This Powershell Script serves a special purpose.
If you have two user groups in a Site Collection and if you want to copy users from one user group to other user groups, you can use this Powershell Script.
Also, optionally you can also remove Full Control Permissions on the Target User Group and also set Contributor Permissions on the Target Group.
The code verifies if the user already exists, and attempts to copy the user only if the user does not exists.
Logs verbose to log file at path, C:\Reports
Logs copy actions on each user. Helps you to have you rollback any changes.
usage : ProcessGUIDGroups.ps1 SiteUrlsTest.csv
Input File: SiteUrlsTest.csv
URL,GroupGUID,Group
http://webapp.domain.com/sites/site1, group_source1, group_dest1
http://webapp.domain.com/sites/site2, group_source2, group_dest2
ProcessGUIDGroups.ps1
If you have two user groups in a Site Collection and if you want to copy users from one user group to other user groups, you can use this Powershell Script.
Also, optionally you can also remove Full Control Permissions on the Target User Group and also set Contributor Permissions on the Target Group.
The code verifies if the user already exists, and attempts to copy the user only if the user does not exists.
Logs verbose to log file at path, C:\Reports
Logs copy actions on each user. Helps you to have you rollback any changes.
usage : ProcessGUIDGroups.ps1 SiteUrlsTest.csv
Input File: SiteUrlsTest.csv
URL,GroupGUID,Group
http://webapp.domain.com/sites/site1, group_source1, group_dest1
http://webapp.domain.com/sites/site2, group_source2, group_dest2
ProcessGUIDGroups.ps1
param (
[string] $filesiteurls = ""
)
if ($filesiteurls -eq "")
{
$filesiteurls = Read-Host "Enter filename of siteurls";
}
$blnRemoveFullControl = $true
$blnAddContribute=$true
$blnCopyUser = $true
[Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint");
$strTimestamp = [string](Get-Date -format "yyyy-MM-dd_hh-mm-ss")
$strFilePath = ("C:\Reports\")
$strFilenameErr = ($strFilePath + "Error_" + $strTimestamp + ".log")
$strFilenameRep = ($strFilePath + "Rep_" + $strTimestamp + ".log")
Write-Host -ForegroundColor green "Opening SharePoint site..."
ipcsv $filesiteurls | foreach {
$siteUrl = $_.URL
$groupSource = $_.GroupGUID
$groupDest = $_.Group
#Write-Host -ForegroundColor white $siteUrl","$groupTarget","$groupDest
#Open Site
#$exists = (Get-SPWeb -Identity $siteUrl | Select-Object -Property Exists -ErrorAction SilentlyContinue) -ne $null
$exists = (Get-SPWeb $siteUrl -ErrorAction SilentlyContinue) -ne $null
if ($exists -ne "" -and $exists -ne $null)
{
$site = New-Object Microsoft.SharePoint.SPSite($siteurl)
#Open Web
$web = $site.OpenWeb()
$groupS = $web.SiteGroups | where { $_.Name -eq $groupSource }
$usersS = $groupS.Users
$groupD = $web.SiteGroups | where { $_.Name -eq $groupDest }
$usersD = $groupD.Users
#
"Users-Source,Users-Dest,Group,Site" | Out-File ($strFilenameRep) -append
[string]($usersS.Count) +","+ [string]($usersD.Count) +","+ $groupS.Name +","+ $siteUrl | Out-File ($strFilenameRep) -append
"Users at Source:" + $usersS.Count + " Users at Dest:" + $usersD.Count +","+ $groupS.Name +","+ $siteUrl | Out-File ($strFilenameRep) -append
#
Write-Host $site.url", ",$groupS.Name", "$groupD.Name
###################################################
# Get Roles and Check if "Full Control" exists
###################################################
$spPrincipal = [Microsoft.SharePoint.SPPrincipal]$Web.SiteGroups[$groupDest]
$roleAss = $Web.RoleAssignments.GetAssignmentByPrincipal($spPrincipal);
$roleBindings = $roleAss.RoleDefinitionBindings;
###################################################
$strRoles=""
$IsFullControlRoleExists=$false;
$IsContributeRoleExists=$false;
foreach($role in $roleBindings)
{
if($strRoles -eq ""){
$strRoles = $role.Name
}
else{
$strRoles + "," + $role.Name;
}
if("Full Control" -eq $role.Name)
{
$IsFullControlRoleExists=$true;
}
if("Contribute" -eq $role.Name)
{
$IsContributeRoleExists=$true;
}
}
"Roles= " + $strRoles | Out-File ($strFilenameRep) -append
Write-Host "Roles= ",$strRoles
"Is FullControl Role Exists= " + $IsFullControlRoleExists | Out-File ($strFilenameRep) -append
Write-Host "IsFullControlRoleExists= ",$IsFullControlRoleExists
