non-displaying slide…. sharepoint 2010 and 2013 auditing and site content administration using...
TRANSCRIPT
SharePoint 2010 and 2013 Auditing and Site Content Administration
using PowerShell
55095AC
SharePoint & PowerShell
• SharePoint did not include support for PowerShell until SharePoint 2010.– SharePoint 2013 includes 771 cmdlets– SharePoint 2010 includes 549 cmdlets– SharePoint 2007 includes 0 cmdlets!
• Or did it?– PowerShell can access SharePoint 2007 via the
.Net API
Module 1
SharePoint & PowerShell
• 2010 / 2013 example:
$web = Get-SPWeb http://yourserver/sites/yoursite$web.Title
• 2007 example:
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")$sitecollection = New-Object Microsoft.SharePoint.SPSite("http://yourserver/sites/yoursite ")
$web = $sitecollection.RootWeb$web.Title
Module 1
SharePoint & PowerShell
• SharePoint On Premises and SharePoint Online / Office 365
– This class covers the use of PowerShell for on premises SharePoint installations.
– PowerShell can also be used with SharePoint Online / Office 365, but with limitations.
Module 1
SharePoint & PowerShell
• On Premises:– Full suite of SharePoint cmdlets (over 700) – Access to the complete SharePoint object API – One add-in to load for the SharePoint cmdlets– Optional use of the standard Active Directory cmdlets
• SharePoint Online / Office 365:– One add-in for access to Office 365 and user admin.– One add-in for SharePoint Online (only 30 cmdlets)– Requires writing SharePoint Client Side Object Model
(CSOM) code for many operations– Is limited to SharePoint features accessible to CSOM
and RESTful web services
Module 1
SharePoint & PowerShell
• Search vs. PowerShell – Search Pro’s:
• Fast and very flexible• Available from the browser or from a browser based REST API• Limited to content (pages, lists, libraries and files) and user
profile services• May have access to content external to SharePoint (network
shares, non-SharePoint web sites, etc.)
– Search Con’s:• Not always up to date (depends on crawl schedules)• Can miss content due to user created locks• Content can be excluded (hidden) from search by site owners
at both the site and list/library levels• Not as easy to get the output in the format you need
Module 1
SharePoint & PowerShell
• Search vs. PowerShell – PowerShell Pro’s:
• Can access everything in on premises installs and almost everything in Office 365
• Can output and format the data just about any way you like (text, XML, CSV, etc.)
• Can be “scripted” and rerun as needed• Can be scheduled as Windows jobs
– PowerShell Con’s:• Can be slower than search• Can impact server performance• Requires the knowledge of PowerShell, the SharePoint cmdlets
and the SharePoint object model
Module 1
SharePoint & PowerShell
• PowerShell, SharePoint Management Shell and CMDLETs – The basic PowerShell installed on your PC or
Server is not “SharePoint aware”. – The SharePoint Management Shell
• Command line• Auto-loads the SharePoint cmdlets
– The PowerShell Integrated Scripting Environment (ISE)• Graphical user interface • Support for multiple files (tabs)• Support for Visual Studio like debugging • Does not load the SharePoint cmdlets by default
(AddPSSnapin Microsoft.SharePoint.PowerShell)• Can be installed by using PowerShell!
Module 1
SharePoint & PowerShell
• Security and Permissions Needed– You will need:
• Administrator rights to the SharePoint servers• Rights to SQL Server via the Shell_Access role• Permissions to access the contents of SharePoint sites
– Your options:• You can use the “setup account” or the farm account that was
used to install SharePoint (But this is not the best practice!) • Use an account with the needed rights:
– Your account must be a member of the SQL SharePoint_Shell_Access role.
– Your account must be a member of the WSS_Admin_WPG local security group on each server.
– You can configure both of the above using one SharePoint PowerShell cmdlet:
Add-SPShellAdmin –Username "domain/user" -Database "databasename"
Module 1
SharePoint & PowerShell
• Common PowerShell permissions related error
Exception has been thrown by the target of an invocation
This error is related to not having the correct permissions to access content and typically occurs when accessing objects at the SPWeb level or below. I.e. you will need Site Collection Administrator or auditor access to the content.
