Removed , ; from charset to avoid csv conflicts

Removed Write-Color dependency
Fixed Tech-N2 not getting his script set because of a typo
2025-02-05 11:34:03 +01:00 · 2025-02-04 14:32:59 +01:00 · 2025-02-04 14:21:07 +01:00 · 2025-02-03 16:09:31 +01:00
3 changed files with 691 additions and 23 deletions
--- a/AD/CreateN1-N2Users/Create-ADtechs.ps1
+++ b/AD/CreateN1-N2Users/Create-ADtechs.ps1
@@ -1,19 +1,27 @@
-#On vérifie que les modules soient bien installés
-if (Get-Module -ListAvailable -Name PSWriteColor) {
-    $modExiste = $true
-} 
-else {
-    $modExiste = $false
-}
+Import-Module ActiveDirectory

-#Cette étape permet de désactiver les messages de confirmation d'install
-Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted
+#On récupere le nom de la forest pour déposer les scripts au bon endroit
+$domainInfos = Get-ADDomain
+$forestName = $domainInfos.Forest

-switch ($modExiste) {
-    $true{Import-Module ActiveDirectory;Import-Module PSWriteColor}
-    $false{Install-Module PSWriteColor -Confirm:$False;Import-Module ActiveDirectory;Import-Module PSWriteColor}
-    Default {Import-Module ActiveDirectory;Import-Module PSWriteColor}
-}
+#On crée et place les scripts de logon pour tous les users
+New-Item -Path C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\ -Name "Tech-N1.bat" -ItemType "file"
+$contentToAdd = @"
+cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dsa.msc"
+cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dhcpmgmt.msc"
+cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START printmanagement.msc"
+"@
+Add-Content C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\Tech-N1.bat $contentToAdd
+
+New-Item -Path C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\ -Name "Tech-N2.bat" -ItemType "file"
+$contentToAdd = @"
+cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dsa.msc"
+cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dhcpmgmt.msc"
+cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START printmanagement.msc"
+cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START dnsmgmt.msc"
+cmd.exe /c "SET __COMPAT_LAYER=RunAsInvoker & START gpmc.msc"
+"@
+Add-Content C:\WINDOWS\SYSVOL\sysvol\$forestName\scripts\Tech-N2.bat $contentToAdd

 #On crée le CSV pour y stocker les ID
 $pcName = (Get-ComputerInfo).CSName
@@ -26,7 +34,7 @@ function GenPass { #Genere un mdp aléatoire selon les parametres indiqués
        U = [Char[]]'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
        L = [Char[]]'abcdefghijklmnopqrstuvwxyz'
        N = [Char[]]'0123456789'
-        S = [Char[]]'!"#$%&()*+,-.:;<=>?@[]^_`{}~'
+        S = [Char[]]'!"#$%&()*+-.:<=>?@[]^_`{}~'
    }
        
    $Upper = Get-Random -Count 5 -InputObject $TokenSet.U
@@ -60,8 +68,8 @@ $grpDomainAdm = "S-1-5-21-$domaineSID-512"
 $grpPrintOp = "S-1-5-32-550"
 #$grpServerOp = "S-1-5-32-549" Pas utilisé
 #$grpPowerUsers = "S-1-5-32-547" Déprécié
-$grpDHCPadm = "S-1-5-21-$domaineSID-1135"
-$grpDHCPuser = "S-1-5-21-$domaineSID-1134"
+$grpDHCPadm = "Administrateurs DHCP"
+$grpDHCPuser = "Utilisateurs DHCP"
 $grpGPOadmin = "S-1-5-21-$domaineSID-520"
 $grpNetAdmin = "S-1-5-32-556"
 #################################
@@ -75,7 +83,7 @@ ForEach($user in $userList){
        # On vérifie si l'utilisateur existe déjà, passe au suivant si oui
        $existingUser = Get-ADUser -Filter { Name -eq $user } -ErrorAction SilentlyContinue
        if ($existingUser) {
-            Write-Color -Text "L'utilisateur ", $user, " existe deje. Application des permissions." -Color White, Yellow
+            Write-Host "L'utilisateur " -ForegroundColor White -NoNewline; Write-Host $user -ForegroundColor Yellow -NoNewline; Write-Host " existe deja. Application des permissions." -ForegroundColor White
        }
        $userPass = (GenPass)
        $userEncPass = ConvertTo-SecureString -String $userPass -AsPlainText -Force
@@ -91,7 +99,7 @@ ForEach($user in $userList){
        #...puis on l'ajoute aux bons groupes
