Skip to content

Instantly share code, notes, and snippets.

@marineko

marineko/GetAllPermission.ps1

Last active Mar 28, 2016
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Get all permission assigned to domain group for web, list, folder and item by powershell (SharePoint 2007)
Raw
GetAllPermission.ps1
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
Function UserSource([string]$userName)
{
if($userName.split("\").count -gt 1)
{
$userName.split("\")[0]
}
elseif ($userName.split(":").count -gt 1)
{
$userName.split(":")[0]
}
else
{
""
}
}
$Permissions=@()
$farm = [Microsoft.SharePoint.Administration.SPFarm]::Local
$farmWebServices = $farm.Services | where -FilterScript {$_.GetType() -eq [Microsoft.SharePoint.Administration.SPWebService]}
foreach ($farmWebService in $farmWebServices) {
foreach ($webApplication in $farmWebService.WebApplications) {
foreach ($webApplication in $SPWebApp) {
foreach ($site in $webApplication.Sites)
{
foreach ($web in $site.AllWebs)
{
Write-Host "Site Collection: ID:" $site.ID " - URL: " $web.Url " - rootweb" $web.IsRootweb
if ($web.HasUniqueRoleAssignments)
{
foreach ($RoleAssignment in $web.RoleAssignments)
{
$domain = UserSource($RoleAssignment.Member.LoginName)
if($domain -ne "")
{
if ($RoleAssignment.Member.IsDomainGroup)
{
if ($domain -ne "NT AUTHORITY")
{
$users = new-object psobject
$users | add-member noteproperty -name "ObjectType" -value "SPWeb"
$users | add-member noteproperty -name "ObjectTitle" -value $web.Title
$users | add-member noteproperty -name "Type" -value "direct"
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx"
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName
$users | add-member noteproperty -name "Group" -value ""
$permlist = ""
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" }
$users | add-member noteproperty -name "Permission" -value $permlist
write-host $users
$Permissions += $users
}
}
}
else
{
$allUsers = $Roleassignment.member.users
foreach($user in $AllUsers)
{
if ($user.IsDomainGroup)
{
$domain = UserSource($user.LoginName)
if ($domain -ne "NT AUTHORITY")
{
$users = new-object psobject
$users | add-member noteproperty -name "ObjectType" -value "SPWeb"
$users | add-member noteproperty -name "ObjectTitle" -value $web.Title
$users | add-member noteproperty -name "Type" -value "role"
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx"
$users | add-member noteproperty -name "user" -value $user.LoginName
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name
$permlist = ""
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" }
$users | add-member noteproperty -name "Permission" -value $permlist
write-host $users
$Permissions += $users
}
}
}
}
}
}
foreach ($aList in $Web.lists)
{
$listType = @{$true="doclib";$false="list"}[$aList.BaseType -eq "DocumentLibrary"]
if ($aList.HasUniqueRoleAssignments)
{
foreach ($RoleAssignment in $aList.RoleAssignments)
{
$domain = UserSource($RoleAssignment.Member.LoginName)
if($domain -ne "")
{
if ($RoleAssignment.Member.IsDomainGroup)
{
if ($domain -ne "NT AUTHORITY")
{
$users = new-object psobject
$users | add-member noteproperty -name "ObjectType" -value "List"
$users | add-member noteproperty -name "ObjectTitle" -value $aList.Title
$users | add-member noteproperty -name "Type" -value "direct"
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($listType)&List=$($aList.id)"
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName
$users | add-member noteproperty -name "Group" -value ""
$permlist = ""
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" }
$users | add-member noteproperty -name "Permission" -value $permlist
write-host $users
$Permissions += $users
}
}
}
else
{
$allUsers = $Roleassignment.member.users
foreach($user in $AllUsers)
{
if ($user.IsDomainGroup)
{
$domain = UserSource($user.LoginName)
if ($domain -ne "NT AUTHORITY")
{
$users = new-object psobject
$users | add-member noteproperty -name "ObjectType" -value "List"
$users | add-member noteproperty -name "ObjectTitle" -value $aList.Title
$users | add-member noteproperty -name "Type" -value "role"
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($listType)&List=$($aList.id)"
