Archive

Archive for the ‘PowerShell’ Category

SharePoint 2010: Adding SAML Claim permission for All Authenticated Users using PowerShell.

February 1, 2017 Leave a comment

I recently had to convert one of my SharePoint 2010 Web Applications from using Windows Claims/NTLM to use SAML Claims, removing the need for NTLM authentication by using a Claims Provider (ADFS) for authentication. When doing so permissions on the SALM Claims Web Application broke because it was still leveraging the Windows Claims Permissions. Since the NTLM permission was removed at the Web Application level, and to meet the DISA STIG requirement Anonymous Access permissions were also removed; this in return restricted access to users who used to have “read” rights to the Portal. To fix this problem I had to grant the “read” permissions for the SAML Claims ‘All Authenticated Users’ to all Site Collections / Sites so these users can once again gain access. Below is how I accomplished this using PowerShell.

————————————————————————–

$webApp = Get-SPWebApplication "[WEB APPLICATION URL]"
$sts = Get-SPTrustedIdentityTokenIssuer "[CLAIMS PROVIDER TOKEN ISSUER NAME]"

$PermLevels = @{}

"URL `t" + "userName `t" + "userLogin `t" + "userEmail `t" + "permissionLevel `t" + "SAMLClaim" >> User_Permissions_AllAuthenticatedUsers.csv

foreach ($web in $webApp | Get-SPSite -Limit All | Get-SPWeb -Limit All)
{

	foreach ($role in $web.Roles)
	{
		$permmask = $role.PermissionMask
		$permname = $role.Name
		$PermLevels.Add("$permmask", "$permname")
		trap [Exception] {continue}
	}
	foreach ($perm in $web.Permissions)
	{
		$permmaskcurrent = $perm.PermissionMask
		$level = $PermLevels.Get_Item("$permmaskcurrent")

		if ($perm.Member.Name -like "*All Authenticated Users*")
		{
				#CLAIM PRINCIPAL FOR ROLE
				$claimPrincipal = New-SPClaimsPrincipal -ClaimValue $perm.Member.Name -ClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -TrustedIdentityTokenIssuer $sts
				
				
				$newUser = New-SPUser -UserAlias $claimPrincipal.ToEncodedString() -Web $web

				$account = $web.EnsureUser($newUser)
			
				if ($level -eq "Limited Access")
				{
					$level = "Read"
					$role = $web.RoleDefinitions[$level]
					$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
					$assignment.RoleDefinitionBindings.Add($role)
					$web.RoleAssignments.Add($assignment)
				}
				else
				{
					$role = $web.RoleDefinitions[$level]
					$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
					$assignment.RoleDefinitionBindings.Add($role)
					$web.RoleAssignments.Add($assignment)
				}
				
				$web.Url + "`t" + $perm.Member.Name + "`t" + $perm.Member.UserLogin + "`t" + $perm.Member.Email + "`t" + $level + "`t" + $account >> User_Permissions_AllAuthenticatedUsers.csv

		}
	}
}

————————————————————————–

The above script loops through all the Site Collections and Sites to search for the Windows Claim for ‘All Authenticated Users’ once it finds an instance where the ‘All Authenticated Users’ permissions is used it adds the SAML Claim for ‘All Authenticated Users’

This script does not clean up/remove the old Windows Claims permission for the ‘All Authenticated Users’ I did that just incase the Web Application needs to be extended to once again support Windows Claims/NTLM authentication.

I will later blog about how to add the ‘All Authenticated Users’ SAML Claim to Groups, and also how to add indivdual SAML Claim permissions to users by granting their SAML Token for email.

Hopefully this is helpful for those that are struggling to reprovision their Windows Claims permissions to SAML Claims.

SharePoint 2010: Enable (Page) Output Cache Settings using PowerShell

January 25, 2017 Leave a comment

To optimize performance in SharePoint 2010, there are a few settings you can do to help with page load times and optimizing SharePoint Cache.

The three main ways to do this is:

1. BLOB Cache
2. Object Cache
3. Page Output Cache

In my environment we are not leveraging BLOB cache, and Object Cache is already enabled by default. Though you can optimize it for your SP environment.

However the Page Output Cache is not enabled by default.

Below is a PowerShell script I created that enables the Page Output Cache at the Site Collection Level for a Web Application.

$webapp = Get-SPWebApplication [URL OF WEB APPLICATION]

foreach ($web in $webapp.Sites)
{
$cacheSettings = New-Object Microsoft.SharePoint.Publishing.SiteCacheSettingsWriter($web.url)
$cacheSettings.EnableCache = $true
$cacheSettings.Update();
Write-Host “Updated Page Output Cache Settings…” $web.Url
}

Options:

#Default Page Output Cache Profile. The Cache Profile Id is built off the Cache Profile List (Site Actions – Site Settings – Site Collection Cache Profiles (under Site Collection Administration))

SetAnonymousPageCacheProfileId($web.Url, 1)
SetAuthenticatedPageCacheProfileId($web.Url, 2);

#Page Output Cache Policy
$cacheSettings.AllowPublishingWebPageOverrides = $true;
$cacheSettings.AllowLayoutPageOverrides = $true;
$cacheSettings.EnableDebuggingOutput = $true;

SharePoint 2010: Output Search Query Results Using PowerShell into .csv file

January 21, 2015 Leave a comment

I recently had to perform a massive search query for specific terms (key words) in my SharePoint 2010 environment, and provide a .csv file for all returned results.  The easiest way for me to do this was by utilizing the power of PowerShell.  So instead of having to manually execute separate Search queries within SharePoint Search I executed this script, which outputs the search results in an easy to read formatted .csv file.