        switch ($user) {
            "Tech-N1"{$Groups = @($grpAccountOp,$grpPrintOp,$grpDHCPuser)}
-            "Tech-N2"{$Groups = @($grpAccountOp,$grpPrintOp,$grpDHCPadm,$grpGPOadmin,$grpNetAdmin)}
+            "Tech-N2"{$Groups = @($grpAccountOp,$grpPrintOp,$grpGPOadmin,$grpNetAdmin,$grpDHCPadm)}
            "Tech-N3"{$Groups = @($grpDomainAdm)}
            Default {}
        }
@@ -101,15 +109,16 @@ ForEach($user in $userList){

        ForEach ($Group in $Groups) {

-            Add-ADPrincipalGroupMembership $User  -MemberOf  $Group
+            Add-ADPrincipalGroupMembership $User -MemberOf $Group

        }

-        Write-Color -Text "L'utilisateur ",$User," a bien ete cree. Son mot de passe est ",$userPass -Color White,Green,White,Cyan
+        Write-Host "L'utilisateur " -ForegroundColor White -NoNewline; Write-Host $User -ForegroundColor Green -NoNewline; Write-Host " a bien ete cree. Son mot de passe est " -ForegroundColor White -NoNewline; Write-Host $userPass -ForegroundColor Cyan
    }     
    catch {
        Write-Error "Erreur pour l'utilisateur $user : $_"
    }
 }
-
-Write-Color -Text "Les utilisateurs ainsi que leur mots de passes ont ete exportes ici : ","C:\techLogins-$pcName.csv" -Color White,Green
+Get-ADUser Tech-N1 | Set-ADUser -ScriptPath "Tech-N1.bat"
+Get-ADUser Tech-N2 | Set-ADUser -ScriptPath "Tech-N2.bat"
+Write-Host "Les utilisateurs ainsi que leur mots de passes ont ete exportes ici : " -ForegroundColor White -NoNewline; Write-Host "C:\techLogins-$pcName.csv" -ForegroundColor Green
--- a/Sharepoint/Sharepoint_Export_v3.ps1
+++ b/Sharepoint/Sharepoint_Export_v3.ps1
@@ -0,0 +1,322 @@
+
+if($args[0] -eq $null)
+{
+	$spUrl = Read-Host "Adresse du SharePoint du client (ex: https//client.sharepoint.com) "
+	$spSite = Read-Host "Nom du site (ce qu'il y a apres '/sites/' dans l'URL du site en question) "
+    $pnpCiD = Read-Host "Votre Client ID (ex: fa7800b5-0298-4205-a369-ffb976de3058) "
+
+}
+else
+{
+	$spUrl=$args[0]
+	$spSite=$args[1]
+    $pnpCiD=$args[2]
+}
+
+
+
+
+
+#Function to Get Permissions Applied on a particular Object, such as: Web, List, Folder or List Item
+Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)
+{
+    #Determine the type of the object
+    Switch($Object.TypedObject.ToString())
+    {
+        "Microsoft.SharePoint.Client.Web"  { $ObjectType = "Site" ; $ObjectURL = $Object.URL; $ObjectTitle = $Object.Title }
+        "Microsoft.SharePoint.Client.ListItem"
+        { 
+            If($Object.FileSystemObjectType -eq "Folder")
+            {
+                $ObjectType = "Folder"
+                #Get the URL of the Folder 
+                $Folder = Get-PnPProperty -ClientObject $Object -Property Folder
+                $ObjectTitle = $Object.Folder.Name
+                $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.Folder.ServerRelativeUrl)
+            }
+            Else #File or List Item
+            {
+                #Get the URL of the Object
+                Get-PnPProperty -ClientObject $Object -Property File, ParentList
+                If($Object.File.Name -ne $Null)
+                {
+                    $ObjectType = "File"
+                    $ObjectTitle = $Object.File.Name
+                    $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.File.ServerRelativeUrl)
+                }
+                else
+                {
+                    $ObjectType = "List Item"
+                    $ObjectTitle = $Object["Title"]
+                    #Get the URL of the List Item
+                    $DefaultDisplayFormUrl = Get-PnPProperty -ClientObject $Object.ParentList -Property DefaultDisplayFormUrl                     
+                    $ObjectURL = $("{0}{1}?ID={2}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $DefaultDisplayFormUrl,$Object.ID)
+                }
+            }
+        }
+        Default
+        { 
+            $ObjectType = "List or Library"
+            $ObjectTitle = $Object.Title
