I’m often chasing one SharePoint rabbit or another down a rabbit hole and spending hours there when I only wanted to ask the rabbit one simple question. In this case the question was who is “Everyone” and are they related to “NT AUTHORITY\Authenticated Users”. A simple question, or so I had thought. In this rabbit hole I found all kinds of interesting accounts, so I thought that I’d take a few notes while I was there. As to “Everyone”, I’ll follow up with another blog article. I also got distracted by two Office 365 users hanging around the hole named “Guest Contributor” and “Guest Reader” that will also get their own article.
If you would like to dive into the rabbit hole, here’s a few tools to investigate user accounts:
- PowerShell on prem:
$site = Get-SPSite http://yourDomain/sites/yourSite
$site2.RootWeb.AllUsers | FT –AutoSize
- PowerShell for Office 365:
Get-SPOUser -Site http://yourDomain/sites/yourSite | Select DisplayName, LoginName
- In the browser:
- Go to Settings (gear), Site Settings, People and Groups
- Edit the URL and change the GroupId to 0 (“?MembershipGroupId=0”)
- Click any interesting user name. If the user has a User Profile you will probably be redirected to their profile page. If not, you will be redirected to userdisp.aspx where you can see the user name and their internal Account property as listed in the table below.
- Third party security and auditing tools.