|
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") |
|
Function UserSource([string]$userName) |
|
{ |
|
if($userName.split("\").count -gt 1) |
|
{ |
|
$userName.split("\")[0] |
|
} |
|
elseif ($userName.split(":").count -gt 1) |
|
{ |
|
$userName.split(":")[0] |
|
} |
|
else |
|
{ |
|
"" |
|
} |
|
} |
|
|
|
$Permissions=@() |
|
|
|
$farm = [Microsoft.SharePoint.Administration.SPFarm]::Local |
|
$farmWebServices = $farm.Services | where -FilterScript {$_.GetType() -eq [Microsoft.SharePoint.Administration.SPWebService]} |
|
foreach ($farmWebService in $farmWebServices) { |
|
foreach ($webApplication in $farmWebService.WebApplications) { |
|
foreach ($webApplication in $SPWebApp) { |
|
foreach ($site in $webApplication.Sites) |
|
{ |
|
foreach ($web in $site.AllWebs) |
|
{ |
|
Write-Host "Site Collection: ID:" $site.ID " - URL: " $web.Url " - rootweb" $web.IsRootweb |
|
if ($web.HasUniqueRoleAssignments) |
|
{ |
|
foreach ($RoleAssignment in $web.RoleAssignments) |
|
{ |
|
$domain = UserSource($RoleAssignment.Member.LoginName) |
|
if($domain -ne "") |
|
{ |
|
if ($RoleAssignment.Member.IsDomainGroup) |
|
{ |
|
if ($domain -ne "NT AUTHORITY") |
|
{ |
|
$users = new-object psobject |
|
$users | add-member noteproperty -name "ObjectType" -value "SPWeb" |
|
$users | add-member noteproperty -name "ObjectTitle" -value $web.Title |
|
$users | add-member noteproperty -name "Type" -value "direct" |
|
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx" |
|
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName |
|
$users | add-member noteproperty -name "Group" -value "" |
|
$permlist = "" |
|
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } |
|
$users | add-member noteproperty -name "Permission" -value $permlist |
|
write-host $users |
|
$Permissions += $users |
|
} |
|
} |
|
} |
|
else |
|
{ |
|
$allUsers = $Roleassignment.member.users |
|
foreach($user in $AllUsers) |
|
{ |
|
if ($user.IsDomainGroup) |
|
{ |
|
$domain = UserSource($user.LoginName) |
|
if ($domain -ne "NT AUTHORITY") |
|
{ |
|
$users = new-object psobject |
|
$users | add-member noteproperty -name "ObjectType" -value "SPWeb" |
|
$users | add-member noteproperty -name "ObjectTitle" -value $web.Title |
|
$users | add-member noteproperty -name "Type" -value "role" |
|
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx" |
|
$users | add-member noteproperty -name "user" -value $user.LoginName |
|
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name |
|
$permlist = "" |
|
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } |
|
$users | add-member noteproperty -name "Permission" -value $permlist |
|
write-host $users |
|
$Permissions += $users |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
|
|
foreach ($aList in $Web.lists) |
|
{ |
|
$listType = @{$true="doclib";$false="list"}[$aList.BaseType -eq "DocumentLibrary"] |
|
if ($aList.HasUniqueRoleAssignments) |
|
{ |
|
foreach ($RoleAssignment in $aList.RoleAssignments) |
|
{ |
|
$domain = UserSource($RoleAssignment.Member.LoginName) |
|
if($domain -ne "") |
|
{ |
|
if ($RoleAssignment.Member.IsDomainGroup) |
|
{ |
|
if ($domain -ne "NT AUTHORITY") |
|
{ |
|
$users = new-object psobject |
|
$users | add-member noteproperty -name "ObjectType" -value "List" |
|
$users | add-member noteproperty -name "ObjectTitle" -value $aList.Title |
|
$users | add-member noteproperty -name "Type" -value "direct" |
|
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($listType)&List=$($aList.id)" |
|
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName |
|
$users | add-member noteproperty -name "Group" -value "" |
|
$permlist = "" |
|
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } |
|
$users | add-member noteproperty -name "Permission" -value $permlist |
|
write-host $users |
|
$Permissions += $users |
|
} |
|
} |
|
} |
|
else |
|
{ |
|
$allUsers = $Roleassignment.member.users |
|
foreach($user in $AllUsers) |
|
{ |
|
if ($user.IsDomainGroup) |
|
{ |
|
$domain = UserSource($user.LoginName) |
|
if ($domain -ne "NT AUTHORITY") |
|
{ |
|
$users = new-object psobject |
|
$users | add-member noteproperty -name "ObjectType" -value "List" |
|
$users | add-member noteproperty -name "ObjectTitle" -value $aList.Title |
|
$users | add-member noteproperty -name "Type" -value "role" |
|
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($listType)&List=$($aList.id)" |
|
$users | add-member noteproperty -name "user" -value $user.LoginName |
|
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name |
|
$permlist = "" |
|
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } |
|