+            #Get the URL of the List or Library
+            $RootFolder = Get-PnPProperty -ClientObject $Object -Property RootFolder     
+            $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $RootFolder.ServerRelativeUrl)
+        }
+    }
+   
+    #Get permissions assigned to the object
+    Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments
+ 
+    #Check if Object has unique permissions
+    $HasUniquePermissions = $Object.HasUniqueRoleAssignments
+     
+    #Loop through each permission assigned and extract details
+    $PermissionCollection = @()
+    Foreach($RoleAssignment in $Object.RoleAssignments)
+    { 
+        #Get the Permission Levels assigned and Member
+        Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
+ 
+        #Get the Principal Type: User, SP Group, AD Group
+        $PermissionType = $RoleAssignment.Member.PrincipalType
+    
+        #Get the Permission Levels assigned
+        $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name
+ 
+        #Remove Limited Access
+        $PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join ","
+ 
+        #Leave Principals with no Permissions
+        If($PermissionLevels.Length -eq 0) {Continue}
+ 
+        #Get SharePoint group members
+        If($PermissionType -eq "SharePointGroup")
+        {
+            #Get Group Members
+            $GroupMembers = Get-PnPGroupMember -Identity $RoleAssignment.Member.LoginName
+                 
+            #Leave Empty Groups
+            If($GroupMembers.count -eq 0){Continue}
+            $GroupUsers = ($GroupMembers | Select -ExpandProperty Title) -join ","
+ 
+            #Add the Data to Object
+            $Permissions = New-Object PSObject
+            $Permissions | Add-Member NoteProperty Object($ObjectType)
+            $Permissions | Add-Member NoteProperty Title($ObjectTitle)
+            $Permissions | Add-Member NoteProperty URL($ObjectURL)
+            $Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
+            $Permissions | Add-Member NoteProperty Users($GroupUsers)
+            $Permissions | Add-Member NoteProperty Type($PermissionType)
+            $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
+            $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
+            $PermissionCollection += $Permissions
+        }
+        Else
+        {
+            #Add the Data to Object
+            $Permissions = New-Object PSObject
+            $Permissions | Add-Member NoteProperty Object($ObjectType)
+            $Permissions | Add-Member NoteProperty Title($ObjectTitle)
+            $Permissions | Add-Member NoteProperty URL($ObjectURL)
+            $Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
+            $Permissions | Add-Member NoteProperty Users($RoleAssignment.Member.Title)
+            $Permissions | Add-Member NoteProperty Type($PermissionType)
+            $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
+            $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
+            $PermissionCollection += $Permissions
+        }
+    }
+    #Export Permissions to CSV File
+    $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation -Append
+}
+   
+#Function to get sharepoint online site permissions report
+Function Generate-PnPSitePermissionRpt()
+{
+[cmdletbinding()]
+ 
+    Param 
+    (    
+        [Parameter(Mandatory=$false)] [String] $SiteURL, 
+        [Parameter(Mandatory=$false)] [String] $ReportFile,         
+        [Parameter(Mandatory=$false)] [switch] $Recursive,
+        [Parameter(Mandatory=$false)] [switch] $ScanItemLevel,
+        [Parameter(Mandatory=$false)] [switch] $IncludeInheritedPermissions       
+    )  
+    Try {
+        #Connect to the Site
+        Connect-PnPOnline -Url $spUrl -Interactive -ClientId $pnpCiD
+        #Get the Web
+        $Web = Get-PnPWeb
+ 
+        Write-host -f Yellow "Getting Site Collection Administrators..."
