUsers = ($GroupMembers | Select -ExpandProperty Title) -join ","
#Add the Data to Object
$Permissions = New-Object PSObject
$Permissions | Add-Member NoteProperty Object($ObjectType)
$Permissions | Add-Member NoteProperty Title($ObjectTitle)
$Permissions | Add-Member NoteProperty URL($ObjectURL)
$Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
$Permissions | Add-Member NoteProperty Users($GroupUsers)
$Permissions | Add-Member NoteProperty Type($PermissionType)
$Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
$Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
$PermissionCollection += $Permissions
}
Else
{
#Add the Data to Object
$Permissions = New-Object PSObject
$Permissions | Add-Member NoteProperty Object($ObjectType)
$Permissions | Add-Member NoteProperty Title($ObjectTitle)
$Permissions | Add-Member NoteProperty URL($ObjectURL)
$Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
$Permissions | Add-Member NoteProperty Users($RoleAssignment.Member.Title)
$Permissions | Add-Member NoteProperty Type($PermissionType)
$Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
$Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
$PermissionCollection += $Permissions
}
}
#Export Permissions to CSV File
$PermissionCollection | Export-CSV $ReportFile -NoTypeInformation -Append
}
#Function to get sharepoint online site permissions report
Function Generate-PnPSitePermissionRpt()
{
[cmdletbinding()]
Param
(
[Parameter(Mandatory=$false)] [String] $SiteURL,
[Parameter(Mandatory=$false)] [String] $ReportFile,
[Parameter(Mandatory=$false)] [switch] $Recursive,
[Parameter(Mandatory=$false)] [switch] $ScanItemLevel,
[Parameter(Mandatory=$false)] [switch] $IncludeInheritedPermissions
)
Try {
#Connect to the Site
Connect-PnPOnline -Url $SiteURL -Interactive -ClientId $pnpCiD
#Get the Web
$Web = Get-PnPWeb
Write-host -f Yellow "Getting Site Collection Administrators..."
#Get Site Collection Administrators
$SiteAdmins = Get-PnPSiteCollectionAdmin
$SiteCollectionAdmins = ($SiteAdmins | Select -ExpandProperty Title) -join ","
#Add the Data to Object
$Permissions = New-Object PSObject
$Permissions | Add-Member NoteProperty Object("Site Collection")
$Permissions | Add-Member NoteProperty Title($Web.Title)
$Permissions | Add-Member NoteProperty URL($Web.URL)
$Permissions | Add-Member NoteProperty HasUniquePermissions("TRUE")
$Permissions | Add-Member NoteProperty Users($SiteCollectionAdmins)
$Permissions | Add-Member NoteProperty Type("Site Collection Administrators")
$Permissions | Add-Member NoteProperty Permissions("Site Owner")
$Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
#Export Permissions to CSV File
$Permissions | Export-CSV $ReportFile -NoTypeInformation
#Function to Get Permissions of All List Items of a given List
Function Get-PnPListItemsPermission([Microsoft.SharePoint.Client.List]$List)
{
Write-host -f Yellow "`t `t Getting Permissions of List Items in the List:"$List.Title
#Get All Items from List in batches
$ListItems = Get-PnPListItem -List $List -PageSize 500
$ItemCounter = 0
#Loop through each List item
ForEach($ListItem in $ListItems)
{
#Get Objects with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
If($IncludeInheritedPermissions)
{
Get-PnPPermissions -Object $ListItem
}
Else
{
#Check if List Item has unique permissions
$HasUniquePermissions = Get-PnPProperty -ClientObject $ListItem -Property HasUniqueRoleAssignments
If($HasUniquePermissions -eq $True)
{
#Call the function to generate Permission report
Get-PnPPermissions -Object $ListItem
}
}
$ItemCounter++
Write-Progress -PercentComplete ($ItemCounter / ($List.ItemCount) * 100) -Activity "Processing Items $ItemCounter of $($List.ItemCount)" -Status "Searching Unique Permissions in List Items of '$($List.Title)'"
