Thursday, 8 June 2017

SharePoint Online - Retrieve the Permission Mask Values for a Site using Powershell

This article stems from another article explaining how to [[Automate Site & Group Creation with Nintex Workflow O365]] - Coming Soon

What
Use Powershell to retrieve detailed data about the permission levels on a particular site

Why
I had previously created a Nintex Workflow to Automate Site & Group creation using nintex workflow on SharePoint 2010.  I needed to recreate the same workflow in SharePoint Online / Nintex Workflow O365, however the SharePoint 2010 script for retrieving Permission Mask values did not work.

How
Using Powershell 3.0 or later, and SharePoint Online Powershell Module.  Open up the SharePoint Online Powershell Module and paste the following code (after updating the variables at the top for your site and admin details):

# SharePoint Online - Retrieve the Permission Mask Values for a Site using Powershell

# Specifies variable
$AdminURI = "https://company-admin.sharepoint.com"
$RootSiteCollection="https://company.sharepoint.com/"
$TargetSiteCollection="https://company.sharepoint.com/subsite"
$LogFile = "C:\Temp\GetSitePermissions.xml"

# Specifies the User account for an Office 365 global admin in your organization
$AdminAccount = "the.baretta@company.com.au"
$AdminPass = ""

# Begin the process
$loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
$loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
$loadInfo3 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.UserProfiles")

# Convert the Password to a secure string, then zero out the cleartext version ;)
$sstr = ConvertTo-SecureString -string $AdminPass -AsPlainText -Force
$AdminPass = ""

# Take the AdminAccount and the AdminAccount password, and create a credential
$creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($AdminAccount, $sstr)

# Add the path of the User Profile Service to the SPO admin URL, then create a new webservice proxy to access it====================================================
$proxyaddr = $TargetSiteCollection+ "/_vti_bin/Permissions.asmx?wsdl"
#====================================================
$UserProfileService= New-WebServiceProxy -Uri $proxyaddr -UseDefaultCredential False
$UserProfileService.Credentials = $creds

# Set variables for authentication cookies
$strAuthCookie = $creds.GetAuthenticationCookie($RootSiteCollection)
$uri = New-Object System.Uri($RootSiteCollection)
$container = New-Object System.Net.CookieContainer
$container.SetCookies($uri, $strAuthCookie)
$UserProfileService.CookieContainer = $container

[System.Xml.XmlNode]$xmlNode=$UserProfileService.GetPermissionCollection("yxd","Web")

Write-Host "Starting- This could take a while."
$output = New-Object -TypeName System.IO.StreamWriter -ArgumentList $LogFile, $false
$output.WriteLine("<?xml version=""1.0"" encoding=""utf-8"" ?>")
$output.WriteLine($xmlNode.OuterXml)
$output.WriteLine() 
$output.Dispose()
Write-Host "Done!"


Thanks
Thank you to the Microsoft Support team that assisted in the process of building this script!

No comments:

Post a Comment