+        #Get Site Collection Administrators
+        $SiteAdmins = Get-PnPSiteCollectionAdmin
+         
+        $SiteCollectionAdmins = ($SiteAdmins | Select -ExpandProperty Title) -join ","
+        #Add the Data to Object
+        $Permissions = New-Object PSObject
+        $Permissions | Add-Member NoteProperty Object("Site Collection")
+        $Permissions | Add-Member NoteProperty Title($Web.Title)
+        $Permissions | Add-Member NoteProperty URL($Web.URL)
+        $Permissions | Add-Member NoteProperty HasUniquePermissions("TRUE")
+        $Permissions | Add-Member NoteProperty Users($SiteCollectionAdmins)
+        $Permissions | Add-Member NoteProperty Type("Site Collection Administrators")
+        $Permissions | Add-Member NoteProperty Permissions("Site Owner")
+        $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
+               
+        #Export Permissions to CSV File
+        $Permissions | Export-CSV $ReportFile -NoTypeInformation
+   
+        #Function to Get Permissions of All List Items of a given List
+        Function Get-PnPListItemsPermission([Microsoft.SharePoint.Client.List]$List)
+        {
+            Write-host -f Yellow "`t `t Getting Permissions of List Items in the List:"$List.Title
+  
+            #Get All Items from List in batches
+            $ListItems = Get-PnPListItem -List $List -PageSize 500
+  
+            $ItemCounter = 0
+            #Loop through each List item
+            ForEach($ListItem in $ListItems)
+            {
+                #Get Objects with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
+                If($IncludeInheritedPermissions)
+                {
+                    Get-PnPPermissions -Object $ListItem
+                }
+                Else
+                {
+                    #Check if List Item has unique permissions
+                    $HasUniquePermissions = Get-PnPProperty -ClientObject $ListItem -Property HasUniqueRoleAssignments
+                    If($HasUniquePermissions -eq $True)
+                    {
+                        #Call the function to generate Permission report
+                        Get-PnPPermissions -Object $ListItem
+                    }
+                }
+                $ItemCounter++
+                Write-Progress -PercentComplete ($ItemCounter / ($List.ItemCount) * 100) -Activity "Processing Items $ItemCounter of $($List.ItemCount)" -Status "Searching Unique Permissions in List Items of '$($List.Title)'"
+            }
+        }
+ 
+        #Function to Get Permissions of all lists from the given web
+        Function Get-PnPListPermission([Microsoft.SharePoint.Client.Web]$Web)
+        {
+            #Get All Lists from the web
+            $Lists = Get-PnPProperty -ClientObject $Web -Property Lists
+   
+            #Exclude system lists
+            $ExcludedLists = @("Access Requests","App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",
+            "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Images", "site collection images"
+            ,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Reporting Metadata", "Reporting Templates", "Search Config List","Site Assets","Preservation Hold Library",
+            "Site Pages", "Solution Gallery","Style Library","Suggested Content Browser Locations","Theme Gallery", "TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Pages")
+             
+            $Counter = 0
+            #Get all lists from the web   
+            ForEach($List in $Lists)
+            {
+                #Exclude System Lists
+                If($List.Hidden -eq $False -and $ExcludedLists -notcontains $List.Title)
+                {
+                    $Counter++
+                    Write-Progress -PercentComplete ($Counter / ($Lists.Count) * 100) -Activity "Exporting Permissions from List '$($List.Title)' in $($Web.URL)" -Status "Processing Lists $Counter of $($Lists.Count)"
+ 
+                    #Get Item Level Permissions if 'ScanItemLevel' switch present
+                    If($ScanItemLevel)
+                    {
+                        #Get List Items Permissions
+                        Get-PnPListItemsPermission -List $List
+                    }
+ 
+                    #Get Lists with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
+                    If($IncludeInheritedPermissions)
+                    {
+                        Get-PnPPermissions -Object $List
+                    }
+                    Else
+                    {
+                        #Check if List has unique permissions
+                        $HasUniquePermissions = Get-PnPProperty -ClientObject $List -Property HasUniqueRoleAssignments
+                        If($HasUniquePermissions -eq $True)
+                        {
+                            #Call the function to check permissions
+                            Get-PnPPermissions -Object $List
+                        }
+                    }
+                }
+            }
+        }
+   
+        #Function to Get Webs's Permissions from given URL
+        Function Get-PnPWebPermission([Microsoft.SharePoint.Client.Web]$Web) 
+        {
+            #Call the function to Get permissions of the web
+            Write-host -f Yellow "Getting Permissions of the Web: $($Web.URL)..." 
