######################## Start Variables ########################
$uri = "http://SubWeb.WebApp.com"
$LoginNewAdmin = "Domain\NewAdminAccount"
$strFilePath = ("C:\RemovePermissionsLog\")
$ExEmplist="ExEmployees.csv"
$userLimit = 500
$strTimestamp = [string](Get-Date -format "yyyy-MM-dd_hh-mm-ss")
#URL to any site in the web application.
######################## End Variables ########################
Clear-Host
$userCount = 0
$siteCount = 0
[system.reflection.assembly]::loadwithpartialname("Microsoft.SharePoint")
$webApp=[Microsoft.SharePoint.Administration.SPWebApplication]::Lookup($uri)
$allSites = $webApp.sites
########################
$strFilenameUserSearch = ($strFilePath + "UserSearch_ExEmp_Log_" + $strTimestamp + ".log")
$strFilenameUserNotFound = ($strFilePath + "UserNotFound_ExEmp_Log_" + $strTimestamp + ".log")
$strFilenameSCAdmin = ($strFilePath + "SiteCollAdminExEmp_Log_" + $strTimestamp + ".log")
$strFilenameSiteOwner = ($strFilePath + "SiteOwnerExEmp_Log_" + $strTimestamp + ".log")
foreach ($site in $allSites)
{
$wlock = $site.WriteLocked
Write-host "Looking to see if User " $account " is a member on " $site.url " Write-Lock="$wlock -foregroundcolor yellow
$urlsite = $site.url
if($wlock -eq $true)
{
Set-SPSite -identity $site.url -LockState Unlock
$site = Get-SPSite $urlsite
ipcsv $ExEmplist | foreach {
$Account =$_.NTName
$str1 = $Account -replace '\\','_'
$strFilenameRep = ($strFilePath + "RemoveExEmp_Log_" + $str1 + "_" + $strTimestamp + ".log")
$web = $site.openweb()
#lets see if the user already exists
"Looking to see if User "+ $account + "is a member on " + $site.url | Out-File ($strFilenameRep)
-append
"Looking to see if User "+ $account + "is a member on " + $site.url | Out-File
($strFilenameUserSearch) -append
$user = Get-SPUSER -identity $Account -web $site.url -ErrorAction SilentlyContinue
#This will throw an error if the user does not exist
if ($user -eq $null)
{
#if the user did NOT exist, then we will add them here.
#$user = Get-SPUSER -identity $Account -web $site.url
Write-host "user $Account NOT-exists in URL " $site.URL -Foregroundcolor Green
"user " + $Account + " NOT-exists in URL " + $site.URL | Out-File
($strFilenameUserNotFound) -append
}
else
{
#check for Site Administrator
$checkadmin1 = 0
$siteCollAdmins = $web.SiteAdministrators
foreach($Admin in $siteCollAdmins)
{
if($Admin.LoginName -eq $Account)
{
Write-Host "Found User as Site Collection ADMIN: " $Admin.LoginName
"Found User as Site Collection ADMIN: " + $Admin.LoginName | Out-File
($strFilenameRep) -append
"Found User as Site Collection ADMIN: " + $Admin.LoginName + " in URL " +
$site.URL | Out-File ($strFilenameSCAdmin) -append
$checkadmin1 = 1
}
}
#check if Site Owner
if($checkadmin1 -eq 1)
{
$siteCollUsers = $web.SiteUsers
#Create Ganesh As User.
$siteCollUsers.Add($LoginNewAdmin, "", "", "")
Write-Host "User $LoginNewAdmin is added to Site Collection Admins: "
$LoginNewAdmin
"User " + $LoginNewAdmin + " is added to Site Collection Admins: " | Out-File
($strFilenameRep) -append
$web.Update()
#Add Ganesh To Site Collection Admin
$myuser = $siteCollUsers[$LoginNewAdmin]
#Remove User from Site Owner
if($site.Owner.LoginName -eq $Account)
{
$site.Owner = $myuser
$myuser.Update()
$web.Update()
Write-host "Found $Account in Site Owners - Action : REMOVED" -
Foregroundcolor White
"Found " + $Account + " in Site Owners - Action : REMOVED" | Out-File
($strFilenameRep) -append
"Found User as Site Owner:" + $Account + " in URL " + $site.URL | Out-File
($strFilenameSiteOwner) -append
}
#Remove User from Site Secondary Contact
if($site.SecondaryContact.LoginName -eq $Account)
{
$site.SecondaryContact = $myuser
$myuser.Update()
$web.Update()
Write-host "Found $Account in Site Secondary Contacts - Action : REMOVED"
-Foregroundcolor White
"Found " + $Account + " in Site Secondary Contacts - Action : REMOVED" |
Out-File ($strFilenameRep) -append
"Found User as Site Secondary Contact:" + $Account + " in URL " + $site.URL
| Out-File ($strFilenameSiteOwner) -append
}
#Make User Ganesh as Site Admin.
$myuser.IsSiteAdmin = $TRUE
$myuser.Update()
Write-host "user $LoginNewAdmin added to Site Collection Admins URL " $site.URL -
Foregroundcolor White
"user $LoginNewAdmin added to Site Collection Admins URL " | Out-File
($strFilenameRep) -append
#Delete Current User from Site Collection Admins
$siteCollAdmins.remove($Account)
$web.Update()
Write-host "Remove $Account from in Site Admins" -Foregroundcolor White
"Remove " + $Account + " from in Site Admins" | Out-File ($strFilenameRep) -append
}
$checkadmin2 = 0
#Update User Set as Not Site Admin
if ($user.IsSiteAdmin -eq 0)
{
Write-host "Update $Account set as NOT Site Admins" -Foregroundcolor White
"Update " + $Account + " set as NOT Site Admins" | Out-File ($strFilenameRep) -
append
$user.IsSiteAdmin = $false
$user.Update()
}
#Remove User from Web Site Users
Write-host "user $Account exists in URL " $site.URL -Foregroundcolor White
"user " + $Account + " exists in URL " + $site.URL | Out-File ($strFilenameRep) -append
$web.SiteUsers.Remove($Account)
Write-host "Remove $Account from web " $site.URL -Foregroundcolor RED
"Remove " + $Account + " from web " + $site.URL | Out-File ($strFilenameRep) -append
$web.Dispose()
$siteCount++;
}
$userCount++;
#if ($userCount -ge $userLimit) {
#Write-Output "Okay, we're stopping for now because we've processed for $userCount Users"
#break
#}
} #ipcsv $ExEmplist | foreach
if($wlock -eq $true)
{
Set-SPSite -identity $site.url -LockState ReadOnly
Write-host "Setting the Site to Read-Only " $site.URL -Foregroundcolor BLUE
}
} #if($wlock -eq $true)
}#for each site
write-host "Updated " $siteCount " Site Collections."
"Updated " + $siteCount + " Site Collections." | Out-File ($strFilenameUserSearch) -append
write-host "Users Processed " $userCount
No comments:
Post a Comment