"Is Contribute Role Exists= " + $IsContributeRoleExists | Out-File ($strFilenameRep) -append
Write-Host "IsContributeRoleExists= ",$IsContributeRoleExists
# REMOVE FULL CONTROL
if($blnRemoveFullControl -eq $true)
{
#Remove FullControl
if($IsFullControlRoleExists -eq $true)
{
$spPrincipal = [Microsoft.SharePoint.SPPrincipal]$Web.SiteGroups[$groupDest]
$roleDef = $Web.RoleDefinitions["Full Control"];
$roleAss = $Web.RoleAssignments.GetAssignmentByPrincipal($spPrincipal);
$roleAss.RoleDefinitionBindings.Remove($roleDef);
$roleAss.Update();
#
"FullControl Removed" | Out-File ($strFilenameRep) -append
Write-Host "FullControl Removed"
}
}
else
{
"FullControl NOT Removed - Check blnRemoveFullControl in Code" | Out-File ($strFilenameRep) -append
Write-Host "FullControl NOT Removed"
}
# ADD CONTRIBUTE
if($blnAddContribute -eq $true)
{
if($IsContributeRoleExists -eq $false)
{
$spPrincipal = [Microsoft.SharePoint.SPPrincipal]$Web.SiteGroups[$groupDest]
$roleDef = $Web.RoleDefinitions["Contribute"];
$roleAss = $Web.RoleAssignments.GetAssignmentByPrincipal($spPrincipal);
$roleAss.RoleDefinitionBindings.Add($roleDef);
$roleAss.Update();
#
"Contribute Role Added" | Out-File ($strFilenameRep) -append
Write-Host "Contribute ROLE NOT Added"
}
}
else
{
"Contribute ROLE NOT Added - Check blnAddContribute in Code" | Out-File ($strFilenameRep) -append
Write-Host "Contribute ROLE NOT Removed"
}
#Write-Host "role Full Control= ", $roleexists, $roleexists
###################################################
# ENUMERATE USERS + EXPORT + COPY USERS
###################################################
if($blnCopyUser -eq $false)
{
"Demo Run- Users are exported and NOT COPIED." | Out-File ($strFilenameRep) -append
"----------------------------------------------------------------" | Out-File ($strFilenameRep) -append
Write-Host "Demo Run- Users are exported and NOT COPIED."
}
else
{
"Users are exported and COPIED." | Out-File ($strFilenameRep) -append
"----------------------------------------------------------------" | Out-File ($strFilenameRep) -append
Write-Host "Users are exported and COPIED."
}
#**************************************************
$strFilenameRepGrp = ($strFilePath + "RepGrp_" +$groupDest + "_" + $strTimestamp + ".log")
"Users-Source,Users-Dest,Group,Site" | Out-File ($strFilenameRepGrp) -append
foreach ($userD in $usersD)
{
$site.url+","+$groupDest+",NON-GUID,DESTINATION,"+$userD.LoginName | Out-File ($strFilenameRepGrp) -append
}
# *************************************************
foreach ($userS in $usersS)
{
#Set-SPUser -Web $Web -Identity $loginname -Group $Group
#Write-Host $site.url", ",$groupS.Name", "$userS.LoginName
# EXPORT #####
# CHECK IF EXIT AT SOURCE
if($userS.Groups[$groupDest] -eq $null)
{
try{
$selectedUser = $web.Site.RootWeb.EnsureUser($userS.LoginName);
if($selectedUser -eq $null)
{
"Error (EnsureUser): User Not Found: " + $userS.LoginName + " - " + $siteUrl | Out-File ($strFilenameErr) -append
write-error $("EnsureUser : User Not Found : " + $userS.LoginName);
}
else
{
if($blnCopyUser -eq $true)
{
$groupD.AddUser($selectedUser);
$site.url + "," + $groupDest + ",GUID,COPIED," + $userS.LoginName | Out-File ($strFilenameRepGrp) -append
}
else
{
$site.url + "," + $groupDest + ",GUID,Needs-Copy," + $userS.LoginName | Out-File ($strFilenameRepGrp) -append
}
}
}
catch{
"Exception (AddUser) for User: " + $userS.LoginName + " - " + $siteUrl | Out-File ($strFilenameErr) -append
"--------- (AddUser) for GUIDGroup: " + $groupSource + ", DestGroup: " + $groupDest | Out-File ($strFilenameErr) -append
Write-Host -ForegroundColor red "Exception (AddUser) for User: " + $userS.LoginName
#write-error $("TRAPPED: " + $_.Exception.GetType().FullName);
#write-error $("TRAPPED: " + $_.Exception.Message);
continue;
}
}
else
{
$site.url + "," + $groupDest + ",GUID,EXIST-DEST," + $userS.LoginName | Out-File ($strFilenameRepGrp) -append
}
# COPY #######
}
}#if ($exists -ne "")
else
{
Write-Host -ForegroundColor red "Error: Site Not Found : " $siteUrl
"Error: Site Not Found : " + $siteUrl | Out-File ($strFilenameErr) -append
}
}#foreach ipcsv $filesiteurls
$web.dispose();
$site.Dispose();
Write-Host -ForegroundColor green "Done.";
Exit
Write-Host -ForegroundColor green "Done. Again";
No comments:
Post a Comment