+            Get-PnPPermissions -Object $Web
+   
+            #Get List Permissions
+            Write-host -f Yellow "`t Getting Permissions of Lists and Libraries..."
+            Get-PnPListPermission($Web)
+ 
+            #Recursively get permissions from all sub-webs based on the "Recursive" Switch
+            If($Recursive)
+            {
+                #Get Subwebs of the Web
+                $Subwebs = Get-PnPProperty -ClientObject $Web -Property Webs
+ 
+                #Iterate through each subsite in the current web
+                Foreach ($Subweb in $web.Webs)
+                {
+                    #Get Webs with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
+                    If($IncludeInheritedPermissions)
+                    {
+                        Get-PnPWebPermission($Subweb)
+                    }
+                    Else
+                    {
+                        #Check if the Web has unique permissions
+                        $HasUniquePermissions = Get-PnPProperty -ClientObject $SubWeb -Property HasUniqueRoleAssignments
+   
+                        #Get the Web's Permissions
+                        If($HasUniquePermissions -eq $true) 
+                        { 
+                            #Call the function recursively                            
+                            Get-PnPWebPermission($Subweb)
+                        }
+                    }
+                }
+            }
+        }
+ 
+        #Call the function with RootWeb to get site collection permissions
+        Get-PnPWebPermission $Web
+   
+        Write-host -f Green "`n*** Site Permission Report Generated Successfully!***"
+     }
+    Catch {
+        write-host -f Red "Error Generating Site Permission Report!" $_.Exception.Message
+   }
+}
+   
+   
+
+Function Get-FileName($initialDirectory) {   
+    [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") |
+    Out-Null
+
+    $SaveFileDialog = New-Object System.Windows.Forms.SaveFileDialog
+    $SaveFileDialog.initialDirectory = $initialDirectory
+    $SaveFileDialog.filter = "CSV (*.csv)|*.csv";
+    $SaveFileDialog.ShowDialog() | Out-Null
+    $SaveFileDialog.filename
+}
+$SaveMyFile = Get-Filename
+
+#region ***Parameters***
+$SiteURL=$spUrl+"/sites/"+$spSite
+$ReportFile="$SaveMyFile"
+#endregion
+ 
+#Call the function to generate permission report
+Generate-PnPSitePermissionRpt -SiteURL $SiteURL -ReportFile $ReportFile -Recursive
--- a/Sharepoint/Sharepoint_Export_v3_mass.ps1
+++ b/Sharepoint/Sharepoint_Export_v3_mass.ps1
@@ -0,0 +1,337 @@
+if($args[0] -eq $null)
+{
+	#$spUrl = Read-Host "Adresse du SharePoint du client (ex: https//client.sharepoint.com) "
+	#$spSite = Read-Host "Nom du site (ce qu'il y a apres '/sites/' dans l'URL du site en question) "
+    $pnpCiD = Read-Host "Votre Client ID (ex: fa7800b5-0298-4205-a369-ffb976de3058) "
+    $csvSPpath = Read-Host "Chemin vers la liste des sites (CSV) "
+
+}
+else
+{
+	$spUrl=$args[0]
+	$spSite=$args[1]
+    $pnpCiD=$args[2]
+    $csvSPpath=$args[3]
+}
+
+$csvSPfile = Import-Csv -Path "$csvSPpath"
+
+
+
+#Function to Get Permissions Applied on a particular Object, such as: Web, List, Folder or List Item
+Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)
+{
+    #Determine the type of the object
+    Switch($Object.TypedObject.ToString())
+    {
+        "Microsoft.SharePoint.Client.Web"  { $ObjectType = "Site" ; $ObjectURL = $Object.URL; $ObjectTitle = $Object.Title }
+        "Microsoft.SharePoint.Client.ListItem"
+        { 
+            If($Object.FileSystemObjectType -eq "Folder")
+            {
+                $ObjectType = "Folder"
+                #Get the URL of the Folder 
+                $Folder = Get-PnPProperty -ClientObject $Object -Property Folder
+                $ObjectTitle = $Object.Folder.Name
+                $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.Folder.ServerRelativeUrl)
+            }
+            Else #File or List Item
+            {
+                #Get the URL of the Object
+                Get-PnPProperty -ClientObject $Object -Property File, ParentList
+                If($Object.File.Name -ne $Null)
+                {
+                    $ObjectType = "File"
+                    $ObjectTitle = $Object.File.Name
+                    $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.File.ServerRelativeUrl)
+                }
+                else
+                {
+                    $ObjectType = "List Item"
