SharePoint: Gather data with Powershell

NeddyFlanders 96 Reputation points
2020-11-10T15:56:09.373+00:00

I need to write a Powershell that will go through every site and grab Site name, Site URL, Users with Full Control, Name of Role, User Email (if possible). I need these users with full control whether they are in a group or by themselves. Right now it only grabs Groups (but not users in those groups) with full control and users put in by themselves. I need all users with full control, whether in a group or not.

I have a Powershell that grabs all groups and users with Full control (though the users in groups are not listed, just the group name). Here goes my Powershell. It also gets the Site Name and URL. I just need to get those users from groups that have Full control and all the full control users email addresses if possible. Even if you know how to add the email it will greatly reduce my work. Thanks.

Add-PSSnapin Microsoft.SharePoint.PowerShell

$SPSiteUrl = "https://MyCompanySite/"
$SPSite = New-Object Microsoft.SharePoint.SPSite($SPSiteUrl);
$ExportFile = "D:\Stats\FullControl.csv"
"Web Title,Web URL,List Title,User or Group, User Email, Role,Inherited" | out-file $ExportFile
foreach ($WebPath in $SPSite.AllWebs)
{
if ($WebPath.HasUniqueRoleAssignments)
{
$SPRoles = $WebPath.RoleAssignments;
foreach ($SPRole in $SPRoles)
{
foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
{
$WebPath.Title + "," + $WebPath.Url + "," + "N/A" + "," +
$SPRole.Member.Name + "," + $SPRoleDefinition.Name + "," +
$WebPath.HasUniqueRoleAssignments | out-file $ExportFile -append
}
}
}
foreach ($List in $WebPath.Lists)
{
if ($List.HasUniqueRoleAssignments)
{
$SPRoles = $List.RoleAssignments;
foreach ($SPRole in $SPRoles)
{
foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
{
$WebPath.Title + "," + $WebPath.Url + "," + $List.Title + "," +
$SPRole.Member.Name + "," + $SPRoleDefinition.Name | out-file $ExportFile -append
}
}
}
}
}
$SPSite.Dispose();

SharePoint Server
SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,335 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,512 questions
{count} votes

1 answer

Sort by: Most helpful
  1. ChelseaWu-MSFT 6,326 Reputation points
    2020-11-11T07:04:27.817+00:00

    If you need to return email addresses for the users, just add one more output: $SPRole.Member.Email.
    Here is the modified script:

    Add-PSSnapin Microsoft.SharePoint.PowerShell  
      
    $SPSiteUrl = "<siteURL>"  
    $SPSite = New-Object Microsoft.SharePoint.SPSite($SPSiteUrl);  
    $ExportFile = "C:\Temp\PermissionReport.csv"  
      
    "Web Title `t Web URL`t List Title `t User or Group `t User Email `t Role `t Inherited" | out-file $ExportFile  
      
    foreach ($WebPath in $SPSite.AllWebs) {  
     if ($WebPath.HasUniqueRoleAssignments) {  
     $SPRoles = $WebPath.RoleAssignments;  
     foreach ($SPRole in $SPRoles) {  
     foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings) {  
     "$($WebPath.Title)`t $($WebPath.Url)`t `t $($SPRole.Member.Name)`t $($SPRole.Member.Email)`t $($SPRoleDefinition.Name)`t $($WebPath.HasUniqueRoleAssignments)" | out-file $ExportFile -append  
     }  
     }  
     }  
     foreach ($List in $WebPath.Lists) {  
     if ($List.HasUniqueRoleAssignments) {  
     $SPRoles = $List.RoleAssignments;  
     foreach ($SPRole in $SPRoles) {  
     foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings) {  
     "$($WebPath.Title)`t $($WebPath.Url)`t $($List.Title)`t $($SPRole.Member.Name)`t `t $($SPRoleDefinition.Name)`t $($List.HasUniqueRoleAssignments)"  | out-file $ExportFile -append  
     }  
     }  
     }  
     }  
    }  
      
    $SPSite.Dispose();  
    

    And to list all users inside the groups, you can refer to the references here for sample scripts:
    SharePoint Users and Groups Permission Analysis Report for Site Collection.
    SharePoint: User Permissions detail report for a Web Application.

    I will put one of the sample scripts as an attachment since it is too long to display in this thread: 38976-samplesharepoint-server-user-permissions-detail-re.txt

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    **Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. **

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.