question

G99 avatar image
0 Votes"
G99 asked EmilyDu-MSFT commented

Remove all user permissions from Site collection and subsites SPO

Hi

Is there a quick way of removing all permissions form a site collection and subsites, including removing all unique permissions?

I'd like to remove all access as the site should no longer be used, but there are 100s of doc libs/lists and multiple sub sites.

Thanks

office-sharepoint-online
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Found this script, but it trawls through each item, and throttling then kicks in, anything else I can try?

Set Variables

$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"
$ListName = "Documents"

Connect to PNP Online

Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)


Get all list items in batches

$ListItems = Get-PnPListItem -List $ListName -PageSize 500


Iterate through each list item

ForEach($ListItem in $ListItems)
{
#Check if the Item has unique permissions
$HasUniquePermissions = Get-PnPProperty -ClientObject $ListItem -Property "HasUniqueRoleAssignments"
If($HasUniquePermissions)
{
$Msg = "Deleting Unique Permissions on {0} '{1}' at {2} " -f $ListItem.FileSystemObjectType,$ListItem.FieldValues["FileLeafRef"],$ListItem.FieldValues["FileRef"]
Write-host $Msg
#Delete unique permissions on the list item
Set-PnPListItemPermission -List $ListName -Identity $ListItem.ID -InheritPermissions
}
}

0 Votes 0 ·

@G99

I'm checking how the things are going on about this issue. Whether the answer helps you?

You can accept the answer if it helps.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·

@G99

Is there any progress on this issue?

If you find any answers helpful to you, please remember to accept them.

It will help others who meet the similar question in this forum.

Thank you for your understanding.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




0 Votes 0 ·

1 Answer

EmilyDu-MSFT avatar image
0 Votes"
EmilyDu-MSFT answered EmilyDu-MSFT edited

@G99

First, please run below PowerShell to delete all unique permissions in the site collection.

  #Load SharePoint CSOM Assemblies
     Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
     Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"      
 #To call a non-generic Load Method
 Function Invoke-LoadMethod() {
     Param(
             [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"), [string]$PropertyName
          )
    $Ctx = $Object.Context
    $Load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
    $Type = $Object.GetType()
    $ClientLoad = $Load.MakeGenericMethod($Type)
       
    $Parameter = [System.Linq.Expressions.Expression]::Parameter(($Type), $Type.Name)
    $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
    $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
    $ExpressionArray.SetValue($Expression, 0)
    $ClientLoad.Invoke($Ctx,@($Object,$ExpressionArray))
 }
     
 #Function to Delete Unique Permission from a Web and its content
 Function Reset-SPOUniquePermission([Microsoft.SharePoint.Client.Web]$Web)
 {
     Write-host -f Magenta "`nSearching Unique Permissions on the Site:"$web.Url
         
     #Check if the given site is using unique permissions
     Invoke-LoadMethod -Object $Web -PropertyName "HasUniqueRoleAssignments"
     $Ctx.ExecuteQuery()
         
     #Get the Root Web
     $RootWeb = $ctx.site.RootWeb
     $Ctx.Load($RootWeb)
     $Ctx.ExecuteQuery()
     
     ### Reset broken inheritance on the Web
     If($Web.HasUniqueRoleAssignments -and $Web.ID -ne $RootWeb.ID)
     {
         #powershell to delete unique permissions of a subsite in sharepoint online
         $Web.ResetRoleInheritance()
         $Web.Update()
         $Ctx.ExecuteQuery()    
         Write-host -f Green "`t Unique Permissions Removed from the Site: $SiteURL!"
     }
             
     ### Reset unique permission in Lists
     Write-host -f Magenta "`t Searching Unique Permissions on the Lists"
     $Lists =  $Web.Lists
     $Ctx.Load($Lists)
     $Ctx.ExecuteQuery()
     
     #Exclude system lists
     $ExcludedLists = @("App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",
      "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Style Library",
      ,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Search Config List", "Solution Gallery", "Site Collection Images",
      "Suggested Content Browser Locations","TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Preservation Hold Library")
         
     #Iterate through each list
     ForEach($List in $Lists)
     {
         $Ctx.Load($List)
         $Ctx.ExecuteQuery()
     
         If($ExcludedLists -NotContains $List.Title -and $List.Hidden -eq $false)
         {
             #Check if the given site is using unique permissions
             Invoke-LoadMethod -Object $List -PropertyName "HasUniqueRoleAssignments"
             $Ctx.ExecuteQuery()
      
             #Reset broken inheritance of the list
             If($List.HasUniqueRoleAssignments)
             {
                 #delete unique permissions of a subsite in sharepoint online powershell
                 $List.ResetRoleInheritance()
                 $List.Update()
                 $Ctx.ExecuteQuery()    
                 Write-host -f Green "`t`tUnique Permissions Removed from the List: '$($List.Title)'"
             }
     
             Write-host -f Magenta "`t`t Searching Unique Permissions on the Lists Items of '$($List.Title)'"
     
             #Query to batch process
             $Query = New-Object Microsoft.SharePoint.Client.CamlQuery
             $Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"
     
             ### Reset unique permission on List items
             Do {  
                 #Get all items from the list - in batches
                 $ListItems = $List.GetItems($Query)
                 $Ctx.Load($ListItems)
                 $Ctx.ExecuteQuery()
                
                 $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition
       
                 #Loop through each List item
                 ForEach($ListItem in $ListItems)
                 {
                     Invoke-LoadMethod -Object $ListItem -PropertyName "HasUniqueRoleAssignments"
                     $Ctx.ExecuteQuery()
                     if ($ListItem.HasUniqueRoleAssignments -eq $true)
                     {
                         #Reset Permission Inheritance
                         $ListItem.ResetRoleInheritance()
                         Write-host  -ForegroundColor Green "`t`t`t Unique Permissions Removed and Inheritence Restored on Item ID:" $ListItem.ID
                     }
                 }
                 $Ctx.ExecuteQuery()
             } While ($Query.ListItemCollectionPosition -ne $null)
         }
     }
     
     #Process each subsite in the site
     $Subsites = $Web.Webs
     $Ctx.Load($Subsites)
     $Ctx.ExecuteQuery()        
     Foreach ($SubSite in $Subsites)
     {
         #Call the function Recursively
         Reset-SPOUniquePermission($Subsite)
     }
 }
     
 #Config Parameters
 $SiteURL= "site collection URL"
      
 #Get Credentials to connect
 $Cred = Get-Credential
      
 Try {
     #Setup the context
     $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
     $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
          
     #Get the Web
     $Web = $Ctx.Web
     $Ctx.Load($Web)
     $Ctx.ExecuteQuery()
         
     #Call the function to delete unique permission from all sites in the site collection
     Reset-SPOUniquePermission $Web
 }
 Catch {
     write-host -f Red "Error:" $_.Exception.Message
 }

Then run below PowerShell to delete users.

 $AdminSiteURL="https://tenant-admin.sharepoint.com/"
 $SiteURL="site collection URL"
    
 $Cred = Get-Credential
    
 Connect-SPOService -Url $AdminSiteURL -Credential $cred
     
 $Users = Get-SPOUser -Site $SiteURL
 $Login = $Users.LoginName
    
 Foreach($Login in $Login)
 {
 Remove-SPOUser -Site $SiteURL -LoginName $Login



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.