$users | add-member noteproperty -name "Permission" -value $permlist |
|
write-host $users |
|
$Permissions += $users |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} # end if $aList.HasUniqueRoleAssignments |
|
|
|
foreach($folder in $aList.Folders) |
|
{ |
|
if ($folder.HasUniqueRoleAssignments) |
|
{ |
|
foreach ($RoleAssignment in $folder.RoleAssignments) |
|
{ |
|
$domain = UserSource($RoleAssignment.Member.LoginName) |
|
if($domain -ne "") |
|
{ |
|
if ($RoleAssignment.Member.IsDomainGroup) |
|
{ |
|
if ($doamin -ne "NT AUTHORITY") |
|
{ |
|
$users = new-object psobject |
|
$users | add-member noteproperty -name "ObjectType" -value "folder" |
|
$users | add-member noteproperty -name "ObjectTitle" -value $folder.Name |
|
$users | add-member noteproperty -name "Type" -value "direct" |
|
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($folder.id),LISTITEM&List=$($aList.id)" |
|
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName |
|
$users | add-member noteproperty -name "Group" -value "" |
|
$permlist = "" |
|
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } |
|
$users | add-member noteproperty -name "Permission" -value $permlist |
|
write-host $users |
|
$Permissions += $users |
|
} |
|
} |
|
} |
|
else |
|
{ |
|
$allUsers = $Roleassignment.member.users |
|
foreach($user in $AllUsers) |
|
{ |
|
if ($user.IsDomainGroup) |
|
{ |
|
$domain = UserSource($user.LoginName) |
|
if ($domain -ne "NT AUTHORITY") |
|
{ |
|
$users = new-object psobject |
|
$users | add-member noteproperty -name "ObjectType" -value "folder" |
|
$users | add-member noteproperty -name "ObjectTitle" -value $folder.Name |
|
$users | add-member noteproperty -name "Type" -value "direct" |
|
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($folder.id),LISTITEM&List=$($aList.id)" |
|
$users | add-member noteproperty -name "user" -value $user.LoginName |
|
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name |
|
$permlist = "" |
|
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } |
|
$users | add-member noteproperty -name "Permission" -value $permlist |
|
write-host $users |
|
$Permissions += $users |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} # end foreach $folder |
|
|
|
foreach ($anItem in $aList.Items) |
|
{ |
|
if ($anItem.HasUniqueRoleAssignments) |
|
{ |
|
# Write-host $anItem.URL |
|
foreach ($RoleAssignment in $anItem.RoleAssignments) |
|
{ |
|
$domain = UserSource($RoleAssignment.Member.LoginName) |
|
if($domain -ne "") |
|
{ |
|
if ($RoleAssignment.Member.IsDomainGroup) |
|
{ |
|
if ($domain -ne "NT AUTHORITY") |
|
{ |
|
$users = new-object psobject |
|
$users | add-member noteproperty -name "ObjectType" -value "item" |
|
$users | add-member noteproperty -name "ObjectTitle" -value $anItem.Name |
|
$users | add-member noteproperty -name "Type" -value "direct" |
|
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($anItem.id),LISTITEM&List=$($aList.id)" |
|
$users | add-member noteproperty -name "user" -value $RoleAssignment.Member.LoginName |
|
$users | add-member noteproperty -name "Group" -value "" |
|
$permlist = "" |
|
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } |
|
$users | add-member noteproperty -name "Permission" -value $permlist |
|
write-host $users |
|
$Permissions += $users |
|
} |
|
} |
|
} |
|
else |
|
{ |
|
$allUsers = $Roleassignment.member.users |
|
foreach($user in $AllUsers) |
|
{ |
|
if ($user.IsDomainGroup) |
|
{ |
|
$domain = UserSource($user.LoginName) |
|
if ($domain -ne "NT AUTHORITY") |
|
{ |
|
$users = new-object psobject |
|
$users | add-member noteproperty -name "ObjectType" -value "item" |
|
$users | add-member noteproperty -name "ObjectTitle" -value $anItem.Name |
|
$users | add-member noteproperty -name "Type" -value "role" |
|
$users | add-member noteproperty -name "URL" -value "$($web.url)/_layouts/user.aspx?obj=$($aList.id),$($anItem.id),LISTITEM&List=$($aList.id)" |
|
$users | add-member noteproperty -name "user" -value $user.LoginName |
|
$users | add-member noteproperty -name "Group" -value $RoleAssignment.member.name |
|
$permlist = "" |
|
$RoleAssignment.RoleDefinitionBindings | select-object name | ForEach-Object { $permlist += $_.name + ";" } |
|
$users | add-member noteproperty -name "Permission" -value $permlist |
|
write-host $users |
|
$Permissions += $users |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} # end foreach item |
|
} # end foreach list |
|
} #end if $web.HasUniqueRoleAssignments |
|
} # end foreach web |
|
$site.Dispose() |
|
} # end foreach site |
|
# } # end foreach webapp |
|
} |
|
$permissions | Export-Csv -Path D:\Work\DomainGroups.csv -encoding UTF8 |