+                    $ObjectTitle = $Object["Title"]
+                    #Get the URL of the List Item
+                    $DefaultDisplayFormUrl = Get-PnPProperty -ClientObject $Object.ParentList -Property DefaultDisplayFormUrl                     
+                    $ObjectURL = $("{0}{1}?ID={2}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $DefaultDisplayFormUrl,$Object.ID)
+                }
+            }
+        }
+        Default
+        { 
+            $ObjectType = "List or Library"
+            $ObjectTitle = $Object.Title
+            #Get the URL of the List or Library
+            $RootFolder = Get-PnPProperty -ClientObject $Object -Property RootFolder     
+            $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $RootFolder.ServerRelativeUrl)
+        }
+    }
+   
+    #Get permissions assigned to the object
+    Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments
+ 
+    #Check if Object has unique permissions
+    $HasUniquePermissions = $Object.HasUniqueRoleAssignments
+     
+    #Loop through each permission assigned and extract details
+    $PermissionCollection = @()
+    Foreach($RoleAssignment in $Object.RoleAssignments)
+    { 
+        #Get the Permission Levels assigned and Member
+        Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
+ 
+        #Get the Principal Type: User, SP Group, AD Group
+        $PermissionType = $RoleAssignment.Member.PrincipalType
+    
+        #Get the Permission Levels assigned
+        $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name
+ 
+        #Remove Limited Access
+        $PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join ","
+ 
+        #Leave Principals with no Permissions
+        If($PermissionLevels.Length -eq 0) {Continue}
+ 
+        #Get SharePoint group members
+        If($PermissionType -eq "SharePointGroup")
+        {
+            #Get Group Members
+            $GroupMembers = Get-PnPGroupMember -Identity $RoleAssignment.Member.LoginName
+                 
+            #Leave Empty Groups
+            If($GroupMembers.count -eq 0){Continue}
+            $GroupUsers = ($GroupMembers | Select -ExpandProperty Title) -join ","
+ 
+            #Add the Data to Object
+            $Permissions = New-Object PSObject
+            $Permissions | Add-Member NoteProperty Object($ObjectType)
+            $Permissions | Add-Member NoteProperty Title($ObjectTitle)
+            $Permissions | Add-Member NoteProperty URL($ObjectURL)
+            $Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
+            $Permissions | Add-Member NoteProperty Users($GroupUsers)
+            $Permissions | Add-Member NoteProperty Type($PermissionType)
+            $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
+            $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
+            $PermissionCollection += $Permissions
+        }
+        Else
+        {
+            #Add the Data to Object
+            $Permissions = New-Object PSObject
+            $Permissions | Add-Member NoteProperty Object($ObjectType)
+            $Permissions | Add-Member NoteProperty Title($ObjectTitle)
+            $Permissions | Add-Member NoteProperty URL($ObjectURL)
+            $Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
+            $Permissions | Add-Member NoteProperty Users($RoleAssignment.Member.Title)
+            $Permissions | Add-Member NoteProperty Type($PermissionType)
+            $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
+            $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
+            $PermissionCollection += $Permissions
+        }
+    }
+    #Export Permissions to CSV File
+    $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation -Append
+}
+   
+#Function to get sharepoint online site permissions report
+Function Generate-PnPSitePermissionRpt()
+{
+[cmdletbinding()]
+ 
+    Param 
+    (    
+        [Parameter(Mandatory=$false)] [String] $SiteURL, 
+        [Parameter(Mandatory=$false)] [String] $ReportFile,         
+        [Parameter(Mandatory=$false)] [switch] $Recursive,
+        [Parameter(Mandatory=$false)] [switch] $ScanItemLevel,
+        [Parameter(Mandatory=$false)] [switch] $IncludeInheritedPermissions       
+    )  
+    Try {
+        #Connect to the Site
+        Connect-PnPOnline -Url $SiteURL -Interactive -ClientId $pnpCiD
+        #Get the Web
+        $Web = Get-PnPWeb
+ 
+        Write-host -f Yellow "Getting Site Collection Administrators..."
