non-displaying slide…. sharepoint 2010 and 2013 auditing and site content administration using...

SharePoint 2010 and 2013 Auditing and Site Content Administration

using PowerShell

55095AC

SharePoint & PowerShell

• SharePoint did not include support for PowerShell until SharePoint 2010.– SharePoint 2013 includes 771 cmdlets– SharePoint 2010 includes 549 cmdlets– SharePoint 2007 includes 0 cmdlets!

• Or did it?– PowerShell can access SharePoint 2007 via the

.Net API

Module 1


• 2010 / 2013 example:

$web = Get-SPWeb http://yourserver/sites/yoursite$web.Title

• 2007 example:

[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")$sitecollection = New-Object Microsoft.SharePoint.SPSite("http://yourserver/sites/yoursite ")

$web = $sitecollection.RootWeb$web.Title

Module 1


• SharePoint On Premises and SharePoint Online / Office 365

– This class covers the use of PowerShell for on premises SharePoint installations.

– PowerShell can also be used with SharePoint Online / Office 365, but with limitations.

Module 1


• On Premises:– Full suite of SharePoint cmdlets (over 700) – Access to the complete SharePoint object API – One add-in to load for the SharePoint cmdlets– Optional use of the standard Active Directory cmdlets

• SharePoint Online / Office 365:– One add-in for access to Office 365 and user admin.– One add-in for SharePoint Online (only 30 cmdlets)– Requires writing SharePoint Client Side Object Model

(CSOM) code for many operations– Is limited to SharePoint features accessible to CSOM

and RESTful web services

Module 1


• Search vs. PowerShell – Search Pro’s:

• Fast and very flexible• Available from the browser or from a browser based REST API• Limited to content (pages, lists, libraries and files) and user

profile services• May have access to content external to SharePoint (network

shares, non-SharePoint web sites, etc.)

– Search Con’s:• Not always up to date (depends on crawl schedules)• Can miss content due to user created locks• Content can be excluded (hidden) from search by site owners

at both the site and list/library levels• Not as easy to get the output in the format you need

Module 1


• Search vs. PowerShell – PowerShell Pro’s:

• Can access everything in on premises installs and almost everything in Office 365

• Can output and format the data just about any way you like (text, XML, CSV, etc.)

• Can be “scripted” and rerun as needed• Can be scheduled as Windows jobs

– PowerShell Con’s:• Can be slower than search• Can impact server performance• Requires the knowledge of PowerShell, the SharePoint cmdlets

and the SharePoint object model

Module 1


• PowerShell, SharePoint Management Shell and CMDLETs – The basic PowerShell installed on your PC or

Server is not “SharePoint aware”. – The SharePoint Management Shell

• Command line• Auto-loads the SharePoint cmdlets

– The PowerShell Integrated Scripting Environment (ISE)• Graphical user interface • Support for multiple files (tabs)• Support for Visual Studio like debugging • Does not load the SharePoint cmdlets by default

(AddPSSnapin Microsoft.SharePoint.PowerShell)• Can be installed by using PowerShell!

Module 1


• Security and Permissions Needed– You will need:

• Administrator rights to the SharePoint servers• Rights to SQL Server via the Shell_Access role• Permissions to access the contents of SharePoint sites

– Your options:• You can use the “setup account” or the farm account that was

used to install SharePoint (But this is not the best practice!) • Use an account with the needed rights:

– Your account must be a member of the SQL SharePoint_Shell_Access role.

– Your account must be a member of the WSS_Admin_WPG local security group on each server.

– You can configure both of the above using one SharePoint PowerShell cmdlet:

Add-SPShellAdmin –Username "domain/user" -Database "databasename"

Module 1


• Common PowerShell permissions related error

Exception has been thrown by the target of an invocation

This error is related to not having the correct permissions to access content and typically occurs when accessing objects at the SPWeb level or below. I.e. you will need Site Collection Administrator or auditor access to the content.