$users | add-member noteproperty -name "user" -value $user.LoginName
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name
$permlist = ""
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" }
$users | add-member noteproperty -name "Permission" -value $permlist
write-host $users
$Permissions += $users
}
}
}
}
}
} # end if $aList.HasUniqueRoleAssignments
foreach($folder in $aList.Folders)
{
if ($folder.HasUniqueRoleAssignments)
{
foreach ($RoleAssignment in $folder.RoleAssignments)
{
$domain = UserSource($RoleAssignment.Member.LoginName)
if($domain -ne "")
{
if ($RoleAssignment.Member.IsDomainGroup)
{
if ($doamin -ne "NT AUTHORITY")
{
$users = new-object psobject
$users | add-member noteproperty -name "ObjectType" -value "folder"
$users | add-member noteproperty -name "ObjectTitle" -value $folder.Name
$users | add-member noteproperty -name "Type" -value "direct"
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($folder.id),LISTITEM&List=$($aList.id)"
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName
$users | add-member noteproperty -name "Group" -value ""
$permlist = ""
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" }
$users | add-member noteproperty -name "Permission" -value $permlist
write-host $users
$Permissions += $users
}
}
}
else
{
$allUsers = $Roleassignment.member.users
foreach($user in $AllUsers)
{
if ($user.IsDomainGroup)
{
$domain = UserSource($user.LoginName)
if ($domain -ne "NT AUTHORITY")
{
$users = new-object psobject
$users | add-member noteproperty -name "ObjectType" -value "folder"
$users | add-member noteproperty -name "ObjectTitle" -value $folder.Name
$users | add-member noteproperty -name "Type" -value "direct"
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($folder.id),LISTITEM&List=$($aList.id)"
$users | add-member noteproperty -name "user" -value $user.LoginName
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name
$permlist = ""
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" }
$users | add-member noteproperty -name "Permission" -value $permlist
write-host $users
$Permissions += $users
}
}
}
}
}
}
} # end foreach $folder
foreach ($anItem in $aList.Items)
{
if ($anItem.HasUniqueRoleAssignments)
{
# Write-host $anItem.URL
foreach ($RoleAssignment in $anItem.RoleAssignments)
{
$domain = UserSource($RoleAssignment.Member.LoginName)
if($domain -ne "")
{
if ($RoleAssignment.Member.IsDomainGroup)
{
if ($domain -ne "NT AUTHORITY")
{
$users = new-object psobject
$users | add-member noteproperty -name "ObjectType" -value "item"
$users | add-member noteproperty -name "ObjectTitle" -value $anItem.Name
$users | add-member noteproperty -name "Type" -value "direct"
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($anItem.id),LISTITEM&List=$($aList.id)"
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName
$users | add-member noteproperty -name "Group" -value ""
$permlist = ""
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" }
$users | add-member noteproperty -name "Permission" -value $permlist
write-host $users
$Permissions += $users
}
}
}
else
{
$allUsers = $Roleassignment.member.users
foreach($user in $AllUsers)
{
if ($user.IsDomainGroup)
{
$domain = UserSource($user.LoginName)
if ($domain -ne "NT AUTHORITY")
{
$users = new-object psobject
$users | add-member noteproperty -name "ObjectType" -value "item"
$users | add-member noteproperty -name "ObjectTitle" -value $anItem.Name
$users | add-member noteproperty -name "Type" -value "role"
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($anItem.id),LISTITEM&List=$($aList.id)"
$users | add-member noteproperty -name "user" -value $user.LoginName
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name
$permlist = ""
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" }
$users | add-member noteproperty -name "Permission" -value $permlist
write-host $users
$Permissions += $users
}
}
}
}
}
} # end foreach item
} # end foreach list
} #end if $web.HasUniqueRoleAssignments
} # end foreach web
$site.Dispose()
} # end foreach site
# } # end foreach webapp
}
$permissions | Export-Csv -Path D:\Work\DomainGroups.csv -encoding UTF8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.