Module 1
SharePoint & PowerShell
• Getting Started with PowerShell– Get the PowerShell version
PS C:\ $PSVersionTable– Get the list of loaded modules and snapins
PS C:\ Get-PSSnapinPS C:\ Get-ModulePS C:\ Get-Module -ListAvailable
– If working with the ISE: Load the SharePoint add-inPS C:\> AddPSSnapin Microsoft.SharePoint.PowerShell
Module 1
SharePoint & PowerShell
• Getting Started with PowerShell– If the Active Directory PowerShell module is
installed on your server then PowerShell will automatically load the AD module on the first use of an AD cmdlet. PS C:\> Get-ADDomain
– In PowerShell 2.0 you will need to manually load the AD module. PS C:\> Import-Module ActiveDirectory
– If the Active Directory PowerShell module is not installed then it can be added using this cmdlet:PS C:\> Add-WindowsFeature RSAT-AD-PowerShell
Module 1
SharePoint & PowerShell
• Common tasks - Counting– Use .Count
PS C:\> $sharepointCommands = Get-Command *-SP*
PS C:\> $sharepointCommands.count
– Evaluate a command and then use .Count PS C:\> ( Get-Command *-SP* ).count
– User the Measure-Object cmdlet PS C:\> Get-Command *-SP* | Measure-Object PS C:\> Get-SPSite -Limit All | Measure-Object
– Counting Items within a Select-Object PS C:\> Get-SPSite | Select Url, {$_.AllWebs.Count}
Module 1
SharePoint & PowerShell
• Common tasks – Custom Columns– To add a custom column heading you will need
to define the column using “@{}” with two or three options separated with semicolons.
• Label – the text to display. Example “label="Count"”.
• Expression – the value to display. Example: “expression={$_.AllWebs.Count}”
– An example: PS C:\> Get-SPSite |
Select Url, @{ label="Count"; expression = { $_.AllWebs.Count } }
Module 1
SharePoint & PowerShell
• Common tasks – Reformatting Numbers– No formatting:
PS C:\> Get-SPSiteAdministration | Select Url, DiskUsed
– With formatting:PS C:\> Get-SPSiteAdministration | Select Url, {"{0,26:N0}" -f $_.DiskUsed}
– See the courseware for how it works!
Module 1
SharePoint & PowerShell
• Common tasks – Saving Results to a File– Save to Text file:
PS C:\> Get-SPWebApplication | Select DisplayName, Url | Out-File c:\test\testpscount.txt
– Save to a CSV for later use in Excel: PS C:\> Get-SPWebApplication | Select DisplayName, Url | Export-Csv c:\test\testpscount.txt}
– CSV files can be imported back into the pipeline using Imprort-CSV
Module 1
SharePoint & PowerShell
• Creating SharePoint Objects– PowerShell can be used to create anything that can
otherwise be created from within the browser in a site, in Central Administration, or from custom code.
– PowerShell includes many cmdlets to directly create many common objects. Examples:
• New-SPSite• New-SPWeb• New-SPUser
– You can also create all types of objects from the SharePoint objects returned from cmdlets. Examples:
• $web.Lists.Add(……)• $web.Lists["Announcements"].Items.Add(……)• $web.Lists["Documents"].Folders.Add(……)
Module 1
SharePoint & PowerShell
• Changing SharePoint Objects– SharePoint has two ways of changing objects: calling methods
and changing properties.– To see available methods and properties use Get-Member
Get-SPWeb http://server/sites/yoursite | Get-Member
– Methods do “work”.• Methods always have parentheses, with zero to many parameters.
– Properties contain data.• Properties are changed using the assignment operator (“=”).
• Changes to properties are not typically saved without calling the
“.Update()” method.
–
Module 1
SharePoint cmdlets and Objects
Module 2
Module 2
SharePoint cmdlets and Objects
• GUIDs – Most objects in SharePoint can be identified by a name
property, but names can often be changed by administrators, site owners and end users.
– As a more reliable ID consider using the GUID assigned to the item. GUIDs are not changed throughout the life of an object. Most often the property containing the GUID is the ID property. Get-SPSite | Select Url, Id
– Both of the following commands find the same site:PS C:\> Get-SPSite -Identity http://maxsp2013wfe/sites/BlogPS C:\> Get-SPSite -Identity 6abb01be-ab2d-4679-aec7-db14cd381fc1
Module 2
SharePoint cmdlets and Objects
• Sites vs. Webs – “Site” is an often misused work in SharePoint
– SPWeb• A single web site• A container of lists, libraries, and pages• Primary cmdlet: Get-SPWeb• Also accessible from:
– The AllWebs property of the SPSite object– The ParentWebUrl of a list or library
– SPSite• A Site Collection (a container of webs)• Primary cmdlet: Get-SPSite• Also accessible from:
– The Sites property of the SPWebApplication object– The Site property of a child web
Module 2
SharePoint cmdlets and Objects
• The SharePoint Object Hierarchy– SharePoint has a top down structure as seen from both the
administration point of view and the SharePoint API object model.