Module 1


• Getting Started with PowerShell– Get the PowerShell version

PS C:\ $PSVersionTable– Get the list of loaded modules and snapins

PS C:\ Get-PSSnapinPS C:\ Get-ModulePS C:\ Get-Module -ListAvailable

– If working with the ISE: Load the SharePoint add-inPS C:\> AddPSSnapin Microsoft.SharePoint.PowerShell

Module 1


• Getting Started with PowerShell– If the Active Directory PowerShell module is

installed on your server then PowerShell will automatically load the AD module on the first use of an AD cmdlet. PS C:\> Get-ADDomain

– In PowerShell 2.0 you will need to manually load the AD module. PS C:\> Import-Module ActiveDirectory

– If the Active Directory PowerShell module is not installed then it can be added using this cmdlet:PS C:\> Add-WindowsFeature RSAT-AD-PowerShell

Module 1


• Common tasks - Counting– Use .Count

PS C:\> $sharepointCommands = Get-Command *-SP*

PS C:\> $sharepointCommands.count

– Evaluate a command and then use .Count PS C:\> ( Get-Command *-SP* ).count

– User the Measure-Object cmdlet PS C:\> Get-Command *-SP* | Measure-Object PS C:\> Get-SPSite -Limit All | Measure-Object

– Counting Items within a Select-Object PS C:\> Get-SPSite | Select Url, {$_.AllWebs.Count}

Module 1


• Common tasks – Custom Columns– To add a custom column heading you will need

to define the column using “@{}” with two or three options separated with semicolons.

• Label – the text to display. Example “label="Count"”.

• Expression – the value to display. Example: “expression={$_.AllWebs.Count}”

– An example: PS C:\> Get-SPSite |

Select Url, @{ label="Count"; expression = { $_.AllWebs.Count } }

Module 1


• Common tasks – Reformatting Numbers– No formatting:

PS C:\> Get-SPSiteAdministration | Select Url, DiskUsed

– With formatting:PS C:\> Get-SPSiteAdministration | Select Url, {"{0,26:N0}" -f $_.DiskUsed}

– See the courseware for how it works!

Module 1


• Common tasks – Saving Results to a File– Save to Text file:

PS C:\> Get-SPWebApplication | Select DisplayName, Url | Out-File c:\test\testpscount.txt

– Save to a CSV for later use in Excel: PS C:\> Get-SPWebApplication | Select DisplayName, Url | Export-Csv c:\test\testpscount.txt}

– CSV files can be imported back into the pipeline using Imprort-CSV

Module 1


• Creating SharePoint Objects– PowerShell can be used to create anything that can

otherwise be created from within the browser in a site, in Central Administration, or from custom code.

– PowerShell includes many cmdlets to directly create many common objects. Examples:

• New-SPSite• New-SPWeb• New-SPUser

– You can also create all types of objects from the SharePoint objects returned from cmdlets. Examples:

• $web.Lists.Add(……)• $web.Lists["Announcements"].Items.Add(……)• $web.Lists["Documents"].Folders.Add(……)

Module 1


• Changing SharePoint Objects– SharePoint has two ways of changing objects: calling methods

and changing properties.– To see available methods and properties use Get-Member

Get-SPWeb http://server/sites/yoursite | Get-Member

– Methods do “work”.• Methods always have parentheses, with zero to many parameters.

– Properties contain data.• Properties are changed using the assignment operator (“=”).

• Changes to properties are not typically saved without calling the

“.Update()” method.

–

Module 1

SharePoint cmdlets and Objects

Module 2

Module 2


• GUIDs – Most objects in SharePoint can be identified by a name

property, but names can often be changed by administrators, site owners and end users.

– As a more reliable ID consider using the GUID assigned to the item. GUIDs are not changed throughout the life of an object. Most often the property containing the GUID is the ID property. Get-SPSite | Select Url, Id

– Both of the following commands find the same site:PS C:\> Get-SPSite -Identity http://maxsp2013wfe/sites/BlogPS C:\> Get-SPSite -Identity 6abb01be-ab2d-4679-aec7-db14cd381fc1

Module 2


• Sites vs. Webs – “Site” is an often misused work in SharePoint

– SPWeb• A single web site• A container of lists, libraries, and pages• Primary cmdlet: Get-SPWeb• Also accessible from:

– The AllWebs property of the SPSite object– The ParentWebUrl of a list or library

– SPSite• A Site Collection (a container of webs)• Primary cmdlet: Get-SPSite• Also accessible from:

– The Sites property of the SPWebApplication object– The Site property of a child web

Module 2


• The SharePoint Object Hierarchy– SharePoint has a top down structure as seen from both the

administration point of view and the SharePoint API object model.

