I want to give a Domain User SharePoint permissions on a Site.
The peoplepicker in SharePoint found the user and i can add the user in the Browser to the Site.
But when I use PowerShell, the User is not in the permission list on the SharePoint GUI.
PS: New-SPUser -UserAlias "test\TestUser2" -PermissionLevel Contribute -web http://test.sharepoint.de/site/page
PS:
UserLogin DisplayName
--------- -----------
TEST\testuser2 TestUser2
also not working:
Get-SPWeb "http://test.sharepoint.de/site/page" | New-SPUser –UserAlias "test\TestUser2" -PermissionLevel Contribute
It should be this: Set-SPUser -Identity 'domain\name' -Web http://sp2test/site -AddPermissionLevel Read
What happens if you drop the page from your command?
New-SPUser -UserAlias "test\TestUser2" -PermissionLevel Contribute -web http://test.sharepoint.de/site
Also, after you add them through the GUI, does your command work to add them to additional sites? Also, dumb question maybe, but are you running PS as a user who has access to add people to the site?
Try adding Add-PSSnapin "Microsoft.SharePoint.PowerShell"
It worked for me
Add-PSSnapin "Microsoft.SharePoint.PowerShell"
Set-SPUser -Identity 'domain\name' -Web http://sp2test/site -AddPermissionLevel Read
Related
I am currently trying to disable a OneDrive for my organisation. It works pretty well for new users, but old ones got access. I worked out one solution - when I take away collection admin rights user cannot use OneDrive anymore.
But I have 1000 users, and I will die changing permissions by hand, therefore is there any script to set all site collection admins to one person?
I mean those settings:
https://i.stack.imgur.com/A63RZ.png
If you want to disable OneDrive and don't want anyone to access it, instead of changing permissions, you can lock all OneDrive sites via PowerShell code:
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
#Parameters
$AdminCenterURL = "https://xxx-admin.sharepoint.com"
Try {
#Connect to SharePoint Online Admin Center
Connect-SPOService -Url $AdminCenterURL -Credential (Get-Credential)
#Get All OneDrive for Business Sites in the Tenant
$OneDriveSites = Get-SPOSite -Limit ALL -includepersonalsite $True -Filter "Url -like '-my.sharepoint.com/personal/'"
#Loop through each OneDrive Site
Foreach($Site in $OneDriveSites)
{
Set-SPOSite -Identity $Site -LockState "NoAccess"
Write-host "Scanning site:"$Site.Url "is locked"-f Yellow
}
}
Catch {
write-host -f Red "Error locking Sites:" $_.Exception.Message
}
Result is:
After that, when users try to access OneDrive, a 403 error will be returned.
About Set-SPOSite
The call to CSOM RemoveSite throws an exception when trying to remove sitecollections created with modern Team Sites:
"This site belongs to a office365 group. To remove the site you've to remove the group."
SpoOperation removeSiteOperation = tenant.RemoveSite(siteCollectionUrl);
context.Load(tenant);
Is there any way to force the deletion, find the group to delete or use a new api?
We can delete the site collections created with modern team sites, we can use PnP PowerShell below to achieve it.
$credential = Get-Credential
Connect-PnPOnline https://[tenant].sharepoint.com -credential $credential
Remove-PnPTenantSite https://[tenant].sharepoint.com/sites/ModernTeamSite
And deleting the group using the PowerShell below.
$credential = Get-Credential
Connect-PnPOnline https://[tenant].sharepoint.com -credential $credential
Remove-PnPUnifiedGroup -Identity groupID // you can get group Ids from Get-PnPUnifiedGroup
Reference: Completely delete an Office365 site collection classic or modern from recycle bin
And also check the similar thread below.
Unable to remove Office 365 Group Site Collection
Is there a way to write PowerShell command to "Follow in inbox" to a group?
or maybe Microsoft Graph API?
I am trying through the code to implement this feature, but can't see any documentation.
In office 365 every user that joins a group can use the dropdown to select Follow in inbox or Stop following in inbox:
here an image example of follow in inbox
I dont know a possiblity to do that via Powershell. You can set it in the AdminCenter gui of Office365 in the group settings.
See here: https://learn.microsoft.com/en-us/office365/admin/create-groups/create-groups?view=o365-worldwide#how-following-group-email-works
Update:
It seems that you can do it with the Graph API: https://learn.microsoft.com/en-us/graph/api/group-update?view=graph-rest-1.0
Function "UpdateGroup" and the Setting "autoSubscribeNewMembers".
Note: This will only take effect for new members not for existing ones!
Thank you, Hannes
This is a PowerShell I wrote:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
<#Get all Office 365 Groups that AutoSubscribeNewMembers disabled#>
$O365Groups = Get-UnifiedGroup | Where-Object{$_.AutoSubscribeNewMembers -eq $false}
<#Iterate through the Groups, enabling the AutoSubscribeNewMember#>
foreach ($group in $O365Groups)
{
Set-UnifiedGroup $group.Identity -AutoSubscribeNewMembers:$true
}
<#Close the Session#>
Remove-PSSession $Session
Works fine only for new member in the group
I was searching for the opposite command, to unsubscribe a user manually from powershell due to an external user receiving the emails for a group that were unnecessary to send externally.
