題名、長かったですね。
SharePointファーム全体でADのセキュリティグループで付与されている権限の一覧を取りたい!取らねばならぬ!しかもアイテム単位まで!となったことがありまして、PowerShellなんかほとんどいじくったことなかったけどエイヤーと書いてみました。
ちなみに、これ動かした環境はMOSS2007 なので、2010、2013だと書き方のお作法が違うと思います。
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") | |
Function UserSource([string]$userName) | |
{ | |
if($userName.split("\").count -gt 1) | |
{ | |
$userName.split("\")[0] | |
} | |
elseif ($userName.split(":").count -gt 1) | |
{ | |
$userName.split(":")[0] | |
} | |
else | |
{ | |
"" | |
} | |
} | |
$Permissions=@() | |
$farm = [Microsoft.SharePoint.Administration.SPFarm]::Local | |
$farmWebServices = $farm.Services | where -FilterScript {$_.GetType() -eq [Microsoft.SharePoint.Administration.SPWebService]} | |
foreach ($farmWebService in $farmWebServices) { | |
foreach ($webApplication in $farmWebService.WebApplications) { | |
foreach ($webApplication in $SPWebApp) { | |
foreach ($site in $webApplication.Sites) | |
{ | |
foreach ($web in $site.AllWebs) | |
{ | |
Write-Host "Site Collection: ID:" $site.ID " - URL: " $web.Url " - rootweb" $web.IsRootweb | |
if ($web.HasUniqueRoleAssignments) | |
{ | |
foreach ($RoleAssignment in $web.RoleAssignments) | |
{ | |
$domain = UserSource($RoleAssignment.Member.LoginName) | |
if($domain -ne "") | |
{ | |
if ($RoleAssignment.Member.IsDomainGroup) | |
{ | |
if ($domain -ne "NT AUTHORITY") | |
{ | |
$users = new-object psobject | |
$users | add-member noteproperty -name "ObjectType" -value "SPWeb" | |
$users | add-member noteproperty -name "ObjectTitle" -value $web.Title | |
$users | add-member noteproperty -name "Type" -value "direct" | |
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx" | |
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName | |
$users | add-member noteproperty -name "Group" -value "" | |
$permlist = "" | |
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } | |
$users | add-member noteproperty -name "Permission" -value $permlist | |
write-host $users | |
$Permissions += $users | |
} | |
} | |
} | |
else | |
{ | |
$allUsers = $Roleassignment.member.users | |
foreach($user in $AllUsers) | |
{ | |
if ($user.IsDomainGroup) | |
{ | |
$domain = UserSource($user.LoginName) | |
if ($domain -ne "NT AUTHORITY") | |
{ | |
$users = new-object psobject | |
$users | add-member noteproperty -name "ObjectType" -value "SPWeb" | |
$users | add-member noteproperty -name "ObjectTitle" -value $web.Title | |
$users | add-member noteproperty -name "Type" -value "role" | |
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx" | |
$users | add-member noteproperty -name "user" -value $user.LoginName | |
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name | |
$permlist = "" | |
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } | |
$users | add-member noteproperty -name "Permission" -value $permlist | |
write-host $users | |
$Permissions += $users | |
} | |
} | |
} | |
} | |
} | |
} | |
foreach ($aList in $Web.lists) | |
{ | |
$listType = @{$true="doclib";$false="list"}[$aList.BaseType -eq "DocumentLibrary"] | |
if ($aList.HasUniqueRoleAssignments) | |
{ | |
foreach ($RoleAssignment in $aList.RoleAssignments) | |
{ | |
$domain = UserSource($RoleAssignment.Member.LoginName) | |
if($domain -ne "") | |
{ | |
if ($RoleAssignment.Member.IsDomainGroup) | |
{ | |
if ($domain -ne "NT AUTHORITY") | |
{ | |
$users = new-object psobject | |
$users | add-member noteproperty -name "ObjectType" -value "List" | |
$users | add-member noteproperty -name "ObjectTitle" -value $aList.Title | |
$users | add-member noteproperty -name "Type" -value "direct" | |
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($listType)&List=$($aList.id)" | |
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName | |
$users | add-member noteproperty -name "Group" -value "" | |
$permlist = "" | |
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } | |
$users | add-member noteproperty -name "Permission" -value $permlist | |
write-host $users | |
$Permissions += $users | |
} | |
} | |
} | |
else | |
{ | |
$allUsers = $Roleassignment.member.users | |
foreach($user in $AllUsers) | |
{ | |
if ($user.IsDomainGroup) | |
{ | |
$domain = UserSource($user.LoginName) | |
if ($domain -ne "NT AUTHORITY") | |
{ | |
$users = new-object psobject | |
$users | add-member noteproperty -name "ObjectType" -value "List" | |
$users | add-member noteproperty -name "ObjectTitle" -value $aList.Title | |
$users | add-member noteproperty -name "Type" -value "role" | |
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($listType)&List=$($aList.id)" | |
$users | add-member noteproperty -name "user" -value $user.LoginName | |
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name | |