SharePoint Farm SharePoint Web Service (SharePoint web pages, not ASP.Net web services)

SharePoint Application

SharePoint Site Collection (top level site and it's subsites)

SharePoint Web (a single site)

Lists and Libraries

List Items

Fields (columns)

Data– Each object has a property representing its parent. For example,

from a list item you can drill all the way back up to the Farm: $listitem.ParentList.ParentWeb.Site.WebApplication.WebService.Farm

Module 2


• Up and Down the Hierarchy• Each object has a property representing its parent. For

example, from a list item you can drill all the way back up to the Farm: $listitem.ParentList.ParentWeb.Site.WebApplication.WebService.Farm

• Each object has collections of its children $mywebapplication = $mywebservice.WebApplications[1] $mysite = $mywebapplication.Sites[1] $myweb = $mysite.AllWebs[1] $mylist = $myweb.Lists[1] $myfield = $mylist.Fields[1]

Module 2


• Expanding Properties– Most properties that are collections of objects will need

to be expanded to access the items in the collection. To see all webs (subsites): PS C:\> Get-SPSite -Limit All | Select URL, AllWebs

– To see a property of each web:PS C:\> Get-SPSite -Limit all | Select -ExpandProperty AllWebs | Select URL

– To see all of the lists in all of the sites (SPWebs) in all of the site collections:PS C:\ > Get-SPSite -Limit All | Select -ExpandProperty AllWebs | Select -ExpandProperty Lists | Select ParentWebUrl, Title

Module 2

Memory Usage

• Tracking Memory Usage– The $PID variable contains the PowerShell process ID– You can use the Get-Process (“gps”) to check the

resources being used:

# create 100 subsitesgps -id $pid; for ($i=0; $i -lt 100; $i++) { $s = New-SPWeb http://yourdomain/sites/yoursite/PS$i; }; gps -id $pid;

Module 3

Memory Usage

• Disposing of Objects– By default, all Get commands dispose of SharePoint

objects immediately after the pipeline finishes.– You only need to dispose SPWeb and SPSite objects

you explicitly create.

gps -id $pid; for ($i=0; $i -lt 100; $i++) { $s = New-SPWeb http://yourdomain/sites/yoursite/PS$i; $s.Dispose(); }; gps -id $pid

Module 3

Memory Usage

• Limiting Impact on Production Servers– Run your high impact scripts:

• After hours or on weekends.• In small batches:

– One site collection at a time.– One web application at a time.

• With “timeouts”:– Use the Start-Sleep cmdlet to pause.

Module 3

Memory Usage

• Limiting Impact on Production Servers– A typical script:

PS C:\> Get-SPSite -Limit All | Get-SPWeb -Limit All | Select Url

– With a “sleep” step:PS C:\> Get-SPSite -Limit All | ForEach { $_ ; Start-Sleep 5 } | Get-SPWeb -Limit All | Select Url

Module 3

Working with Content

Module 4: Working with ContentWe will be working from the courseware for this module.

–In this module:• Getting Farm information• Getting Lists of Web Applications, Site Collections and Webs• Getting Lists of Lists and Libraries• Working with Features• Finding Documents• Deleting Content• Downloading Files• Uploading Files

Module 4

Users and Security

Module 5: Users and SecurityWe will be working from the courseware for this module.

–In this module:• Get a single user

• Get a list of all SharePoint users in a Site Collection

• Get a list of all groups and their users for all site collections

• Dealing with Login Names

• Get Users who that are Active Directory Groups

• All of the above for groups • Including users who have access through AD groups

• Documenting Broken Inheritance / Unique Permissions

• Get Role Assignments

Module 5

Managing Sites

Module 6: Managing SitesWe will be working from the courseware for this module.

–In this module:• Finding Inactive Sites • Creating and Deleting Site Collections• Getting Site Collection Data• Creating and Deleting Subsites• SharePoint Designer Settings

Module 6