Created
March 8, 2024 18:51
-
-
Save joerodgers/360ddb99032ee13cd62da138183c8032 to your computer and use it in GitHub Desktop.
Reports all EEEU instances on the root of OneDrive sites in a tenant.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#requires -modules "PnP.PowerShell" | |
# requires SharePoint > Application > Sites.FullControl.All | |
Connect-PnPOnline ` | |
-Url "https://$env:O365_TENANT-admin.sharepoint.com" ` | |
-ClientId $env:O365_CLIENTID ` | |
-Thumbprint $env:O365_THUMBPRINT ` | |
-Tenant $env:O365_TENANTID ` | |
-ErrorAction Stop | |
# pull all sites and filter out non-onedrive sites | |
$personalSites = Get-PnPTenantSite -IncludeOneDriveSites | Where-Object -Property Template -match "SPSPERS" | |
# enumerate onedrive sites | |
$results = foreach( $personalSite in $personalSites ) | |
{ | |
Write-Host "[$(Get-Date)] - Scanning: $($personalSite.Url)" | |
try | |
{ | |
# connect to the onedrive site | |
Connect-PnPOnline ` | |
-Url $personalSite.Url ` | |
-ClientId $env:O365_CLIENTID ` | |
-Thumbprint $env:O365_THUMBPRINT ` | |
-Tenant $env:O365_TENANTID ` | |
-ErrorAction Stop | |
# get the rootweb + RoleAssignments | |
$web = Get-PnPWeb -Includes RoleAssignments | |
# enumerate RoleAssignments | |
foreach( $roleAssignment in $web.RoleAssignments ) | |
{ | |
# pull principal LoginName | |
$null = Get-PnPProperty -ClientObject $roleAssignment.Member -Property LoginName | |
# enumerate principals | |
foreach( $member in $roleAssignment.Member ) | |
{ | |
# check if principal is EEEU | |
if( $member.LoginName -match "spo-grid-all-users" ) | |
{ | |
# hydrate RoleDefinitionBindings (permissions) | |
$null = Get-PnPProperty -ClientObject $roleAssignment -Property RoleDefinitionBindings | |
# filter out hidden permissions | |
if( $roleDefinitionBindings = $roleAssignment.RoleDefinitionBindings | Where-Object -Property Hidden -eq $false ) | |
{ | |
# output object | |
[PSCustomObject] @{ | |
SiteUrl = $personalSite.Url | |
Owner = $personalSite.Owner | |
Claim = $member.LoginName | |
RoleDefinitionBindings = $roleDefinitionBindings.Name -join "," | |
} | |
} | |
} | |
} | |
} | |
} | |
catch | |
{ | |
Write-Host "Error processing site: $($_)" -ForegroundColor Red | |
} | |
} | |
$results | Export-Csv -Path "OneDriveEEEU.csv" -NoTypeInformation | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment