Here's a quick little PowerShell script to list all groups and all users. Note that if an AD group is listed as a user, all the users in that group may not show up in this list until the user has visited SharePoint at least once.
For both SharePoint 2007 or 2010 in any PowerShell:
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") $site = New-Object Microsoft.SharePoint.SPSite("http://yourservername/sites/yoursitecollection ") $groups = $site.RootWeb.sitegroups foreach ($grp in $groups) {"Group: " + $grp.name; foreach ($user in $grp.users) {" User: " + $user.name} } $site.Dispose()
or for SharePoint 2010 in the SharePoint 2010 Management Shell:
$site = Get-SPSite http://yourservername/sites/yoursitecollection $groups = $site.RootWeb.sitegroups foreach ($grp in $groups) {"Group: " + $grp.name; foreach ($user in $grp.users) {" User: " + $user.name} } $site.Dispose()
.
24 comments:
thank you, this is exactly what I was looking for :)
Right on man, good stuff.
i just wish MS would have allowed users to view group memberships even if they aren't in the group. This makes it difficult for site owners to manage their groups and makes for a growing group list. Does anyone know if there is a plan to add this feature in the next SP?
This is exactly what I need, how do I get this file to export to a csv file.
Hi, when I cross check the result of this script it is missing users which have been given access outside of a group but does return the users in groups correctly. Is there a script to capture the users in the root also? Thanks for your help
jb,
To get users directly assigned to a site (SPWeb) or to any object (list, item, etc) there are three properties to check: .Users, .AllUsers and .SiteUsers.
SPWeb.Users gets the collection of user objects that are explicitly assigned permissions in the Web site. It will not return users who have access through a group.
SPWeb.AllUsers gets the collection of user objects that represents all users who are either members of the site collection or who have browsed to the site as authenticated members of a domain group in the site.
SPWeb.SiteUsers gets the collection of all users that belong to the site collection.
So in PowerShell:
Get-SPWeb http://intranet.contoso.com | Select Users
Get-SPWeb http://intranet.contoso.com | Select AllUsers
Get-SPWeb http://intranet.contoso.com | Select SiteUsers
Mike
its perfect! tnks!
I don't know if anyone will see this, but I'll give it a shot. I need a listing of owners for each of my sharepoint sites. When I try to get a list based on groups, I get every group in the site. I would like to get a list of the groups that are owners for each individual site. Right now I am looking for groups that contain "permissions" or "sponsor", but I am looking for only the groups granted rights to a particular site. Can anyone help me. I am using Powershell 1.0 since it is on a 2003 server. Thanks. My email is aeaden@verizon.net
I don't know if anyone will see this, but I'll give it a shot. I need a listing of owners for each of my sharepoint sites. When I try to get a list based on groups, I get every group in the site. I would like to get a list of the groups that are owners for each individual site. Right now I am looking for groups that contain "permissions" or "sponsor", but I am looking for only the groups granted rights to a particular site. Can anyone help me. I am using Powershell 1.0 since it is on a 2003 server. Thanks.
I don't know if anyone will see this, but I'll give it a shot. I need a listing of owners for each of my sharepoint sites. When I try to get a list based on groups, I get every group in the site. I would like to get a list of the groups that are owners for each individual site. Right now I am looking for groups that contain "permissions" or "sponsor", but I am looking for only the groups granted rights to a particular site. Can anyone help me. I am using Powershell 1.0 since it is on a 2003 server. Thanks.
Richard,
I don't even have a 2003 environment to test in any more.
You might try posting your question to the MSDN forums:
http://social.msdn.microsoft.com/Forums/en-US/sharepointgenerallegacy/threads
Mike
To anonymous mentioning exporting to csv, you can always do a > user.txt after the script execution. For example:
./usergroup.ps1 > usergroup.txt
It'll list the result in a notepad file instead of on powershell.
Good Afternoon Mike, firstly thank you for all your tips and assistance.
I just started a new job as a SharePoint administrator and I've had no prior S.P training. I came from a heavy open-source/Unix/Linux environment but do have earlier certifications and 4years of work experience in A.D and MicroSoft servers in general. So I'm sorta teaching S.P to myself.
I've been left with a S.P system that just a pure mess!
I've tried your script and many other similar scripts to get a complete csv/xls export of: all users, permissions, groups and usernames for the entire S.P system, but NOTHING seems to work for me.
I am site administrator.
Please help!!!
Thank You
LK
LK,
You say that "nothing works". Are you running PowerShell directly on a SharePoint server and under an account with permissions to access SharePoint from PowerShell?
Mike
Hi all,
I get an error on the last line:
doesn't contain a method name 'Dispose'.
Can you give me some light here?
I'm running under the Sharepoint 2010 management shell with an admin farm account.
Paulo,
Were there errors from the other lines?
.Dispose() is not required, but is a best practice in case you wrapped the code in a block that ran against 100's of sites.
Mike
hi,
can you pls provide me, how to get the "sitename" Owners group
and "sitename" Members group.
i dont want to iterate through all the site groups in my site collec.
noet: i am creating site collection through pshell and want to add some members to the owners grp and some members to the members grp.
thnks in advance!
prasas SP,
The three "special" groups; owners, members and visitors; are assigned to three properties of the SPWeb object: AssociatedMemberGroup, AssociatedOwnerGroup and AssociatedVisitorGroup.
$web = Get-SPWeb "http://yourservers/sites/yoursite/yourweb";
$ownersgroup = $web.AssociatedOwnerGroup
...
See here for some info and a sample PowerShell script for setting these properties.
http://techtrainingnotes.blogspot.com/2014/09/when-is-full-control-not-full-control.html
Mike
How would I include the permissions of the group in this script?
Tracy,
Use the RoleDefinitionBindings property.
$grp.RoleDefinitionBindings
Mike
Thx!
Thank you, saved my bacon. This is appreciated.
Hi Mike,
I am not sure this thread is still active and you will be seeing my post but my issue is that I am unable to run the script in powershell ISE in SP 2007 server with admin privileages. PFB error message which I am getting
New-Object : Exception calling ".ctor" with "1" argument(s): "The Web application at could not be found. Verify that you have typed the URL correctly. If t
he URL should be serving existing content, the system administrator may need to add a new request URL mapping to the intended application."
At line:2 char:19
+ $site = New-Object <<<< Microsoft.SharePoint.SPSite("")
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
agasthya s,
Three possibilities:
- you don't have the needed permissions to access the site collection.
- the URL is not correct.
- you are running the 32 version of PowerShell on a 64bit version of SP or the 64 version of PowerShell on a 32bit version of SP
Mike
Post a Comment
Note to spammers...
Spammers, don't waste your time... all posts are moderated. If your comment includes unrelated links, is advertising, or just pure spam, it will never be seen.