Jul 26 2017 10:05 AM - edited Jul 26 2017 10:07 AM
Hi
I want produce a report or the SharePoint Groups and or Security Groups on each of the Sub Webs ( one level only) in an SharePoint online intranet. Now, before I start creating a custom object and exporting to CSV, I thought I would have a go with the PnPCommandlets. In the code below, I just testing the owner groups, before looking at the other groups. I am not sure this the best approach so be intersting in hearing about any suggested improvements.
$subWebs = Get-PnPSubWebs Foreach ($subWeb in $subWebs) { write-host -ForegroundColor DarkYellow $subWeb.Title Connect-PnPOnline $subWeb.Url -Credentials $cred $ownerGroup = (Get-pnpweb -Includes AssociatedOwnerGroup).AssociatedOwnerGroup $memberGroup = (Get-pnpweb -Includes AssociatedMemberGroup).AssociatedMemberGroup $vistorGroup = (Get-pnpweb -Includes AssociatedVisitorGroup).AssociatedVisitorGroup $groupTitle = $ownerGroup.Title $groupPermissions = (Get-PnPGroupPermissions -Identity $groupTitle ) write-host $groupTitle $groupPermissions | ForEach {Write-Host $_.name ' ' $_.RoleTypeKind} }
Jul 26 2017 10:34 PM
Hi,
You can try similar script from technet gallery
https://gallery.technet.microsoft.com/Get-SharePoint-Online-and-7e6afce2
Jul 28 2017 07:44 AM - edited Jul 28 2017 07:45 AM
Jul 28 2017 07:44 AM - edited Jul 28 2017 07:45 AM
Hi
Sorry for the delayed response but I seem to have stumbled upon a issue in both the link you mentioned and in my orignal code, when trying to evaluate groups per web. I will illustrate what I mean:
1) First I get a list of sub webs in my Intranet
Connect-PnPOnline $webUrl -Credentials $cred $subwebs=Get-PNPSubWebs
2) Now I want to iterate though my list of sub webs and get all groups aka site permissions
foreach($subweb in $subwebs) { Connect-PnPOnline $subWeb.Url -Credentials $cred # just doing one more check to see we are actually on the correct sub site $thisWeb = Get-PnPWeb $groups=Get-PNPGroup -Identity $thisWeb.Title
In theory, it should provide me with only the groups in my current web. Acurally it shows me all the Site Groups, regardless of what web I am connected to.
Again, getting the owner/member/visitor groups will bring back only appropriate role groups at the top level site. Also if you have multiple owner/member/visitor groups assigned ot the current web; these are ignored, just the first for each role is returned.
$ownerGroup = (Get-pnpweb -Includes AssociatedOwnerGroup).AssociatedOwnerGroup $memberGroup = (Get-pnpweb -Includes AssociatedMemberGroup).AssociatedMemberGroup $vistorGroup = (Get-pnpweb -Includes AssociatedVisitorGroup).AssociatedVisitorGroup
If I can't resolve this I think I will have to use csom ;-(
Aug 29 2017 04:13 AM
Hi Daniel
I have fallen over the same problem when I use Get-PnPGroup I get all of the groups in the site collection whereas I just want the groups for a particular web / subweb.
Is this a bug in Get-PnPGroup ?
@ErwinVanHuen @VesaJuvenon
Aug 30 2017 09:06 AM
Aug 30 2017 09:38 AM
It's AdminDroid. You can check out the interactive demo here.
Aug 30 2017 01:59 PM
@Robert Luck wrote:
It's AdminDroid. You can check out the interactive demo here.
Thanks @Robert Luck the name did escape me monentarily. Ideally this should be something we should get via the PnPCommandlet esp when considering there is -Web parementer.
Mar 13 2020 07:29 AM
Solution
It works --->
Connect-PnPOnline - <<Give details here>>
$context.Load($context.Web.RoleAssignments)
$context.Load($context.Web.RoleAssignments.Groups)
Invoke-PnPQuery -ErrorAction Stop
ForEach($group in $context.Web.RoleAssignments.Groups)
{
$context.Load($group)
Invoke-PnPQuery -ErrorAction Stop
$perm = Get-PnPGroupPermissions -Identity $group.Title
if($perm.Name.Count -gt 0) {
for($i=0; $i -lt $perm.Count;$i++){
Set-PnPGroup -Identity $group.Title -RemoveRole $perm[$i].Name
}
Set-PnPGroup -Identity $group.Title -AddRole "Read"
}
Mar 13 2020 07:29 AM
Solution
It works --->
Connect-PnPOnline - <<Give details here>>
$context.Load($context.Web.RoleAssignments)
$context.Load($context.Web.RoleAssignments.Groups)
Invoke-PnPQuery -ErrorAction Stop
ForEach($group in $context.Web.RoleAssignments.Groups)
{
$context.Load($group)
Invoke-PnPQuery -ErrorAction Stop
$perm = Get-PnPGroupPermissions -Identity $group.Title
if($perm.Name.Count -gt 0) {
for($i=0; $i -lt $perm.Count;$i++){
Set-PnPGroup -Identity $group.Title -RemoveRole $perm[$i].Name
}
Set-PnPGroup -Identity $group.Title -AddRole "Read"
}