Here are the powershell commands, connected to Exhange Online Powershell version 2:
View subscribers:
Get-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers
Add subscribers:
Add-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers -Links <comma separated list of email addresses>
Remove subscribers:
Remove-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers -Links <comma separated list of email addresses>
Documentation
I have been working on some sample commands for this exact topic: Unsubscribe-FollowInInbox.ps1 (for full list of code samples)
Some samples:
#Check subscription status for ALL unified groups
Get-UnifiedGroup | Format-Table Name,*subscribe* -AutoSize
Here is PowerShell to make all "members" in to "subscribers" (aka Follow In Inbox)
##########################################
# Loop 1 - SUBSCRIBE all group members #
##########################################
#Store the team name in a variable. Change this to match your team.
#To find this for your team, use (Get-UnifiedGroup *test-team*).PrimarySmtpAddress
$teamname = "test-team#example.com"
#Find all the members of the Unified Group "test-team" and store their UserMailbox objects in a variable called "members"
$members = Get-UnifiedGroup $teamname | Get-UnifiedGroupLinks -LinkType Member
#Create a variable to keep track of how many members we have subscribed or unsubscribed
$membercount = ($members.Count)
#Loop through the list of members and add a subscriber link for each one
foreach ($member in $members)
{
#Decrement the member count
$membercount--
#Write progress to the PowerShell window
Write-Host "Adding subscriber link for user $($member.PrimarySmtpAddress), $membercount users remaining"
#Add the UnifiedGroupLink to make each user a subscriber
Add-UnifiedGroupLinks -Identity $teamname -Links $($member.PrimarySmtpAddress) -LinkType Subscriber -Confirm:$false
}
I had a subsite in a site collection I wanted to transfer to another site collection (both in Sharepoint 2013). I made a site template with content out of it so I can transfer it to another site collection. I uploaded the solution and activated it. I made sure the activated features were completely identical. However, when I create a new subsite and choose to use the uploaded solution, I continue to receive a error message saying it is missing a feature called "MobileExcelWebAccess."
I have no clue where to find that feature. I literally enabled every site feature and site collection feature but I still end up with that error. I've read on other resources that it could be found on Central Admin but I don't have access there.
If I can't enable it in the new site, is there a way to disable it in my old site?
Try running this from a SharePoint 2013 Management Shell: Enable-SPFeature MobileExcelWebAccess -Url http://[replace with your url]
The simple line script from Ola Ekdahl did not work for me, but this did:
Replace the $url with your site collection url
save the script in .ps1 file
Open SharePoint Online Management Shell in Administrator mode and execute the script like .\
A prompt will be poped-up that asks your credential (Administrator) for the site collection
$url = "https://<your site collection url>"
$clientDll = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
$runtimeDll = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
$cred = get-credential
$clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($url)
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($cred.username, $cred.password)
$clientContext.Credentials = $credentials
if (!$clientContext.ServerObjectIsNull.Value)
{
Write-Host "Connected to SharePoint site: '$Url'" -ForegroundColor Green
}
$clientContext.Site.Features.Add('e995e28b-9ba8-4668-9933-cf5c146d7a9f',$true,[Microsoft.SharePoint.Client.FeatureDefinitionScope]::None)
$clientContext.ExecuteQuery()
source: http://mahedevelopment.blogspot.gr/2016/07/sharepoint-online-mobileexcelwebaccess.html
I have a script to list all the users that have accounts on sharepoint. However, not all them are being listed. There are only 5/8 Marks that are listed for example.
I'm using powershell and a query:
"<Query><OrderBy><FieldRef Name='ID' /></OrderBy></Query>"
I don't know why there are not all showing. I can find them under the portal and admin center.
Users are added to the User Information List when they login to the site or granted specific permissions (not through an AD Group).
You can read more on SharePoint.StackExchange.com at How is the user information list populated?
You can write a PowerShell script(named ListWebUserInformationListItems.ps1) as following:
# Run with SharePoint 2010 Management Shell
$webUrl = Read-Host "Enter the web url"
$web = Get-SPWeb $webUrl
$list = $web.Lists["User Information List"]
$query = New-Object Microsoft.SharePoint.SPQuery
$queryCamlString = '<Query><OrderBy><FieldRef Name="Title" Ascending="True" /></OrderBy></Query>'
$query.Query = $queryCamlString
$userInformationListItems = $list.GetItems($query)
foreach($userInformationListItem in $userInformationListItems)
{
echo $userInformationListItem.Title
}
Then execute the script and input the web url when console window display the "Enter the web url" message.
Note: You can use SPQuery the get the User Information List items which are the users in this web application. The users are not all the users in the farm. And if you add a ADGroup to the SharePoint, you will add the only one SharePoint user to user information list(The SharePoint User stand for the ADGroup, the ADUser in the ADGroup will not present to the user information list).
The User Information List item title will display in the console window.
More over:
You can visit the "http://[your web application url]/_catalogs/users/detail.aspx" to view the users who are in the web application.
Hope the answer will help you
I think you might get better of by listing all User Profiles instead. By doing this, you will at least get a list of all users that have been synchronized into SharePoint. Something like:
$site = Get-SPSite "your URL"
$context = Get-SPServiceContext $site
$profileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($context)
$profiles = $profileManager.GetEnumerator()
foreach($profile in $profiles)
{
$displayName = $profile.DisplayName
}