How can I identify orphaned site collection administrators with powershell?
-
07-01-2021 - |
Domanda
I've noticed a number of sites where site collection administrator and users approving permissions have since been decommissioned in active directory. Is there a way I can identify all of these throughout the farm using powershell?
Extracting and providing a json list of users from Active Directory to then use against another script could be an option if somebody knows how to find this information within SharePoint.
Soluzione
below is a PowerShell script to find inactive users. Please check if it works for you. Please note that code to delete the inactive users is at the bottom and is commented.
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Parameter
$WebAppURL="https://sharepoint.crescent.com"
#Function to Check if a User exists in AD
Function Check-UserExistsInAD()
{
Param( [Parameter(Mandatory=$true)] [string]$UserLoginID )
#Search the User in AD
$forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
foreach ($Domain in $forest.Domains)
{
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $Domain.Name)
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($context)
$root = $domain.GetDirectoryEntry()
$search = [System.DirectoryServices.DirectorySearcher]$root
$search.Filter = "(&(objectCategory=User)(samAccountName=$UserLoginID))"
$result = $search.FindOne()
if ($result -ne $null)
{
return $true
}
}
return $false
}
#Get all Site Collections of the web application
$WebApp = Get-SPWebApplication $WebAppURL
#Iterate through all Site Collections
Foreach($site in $WebApp.Sites)
{
#Get all Webs with Unique Permissions - Which includes Root Webs
$WebsColl = $site.AllWebs | Where {$_.HasUniqueRoleAssignments -eq $True} | ForEach-Object {
$OrphanedUsers = @()
#Iterate through the users collection
foreach($User in $_.SiteUsers)
{
#Exclude Built-in User Accounts , Security Groups
if(($User.LoginName.ToLower() -ne "nt authority\authenticated users") -and
($User.LoginName.ToLower() -ne "sharepoint\system") -and
($User.LoginName.ToLower() -ne "nt authority\local service") -and
($user.IsDomainGroup -eq $false ) )
{
$UserName = $User.LoginName.split("\") #Domain\UserName
$AccountName = $UserName[1] #UserName
if ( ( Check-UserExistsInAD $AccountName) -eq $false )
{
Write-Host "$($User.Name)($($User.LoginName)) from $($_.URL) doesn't Exists in AD!"
#Make a note of the Orphaned user
$OrphanedUsers+=$User.LoginName
}
}
}
# **** Remove Users ****#
# Remove the Orphaned Users from the site
# foreach($OrpUser in $OrphanedUsers)
# {
# $_.SiteUsers.Remove($OrpUser)
# Write-host "Removed the Orphaned user $($OrpUser) from $($_.URL) "
# }
Reference - http://www.sharepointdiary.com/2013/07/find-and-delete-orphaned-users-in-sharepoint-using-powershell.html
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a sharepoint.stackexchange