$permlist = "" | |
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } | |
$users | add-member noteproperty -name "Permission" -value $permlist | |
write-host $users | |
$Permissions += $users | |
} | |
} | |
} | |
} | |
} | |
} # end if $aList.HasUniqueRoleAssignments | |
foreach($folder in $aList.Folders) | |
{ | |
if ($folder.HasUniqueRoleAssignments) | |
{ | |
foreach ($RoleAssignment in $folder.RoleAssignments) | |
{ | |
$domain = UserSource($RoleAssignment.Member.LoginName) | |
if($domain -ne "") | |
{ | |
if ($RoleAssignment.Member.IsDomainGroup) | |
{ | |
if ($doamin -ne "NT AUTHORITY") | |
{ | |
$users = new-object psobject | |
$users | add-member noteproperty -name "ObjectType" -value "folder" | |
$users | add-member noteproperty -name "ObjectTitle" -value $folder.Name | |
$users | add-member noteproperty -name "Type" -value "direct" | |
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($folder.id),LISTITEM&List=$($aList.id)" | |
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName | |
$users | add-member noteproperty -name "Group" -value "" | |
$permlist = "" | |
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } | |
$users | add-member noteproperty -name "Permission" -value $permlist | |
write-host $users | |
$Permissions += $users | |
} | |
} | |
} | |
else | |
{ | |
$allUsers = $Roleassignment.member.users | |
foreach($user in $AllUsers) | |
{ | |
if ($user.IsDomainGroup) | |
{ | |
$domain = UserSource($user.LoginName) | |
if ($domain -ne "NT AUTHORITY") | |
{ | |
$users = new-object psobject | |
$users | add-member noteproperty -name "ObjectType" -value "folder" | |
$users | add-member noteproperty -name "ObjectTitle" -value $folder.Name | |
$users | add-member noteproperty -name "Type" -value "direct" | |
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($folder.id),LISTITEM&List=$($aList.id)" | |
$users | add-member noteproperty -name "user" -value $user.LoginName | |
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name | |
$permlist = "" | |
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } | |
$users | add-member noteproperty -name "Permission" -value $permlist | |
write-host $users | |
$Permissions += $users | |
} | |
} | |
} | |
} | |
} | |
} | |
} # end foreach $folder | |
foreach ($anItem in $aList.Items) | |
{ | |
if ($anItem.HasUniqueRoleAssignments) | |
{ | |
# Write-host $anItem.URL | |
foreach ($RoleAssignment in $anItem.RoleAssignments) | |
{ | |
$domain = UserSource($RoleAssignment.Member.LoginName) | |
if($domain -ne "") | |
{ | |
if ($RoleAssignment.Member.IsDomainGroup) | |
{ | |
if ($domain -ne "NT AUTHORITY") | |
{ | |
$users = new-object psobject | |
$users | add-member noteproperty -name "ObjectType" -value "item" | |
$users | add-member noteproperty -name "ObjectTitle" -value $anItem.Name | |
$users | add-member noteproperty -name "Type" -value "direct" | |
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($anItem.id),LISTITEM&List=$($aList.id)" | |
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName | |
$users | add-member noteproperty -name "Group" -value "" | |
$permlist = "" | |
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } | |
$users | add-member noteproperty -name "Permission" -value $permlist | |
write-host $users | |
$Permissions += $users | |
} | |
} | |
} | |
else | |
{ | |
$allUsers = $Roleassignment.member.users | |
foreach($user in $AllUsers) | |
{ | |
if ($user.IsDomainGroup) | |
{ | |
$domain = UserSource($user.LoginName) | |
if ($domain -ne "NT AUTHORITY") | |
{ | |
$users = new-object psobject | |
$users | add-member noteproperty -name "ObjectType" -value "item" | |
$users | add-member noteproperty -name "ObjectTitle" -value $anItem.Name | |
$users | add-member noteproperty -name "Type" -value "role" | |
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($anItem.id),LISTITEM&List=$($aList.id)" | |
$users | add-member noteproperty -name "user" -value $user.LoginName | |
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name | |
$permlist = "" | |
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } | |
$users | add-member noteproperty -name "Permission" -value $permlist | |
write-host $users | |
$Permissions += $users | |
} | |
} | |
} | |
} | |
} | |
} # end foreach item | |
} # end foreach list | |
} #end if $web.HasUniqueRoleAssignments | |
} # end foreach web | |
$site.Dispose() | |
} # end foreach site | |
# } # end foreach webapp | |
} | |
$permissions | Export-Csv -Path D:\Work\DomainGroups.csv -encoding UTF8 |
PowerShell初心者ゆえコードきたなくて済みません。
もっと簡単に書けるよ、というアドバイスがありましたら、ぜひコメントくださいませ。
ともあれPowerShellのパワーを思い知りました(シャレではない)。使いこなせればいろいろできそう。
2013バージョンなどもそのうち機会がありましたら書くかも、書きたいな。