Skip to main content

SharePoint Online - Retrieve the Permission Mask Values for a Site using Powershell

This article stems from another article explaining how to [[Automate Site & Group Creation with Nintex Workflow O365]] - Coming Soon

What
Use Powershell to retrieve detailed data about the permission levels on a particular site

Why
I had previously created a Nintex Workflow to Automate Site & Group creation using nintex workflow on SharePoint 2010.  I needed to recreate the same workflow in SharePoint Online / Nintex Workflow O365, however the SharePoint 2010 script for retrieving Permission Mask values did not work.

How
Using Powershell 3.0 or later, and SharePoint Online Powershell Module.  Open up the SharePoint Online Powershell Module and paste the following code (after updating the variables at the top for your site and admin details):

# SharePoint Online - Retrieve the Permission Mask Values for a Site using Powershell

# Specifies variable
$AdminURI = "https://company-admin.sharepoint.com"
$RootSiteCollection="https://company.sharepoint.com/"
$TargetSiteCollection="https://company.sharepoint.com/subsite"
$LogFile = "C:\Temp\GetSitePermissions.xml"

# Specifies the User account for an Office 365 global admin in your organization
$AdminAccount = "the.baretta@company.com.au"
$AdminPass = ""

# Begin the process
$loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
$loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
$loadInfo3 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.UserProfiles")

# Convert the Password to a secure string, then zero out the cleartext version ;)
$sstr = ConvertTo-SecureString -string $AdminPass -AsPlainText -Force
$AdminPass = ""

# Take the AdminAccount and the AdminAccount password, and create a credential
$creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($AdminAccount, $sstr)

# Add the path of the User Profile Service to the SPO admin URL, then create a new webservice proxy to access it====================================================
$proxyaddr = $TargetSiteCollection+ "/_vti_bin/Permissions.asmx?wsdl"
#====================================================
$UserProfileService= New-WebServiceProxy -Uri $proxyaddr -UseDefaultCredential False
$UserProfileService.Credentials = $creds

# Set variables for authentication cookies
$strAuthCookie = $creds.GetAuthenticationCookie($RootSiteCollection)
$uri = New-Object System.Uri($RootSiteCollection)
$container = New-Object System.Net.CookieContainer
$container.SetCookies($uri, $strAuthCookie)
$UserProfileService.CookieContainer = $container

[System.Xml.XmlNode]$xmlNode=$UserProfileService.GetPermissionCollection("yxd","Web")

Write-Host "Starting- This could take a while."
$output = New-Object -TypeName System.IO.StreamWriter -ArgumentList $LogFile, $false
$output.WriteLine("<?xml version=""1.0"" encoding=""utf-8"" ?>")
$output.WriteLine($xmlNode.OuterXml)
$output.WriteLine() 
$output.Dispose()
Write-Host "Done!"


Thanks
Thank you to the Microsoft Support team that assisted in the process of building this script!

Comments

Popular posts from this blog

Export Group Membership From Active Directory Using Power Query

If you need to export a list of staff from an Active Directory Group, follow these steps.  Allows you to gather all the names & usernames of staff in a particular group and save the information into Excel.

Step By Step How To:
Open up Excel > Power Query TabClick From Other Sources > From Active Directory:(In Excel 2016 this is found under: Data Tab > New Query > From Other Sources > From Active Directory) screenshots from Excel 2016 on left, Excel 2010 w/ Power Query Add-on right A popup will ask you to enter your domain name.  It should already be populated with the correct information but if not, input your companies domain name & Click OK:
In the Navigator that opens up, expand your domain tree and double click group:

You should now see a list of all groups in Active Directory in the Power Query Editor:
In order to find & filter for a specific Group, Click the Down-Arrow for the 'distinguishedName' column > Text Filters > Contains...
Type the name…

HP Laserjet 1022 Printer - Can't Print on Windows 10

If you are having trouble getting your laserjet working on Windows 10, here's how I resolved the problem:

Go to Devices & PrintersFind your printer & go to Printer Properties > Advanced TabSet Driver to: HP LaserJet 1022 Class Driver & ApplyIf HP LaserJet 1022 Class Driver is not available.  download from this site: http://support.hp.com/us-en/drivers/selfservice/HP-LaserJet-1000-Printer-series/439424/model/439431Print a test page.


SharePoint Online - Branding with CSS

-----------------------------------------------------------------------------------------
This post is related to a larger group of posts called Migrate SharePoint to Office 365 - Planning & Steps
-----------------------------------------------------------------------------------------

I've gone with a Publishing Site Collection so that I can use the 'Alternate CSS URL' in Site Settings > Master Page.

First off, thanks to the following websites which helped get me started:
http://blog.sharepointexperience.com/2015/02/sptechcon-austin-february-2015/#more-2766http://blog.sharepointexperience.com/2015/01/to-brand-or-not-to-brand/ Here's what the end result will look like (if you have the same fonts):


Now for the CSS...

/* Design By : Brett Randall*/
/*     Design Colours: Greens/Greys/Blues */
/*     Last Modified : 28/02/2017*/
/*     Description: CSS to rebrand SharePoint Online Publishing Site Collection that is using seattle.master */

/* TABLE OF CONTENTS
-- -…