Combining a powerful tool by the name of PowerShell with an equally powerful platform such as SharePoint, the results can be extremely beneficial. However, many users struggle to wrap their head around this duo, and are left feeling unsure where exactly to start.
In this post, we’ll explore the capabilities of Microsoft’s PowerShell, both individually and when combined with SharePoint.
In layman’s terms, PowerShell is a modern day command prompt, gifting more power and control over the Windows operating system (OS). Built upon the .NET framework, Windows PowerShell is Microsoft’s own framework, created for task automation and configuration management with its own scripting language. It also consists of Windows PowerShell ISE, its very own powerful graphical user interface (UI) to create PowerShell scripts.
PowerShell 5.0 is the latest version of the framework, with additional new features such as backward compatibility and an improved PowerShell ISE. An improved desired state configuration allows for greater control over the configuration management, at 5.0 sees a new set of cmdlets – lightweight commands used to perform actions within the PowerShell environment.
How Powerful Is It?
PowerShell is without a doubt an excellent (and critical) tool for IT administrators and developers. With PowerShell single line commands, you can connect to remote computers, explore the active directory and export your data into .csv or .xml document formats. With the pipelining feature, you can connect the output of one cmdlet as an input to another cmdlet.
PowerShell is not just a scripting language, but it’s a complete framework for perfect automated solutions.
Even here at Sharegate we’ve developed our own set of PowerShell commands, enabling certain actions within the application, like scheduling and automating a migration or managing SharePoint content.
Within SharePoint, let’s say, for example, you want to update the title field of a particular user in Active Directory. This may seem like a relatively simple task; easily achieved by opening the GUI of the active directory.
But what if it has to be done for 100 users at a time? Suddenly, we’re left wishing there was a better way to update the title of those 100 users, decreasing the amount of effort required and saving on time. Fortunately for us, this is where PowerShell comes to the rescue.
With at most 3 cmdlets, we can get all the users from the .csv file and update the titles of those users in Microsoft Active Directory (AD). These scripts are short and sweet, and take no more than 5 seconds to update all 100 users:
SharePoint and PowerShell Together…
PowerShell is a common feature in other Microsoft platforms such as Windows, Active Directory, Exchange, SQL Server, and SharePoint. Earlier versions of SharePoint had its own command line application called STSADM to perform various operations within SharePoint, but its pales in comparison to PowerShell.
The tool is able to administer to windows, and so made sense for Microsoft to provide PowerShell support for SharePoint as well. Support is provided by DLL plugin, allowing users access to SharePoint objects using over 540 out-of-the-box cmdlets specifically for SharePoint.
You can load the SharePoint DLL plugin into PowerShell with the below cmdlet:
Accessing SharePoint Users and Groups
As a SharePoint administrator, it’s a very tedious task to manage the users and their inherent permissions on SharePoint sites. Each day, there are numerous tickets to assign the specific roles or permissions to users or groups of users on SharePoint sites. It’s a very time consuming process, not to mention the redundant efforts that get wasted doing same thing again and again.
PowerShell for SharePoint offers a variety of cmdlets to deal with SharePoint Users and Groups, Document or item permissions, Role Definitions and Site Administrators to save everyone time and hassle.
To Get the SharePoint User, we can use the Get-SPUser cmdlet which will return the SPUser object and its properties.
Administrators can manage the security of SharePoint sites by finding out which files users have access to. You can get the site collection administrator for each site collection or who are the site owners of the sites.
Get All the Site Owners
Get the Primary and Secondary Site Collection Administrator
User Access on Files
A site collection administrator can easily verify and check user permissions from within site settings, but what if it you’re required to list access permission details for all the users in a SharePoint site? This is not possible out-of-the-box. By using the RoleAssignments property, however, you can achieve user access on the particular file as shown below:
Finding Unique Permissions
SharePoint allows administrators to break permission inheritance from the site level to item level. So, if you want a particular item to have a specific set of permission, but not the same as at the site level, you can break the inheritance and assign your new permissions.
It’s recommended not to overuse this privilege, however, as it can quickly become overwhelming and unmanageable to check the permissions for each item.
However, there is a way for SharePoint administrators to manage the unique permissions on the item using the HasUniquePerm property for sites and the HasUniqueRoleAssignments property for all the other types of securable objects.
You can find all the sites with the unique permissions from the site collection using the below command:
Security Information of Site
Now that we’ve discussed most of the objects which expose the security levels of SharePoint using PowerShell, we can now easily get all the security or permission level details of the SharePoint Using PowerShell. Below are some of the commands you can use to get that level of detail:
The Clue’s in the Name
Windows PowerShell is, as the name suggests, an incredibly powerful tool. It brings many benefits to power-users and IT professionals by making their lives that much easier.