}
}
#Function to Get Permissions of all lists from the given web
Function Get-PnPListPermission([Microsoft.SharePoint.Client.Web]$Web)
{
#Get All Lists from the web
$Lists = Get-PnPProperty -ClientObject $Web -Property Lists
#Exclude system lists
$ExcludedLists = @("Access Requests","App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",
"Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Images", "site collection images"
,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Reporting Metadata", "Reporting Templates", "Search Config List","Site Assets","Preservation Hold Library",
"Site Pages", "Solution Gallery","Style Library","Suggested Content Browser Locations","Theme Gallery", "TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Pages")
$Counter = 0
#Get all lists from the web
ForEach($List in $Lists)
{
#Exclude System Lists
If($List.Hidden -eq $False -and $ExcludedLists -notcontains $List.Title)
{
$Counter++
Write-Progress -PercentComplete ($Counter / ($Lists.Count) * 100) -Activity "Exporting Permissions from List '$($List.Title)' in $($Web.URL)" -Status "Processing Lists $Counter of $($Lists.Count)"
#Get Item Level Permissions if 'ScanItemLevel' switch present
If($ScanItemLevel)
{
#Get List Items Permissions
Get-PnPListItemsPermission -List $List
}
#Get Lists with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
If($IncludeInheritedPermissions)
{
Get-PnPPermissions -Object $List
}
Else
{
#Check if List has unique permissions
$HasUniquePermissions = Get-PnPProperty -ClientObject $List -Property HasUniqueRoleAssignments
If($HasUniquePermissions -eq $True)
{
#Call the function to check permissions
Get-PnPPermissions -Object $List
}
}
}
}
}
#Function to Get Webs's Permissions from given URL
Function Get-PnPWebPermission([Microsoft.SharePoint.Client.Web]$Web)
{
#Call the function to Get permissions of the web
Write-host -f Yellow "Getting Permissions of the Web: $($Web.URL)..."
Get-PnPPermissions -Object $Web
#Get List Permissions
Write-host -f Yellow "`t Getting Permissions of Lists and Libraries..."
Get-PnPListPermission($Web)
#Recursively get permissions from all sub-webs based on the "Recursive" Switch
If($Recursive)
{
#Get Subwebs of the Web
$Subwebs = Get-PnPProperty -ClientObject $Web -Property Webs
#Iterate through each subsite in the current web
Foreach ($Subweb in $web.Webs)
{
#Get Webs with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
If($IncludeInheritedPermissions)
{
Get-PnPWebPermission($Subweb)
}
Else
{
#Check if the Web has unique permissions
$HasUniquePermissions = Get-PnPProperty -ClientObject $SubWeb -Property HasUniqueRoleAssignments
#Get the Web's Permissions
If($HasUniquePermissions -eq $true)
{
#Call the function recursively
Get-PnPWebPermission($Subweb)
}
}
}
}
}
#Call the function with RootWeb to get site collection permissions
Get-PnPWebPermission $Web
Write-host -f Green "`n*** Site Permission Report Generated Successfully!***"
}
Catch {
write-host -f Red "Error Generating Site Permission Report!" $_.Exception.Message
}
}
Function Get-Folder($initialDirectory="")
{
[System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms")|Out-Null
$foldername = New-Object System.Windows.Forms.FolderBrowserDialog
$foldername.Description = "Select a folder"
$foldername.rootfolder = "MyComputer"
$foldername.SelectedPath = $initialDirectory
if($foldername.ShowDialog() -eq "OK")
{
$folder += $foldername.SelectedPath
}
return $folder
}
$destinationFolder = Get-Folder
foreach ($site in $csvSPfile)
{
#Call the function to generate permission report
$siteName = $site.SiteName
Write-Host $siteName
$siteUrlin = $site.URL
Write-Host $siteUrlin
Generate-PnPSitePermissionRpt -SiteURL $siteUrlin -ReportFile "$destinationFolder\$siteName.csv" -Recursive
}