SharePoint Farm SharePoint Web Service (SharePoint web pages, not ASP.Net web services)
SharePoint Application
SharePoint Site Collection (top level site and it's subsites)
SharePoint Web (a single site)
Lists and Libraries
List Items
Fields (columns)
Data– Each object has a property representing its parent. For example,
from a list item you can drill all the way back up to the Farm: $listitem.ParentList.ParentWeb.Site.WebApplication.WebService.Farm
Module 2
SharePoint cmdlets and Objects
• Up and Down the Hierarchy• Each object has a property representing its parent. For
example, from a list item you can drill all the way back up to the Farm: $listitem.ParentList.ParentWeb.Site.WebApplication.WebService.Farm
• Each object has collections of its children $mywebapplication = $mywebservice.WebApplications[1] $mysite = $mywebapplication.Sites[1] $myweb = $mysite.AllWebs[1] $mylist = $myweb.Lists[1] $myfield = $mylist.Fields[1]
Module 2
SharePoint cmdlets and Objects
• Expanding Properties– Most properties that are collections of objects will need
to be expanded to access the items in the collection. To see all webs (subsites): PS C:\> Get-SPSite -Limit All | Select URL, AllWebs
– To see a property of each web:PS C:\> Get-SPSite -Limit all | Select -ExpandProperty AllWebs | Select URL
– To see all of the lists in all of the sites (SPWebs) in all of the site collections:PS C:\ > Get-SPSite -Limit All | Select -ExpandProperty AllWebs | Select -ExpandProperty Lists | Select ParentWebUrl, Title
Module 2
Memory Usage
• Tracking Memory Usage– The $PID variable contains the PowerShell process ID– You can use the Get-Process (“gps”) to check the
resources being used:
# create 100 subsitesgps -id $pid; for ($i=0; $i -lt 100; $i++) { $s = New-SPWeb http://yourdomain/sites/yoursite/PS$i; }; gps -id $pid;
Module 3
Memory Usage
• Disposing of Objects– By default, all Get commands dispose of SharePoint
objects immediately after the pipeline finishes.– You only need to dispose SPWeb and SPSite objects
you explicitly create.
gps -id $pid; for ($i=0; $i -lt 100; $i++) { $s = New-SPWeb http://yourdomain/sites/yoursite/PS$i; $s.Dispose(); }; gps -id $pid
Module 3
Memory Usage
• Limiting Impact on Production Servers– Run your high impact scripts:
• After hours or on weekends.• In small batches:
– One site collection at a time.– One web application at a time.
• With “timeouts”:– Use the Start-Sleep cmdlet to pause.
Module 3
Memory Usage
• Limiting Impact on Production Servers– A typical script:
PS C:\> Get-SPSite -Limit All | Get-SPWeb -Limit All | Select Url
– With a “sleep” step:PS C:\> Get-SPSite -Limit All | ForEach { $_ ; Start-Sleep 5 } | Get-SPWeb -Limit All | Select Url
Module 3
Working with Content
Module 4: Working with ContentWe will be working from the courseware for this module.
–In this module:• Getting Farm information• Getting Lists of Web Applications, Site Collections and Webs• Getting Lists of Lists and Libraries• Working with Features• Finding Documents• Deleting Content• Downloading Files• Uploading Files
Module 4
Users and Security
Module 5: Users and SecurityWe will be working from the courseware for this module.
–In this module:• Get a single user
• Get a list of all SharePoint users in a Site Collection
• Get a list of all groups and their users for all site collections
• Dealing with Login Names
• Get Users who that are Active Directory Groups
• All of the above for groups • Including users who have access through AD groups
• Documenting Broken Inheritance / Unique Permissions
• Get Role Assignments
Module 5
Managing Sites
Module 6: Managing SitesWe will be working from the courseware for this module.
–In this module:• Finding Inactive Sites • Creating and Deleting Site Collections• Getting Site Collection Data• Creating and Deleting Subsites• SharePoint Designer Settings
Module 6