+        #Get Site Collection Administrators
+        $SiteAdmins = Get-PnPSiteCollectionAdmin
+         
+        $SiteCollectionAdmins = ($SiteAdmins | Select -ExpandProperty Title) -join ","
+        #Add the Data to Object
+        $Permissions = New-Object PSObject
+        $Permissions | Add-Member NoteProperty Object("Site Collection")
+        $Permissions | Add-Member NoteProperty Title($Web.Title)
+        $Permissions | Add-Member NoteProperty URL($Web.URL)
+        $Permissions | Add-Member NoteProperty HasUniquePermissions("TRUE")
+        $Permissions | Add-Member NoteProperty Users($SiteCollectionAdmins)
+        $Permissions | Add-Member NoteProperty Type("Site Collection Administrators")
+        $Permissions | Add-Member NoteProperty Permissions("Site Owner")
+        $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
+               
+        #Export Permissions to CSV File
+        $Permissions | Export-CSV $ReportFile -NoTypeInformation
+   
+        #Function to Get Permissions of All List Items of a given List
+        Function Get-PnPListItemsPermission([Microsoft.SharePoint.Client.List]$List)
+        {
+            Write-host -f Yellow "`t `t Getting Permissions of List Items in the List:"$List.Title
+  
+            #Get All Items from List in batches
+            $ListItems = Get-PnPListItem -List $List -PageSize 500
+  
+            $ItemCounter = 0
+            #Loop through each List item
+            ForEach($ListItem in $ListItems)
+            {
+                #Get Objects with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
+                If($IncludeInheritedPermissions)
+                {
+                    Get-PnPPermissions -Object $ListItem
+                }
+                Else
+                {
+                    #Check if List Item has unique permissions
+                    $HasUniquePermissions = Get-PnPProperty -ClientObject $ListItem -Property HasUniqueRoleAssignments
+                    If($HasUniquePermissions -eq $True)
+                    {
+                        #Call the function to generate Permission report
+                        Get-PnPPermissions -Object $ListItem
+                    }
+                }
+                $ItemCounter++
+                Write-Progress -PercentComplete ($ItemCounter / ($List.ItemCount) * 100) -Activity "Processing Items $ItemCounter of $($List.ItemCount)" -Status "Searching Unique Permissions in List Items of '$($List.Title)'"
+            }
+        }
+ 
+        #Function to Get Permissions of all lists from the given web
+        Function Get-PnPListPermission([Microsoft.SharePoint.Client.Web]$Web)
+        {
+            #Get All Lists from the web
+            $Lists = Get-PnPProperty -ClientObject $Web -Property Lists
+   
+            #Exclude system lists
+            $ExcludedLists = @("Access Requests","App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",
+            "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Images", "site collection images"
+            ,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Reporting Metadata", "Reporting Templates", "Search Config List","Site Assets","Preservation Hold Library",
+            "Site Pages", "Solution Gallery","Style Library","Suggested Content Browser Locations","Theme Gallery", "TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Pages")
+             
+            $Counter = 0
+            #Get all lists from the web   
+            ForEach($List in $Lists)
+            {
+                #Exclude System Lists
+                If($List.Hidden -eq $False -and $ExcludedLists -notcontains $List.Title)
+                {
+                    $Counter++
+                    Write-Progress -PercentComplete ($Counter / ($Lists.Count) * 100) -Activity "Exporting Permissions from List '$($List.Title)' in $($Web.URL)" -Status "Processing Lists $Counter of $($Lists.Count)"
+ 
+                    #Get Item Level Permissions if 'ScanItemLevel' switch present
+                    If($ScanItemLevel)
+                    {
+                        #Get List Items Permissions
+                        Get-PnPListItemsPermission -List $List
+                    }
+ 
+                    #Get Lists with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
+                    If($IncludeInheritedPermissions)
+                    {
+                        Get-PnPPermissions -Object $List
+                    }
+                    Else
+                    {
+                        #Check if List has unique permissions
+                        $HasUniquePermissions = Get-PnPProperty -ClientObject $List -Property HasUniqueRoleAssignments
+                        If($HasUniquePermissions -eq $True)
+                        {
+                            #Call the function to check permissions
+                            Get-PnPPermissions -Object $List
+                        }
+                    }
+                }
+            }
+        }
+   
+        #Function to Get Webs's Permissions from given URL
+        Function Get-PnPWebPermission([Microsoft.SharePoint.Client.Web]$Web) 
+        {
+            #Call the function to Get permissions of the web
+            Write-host -f Yellow "Getting Permissions of the Web: $($Web.URL)..." 
