Awhile back I was tasked with reporting and validating SharePoint 2010 permissions. In 2010 you pretty much have to buy a product to do this.... I decided to instead switch to all active directory based permissions so I could export the group members and generate a report. You could in use this script to get any group membership. I just point this one at my SharePoint OU highlighted in red. You would obviously need to change the search base for your active directory.
Import-Module ActiveDirectory
$Groups = (Get-ADGroup -Properties * -Filter * -SearchBase "OU=SharePoint 2010,OU=SharePoint,DC=CHANGETHIS,DC=com" | select name,description)
$Table = @()
$Record = @{
"Group Name" = ""
"Group Description" = ""
"Name" = ""
"Username" = ""
"Title" = ""
}
Foreach ($group in $Groups.name)
{
$Arrayofmembers = Get-ADGroupMember -Identity $group -Recursive| Where-Object { $_.objectClass -eq 'user' } | Get-ADUser -Properties *
foreach ($Member in $Arrayofmembers)
{
$adgroupdesc = Get-ADGroup $group -properties * | select description,managedby
$groupdesc = $adgroupdesc.description
if ($groupdesc -eq $null) {$groupdesc = "No Description"}
$adgroupowner = $adgroupdesc.managedby
if ($adgroupowner -eq $null) {$adgroupownername = "No Owner"} else {
$adgroupownername = Get-ADUser $adgroupowner -Properties description}
$groupowner = $adgroupownername
$Record."Group Name" = $Group
$Record."Group Description" = $groupdesc
$Record."Name" = $Member.name
$Record."UserName" = $Member.description
$Record."Title" = $Member.title
$Obj=New-Object PSObject
$Obj | Add-Member -Name "Group Name" -MemberType NoteProperty -Value $Group
$Obj | Add-Member -Name "Group Description" -MemberType NoteProperty -Value $groupdesc
$Obj | Add-Member -Name "Group Owner" -MemberType NoteProperty -Value $adgroupownername
$Obj | Add-Member -Name "Name" -MemberType NoteProperty -Value $Member.name
$Obj | Add-Member -Name "Username" -MemberType NoteProperty -Value $Member.description
$Obj | Add-Member -Name "Title" -MemberType NoteProperty -Value $Member.Title
$Table += $obj
}
}
$Table | export-csv "C:\Temp\SharePoint_Security_Groups.csv" -NoTypeInformation
No comments:
Post a Comment