+            Get-PnPPermissions -Object $Web
+   
+            #Get List Permissions
+            Write-host -f Yellow "`t Getting Permissions of Lists and Libraries..."
+            Get-PnPListPermission($Web)
+ 
+            #Recursively get permissions from all sub-webs based on the "Recursive" Switch
+            If($Recursive)
+            {
+                #Get Subwebs of the Web
+                $Subwebs = Get-PnPProperty -ClientObject $Web -Property Webs
+ 
+                #Iterate through each subsite in the current web
+                Foreach ($Subweb in $web.Webs)
+                {
+                    #Get Webs with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
+                    If($IncludeInheritedPermissions)
+                    {
+                        Get-PnPWebPermission($Subweb)
+                    }
+                    Else
+                    {
+                        #Check if the Web has unique permissions
+                        $HasUniquePermissions = Get-PnPProperty -ClientObject $SubWeb -Property HasUniqueRoleAssignments
+   
+                        #Get the Web's Permissions
+                        If($HasUniquePermissions -eq $true) 
+                        { 
+                            #Call the function recursively                            
+                            Get-PnPWebPermission($Subweb)
+                        }
+                    }
+                }
+            }
+        }
+ 
+        #Call the function with RootWeb to get site collection permissions
+        Get-PnPWebPermission $Web
+   
+        Write-host -f Green "`n*** Site Permission Report Generated Successfully!***"
+     }
+    Catch {
+        write-host -f Red "Error Generating Site Permission Report!" $_.Exception.Message
+   }
+}
+   
+   
+
+Function Get-Folder($initialDirectory="")
+
+{
+    [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms")|Out-Null
+
+    $foldername = New-Object System.Windows.Forms.FolderBrowserDialog
+    $foldername.Description = "Select a folder"
+    $foldername.rootfolder = "MyComputer"
+    $foldername.SelectedPath = $initialDirectory
+
+    if($foldername.ShowDialog() -eq "OK")
+    {
+        $folder += $foldername.SelectedPath
+    }
+    return $folder
+}
+
+$destinationFolder = Get-Folder
+
+#region ***Parameters***
+#$SiteURL=$spUrl+"/sites/"+$spSite
+#$ReportFile="$SaveMyFile"
+#endregion
+
+foreach ($site in $csvSPfile)
+{
+    #Call the function to generate permission report
+    $siteName =  $site.SiteName
+    Write-Host $siteName
+    $siteUrlin = $site.URL
+    Write-Host $siteUrlin
+    Generate-PnPSitePermissionRpt -SiteURL $siteUrlin -ReportFile "$destinationFolder\$siteName.csv" -Recursive
+}
Author	SHA1	Message	Date
ArescomML	2e037fe448	Removed , ; from charset to avoid csv conflicts	2025-02-05 11:34:03 +01:00
kawa	ee7d0499e2	Removed Write-Color dependency	2025-02-04 14:32:59 +01:00
kawa	be0e6f7c4e	Fixed Tech-N2 not getting his script set because of a typo	2025-02-04 14:21:07 +01:00
kawa	b8bd6bd142	AdUsers : Now adds login scripts to launch relevant admin panels. Sharepoint_Export : added a new mass export version	2025-02-03 16:09:31 +01:00