#Setup a keyword query object
$site = New-Object Microsoft.SharePoint.SPSite http://portal
$kq = New-Object Microsoft.Office.Server.Query.KeywordQuery $site

#Set some query properties
$kq.ResultTypes = [Microsoft.Office.Server.Search.Query.ResultType]::RelevantResults
$kq.RowlLimit = 10000
$kq.QueryText = “TERM OR KEYWORDS TO QUERY”

#issue the query
$resultTableCollection = $kq.Exectute()

#Get the result Table
$relResultTable = $resultTableCollection.Item([Microsoft.Office.Server.Search.Query.ResultType]::RelevantResults)
$relDataTable = $relResultTable

#Output the results to .csv file
$relDataTable.Rows | select-object Path, Title, Description, Write, HitHighligedSummary | Export-Csv “c:\temp\searchresults.csv” -NoTypeInformation

The .csv file will provide the Path, Title, Description, Date Modified, and Highlighted Summary of the search results.

Hope this helps others that might need to do a similar search against their SP environment.

SharePoint 2010: Get List of All Web Applicatons/Site Collections/Sub-Sites/Permissions and Last Modified using PowerShell

November 12, 2014 3 comments

#GET ALL WEB APPLICATIONS IN THE FARM
$webApp = Get-WebApplication

#FOREACH LOOP, LOOPING THROUGH ALL WEB APPLICATIONS IN THE FARM
foreach ($webApps in $webApp)
{

#WRITE-HOST WEB APPLICATION NAME
write-host “WEBAPP:” $webApps.Name

#FOREACH LOOP, LOOPING THROUGH ALL SITE COLLECTIONS WITHIN WEB APPLICATION
foreach ($site in $webApps.Sites)
{

#WRITE-HOST SITE COLLECTION URL
write-host “SITE: ” $site.URL

#FOREACH LOOP, LOOPING THROUGH ALL SITE COLLECTION ADMINISTRATORS
foreach ($siteAdmin in $site.RootWeb.SiteAdministrators)
{
#WRITE-HOST SITE COLLECTION ADMINS
write-host -foregroundcolor green “SITE COLLECTION ADMINS – $($siteAdmin.DisplayName)”
}

#FOREACH LOOP, LOOPING THROUGH ALL SUB-SITES IN SITE COLLECTION
foreach ($webs in $site.AllWebs)
{
#WRITE-HOST SUB-SITE NAME
write-host “SUB-SITE NAME:” $webs.Name
#WRITE-HOST SUB-SITES URL
write-host “SUB-SITES URL:” $webs.URL

#FOREACH LOOP, LOOPING THROUGH ALL ROLE ASSIGNMENTS IN THE WEB ROLE ASSIGNMENTS
foreach ($roleAssignment in $webs.RoleAssignments)
{
#FOREACH LOOP, LOOPING THROUGH ALL ROLE DEFINITIONS IN ROLE ASSIGMENT ROLE DEFINITIONS
foreach ($roleDefinition in $roleAssignment.RoleDefinitionBindings)
{
#IF STATEMENT (IF ROLE DEFINITION EQUALS FULL CONTROL)
if ($roleDefinition.Name -eq “Full Control”)
{
#WRITE-HOST PERMISSION LEVEL AND PERMISSION NAME
write-host -foregroundcolor red “Permission Level: ” $roleDefinition.Name “| Permission Name: “$roleAssignment.Member.Name
}
}
}

#FOREACH LOOP, LOOPING THROUGH ALL LISTS IN THE WEB
foreach ($list in $webs.Lists)
{
#WRITE-HOST LIST NAME AND LAST MODIFIED DATE
write-host “LIST NAME: ” $list.Title “| LAST MODIFIED DATE: ” $list.LastItemModifiedDate
}
}
}
}
}

SharePoint 2010 “Sharepoint Designer encountered an error generating the task form. Server was unable to process request. —> Activation could not be completed because the InfoPath Forms Services support feature is not present.”

June 20, 2014 Leave a comment

Ran into the below error recently when trying to publish a SharePoint 2010 Workflow from within SPD 2010.  With me being able to publish workflows before I knew this had nothing to do with the InfoPath Form Services or the SharePoint Server Enterprise Site Collection features.  If you run into this error, please check these services first.  If both are activated then proceed to the steps below to fix this issue.

“Sharepoint Designer encountered an error generating the task form.

Server was unable to process request. —> Activation could not be completed because the InfoPath Forms Services support feature is not present.”

This error will sometimes pop up due to problems with a hidden InfoPath feature IPFSSiteFeatures.  This feature can only be deactivated/activated using powershell.

To fix the above error.

1.  Log into your Central Admin Server with Farm Admin Credentials
2.  Bring up SharePoint 2010 Management Shell with Admin rights
3.  Type:

Disable-SPFeature “IPFSSiteFeatures” -url http://portal

4.  Say yes when prompted if you are sure you want to deactivate
5.  Next Type:

Enable-SPFeature “IPFSSiteFeatures” -url http://portal

6.  Once enabled try to publish your workflow again via SPD, this time it should complete with success.

 

Get SharePoint 2010 Site Collections Last Modified Date using PowerShell

April 9, 2014 9 comments

I was recently asked if I could provide a script that will list all site collections withing a web application that had not been accessed within a given amount of days so that the Site Administrators can decommission them due to non use.   Since there is no easy way to determine who has actually “visited” these sites without digging through audit logs or IIS logs, or possibly writing some custom code, the next best thing to do is to check when the site was last modified.  The assumption here is if a site was created on a specific date, but nothing has changed on the site (added documents, document/library creations, etc) since a given amount of time the site is probably “stale” and no longer in use.

The below PS script basically loops through all Site Collections / Sub-Sites of a Web Application and determines when it was last modified based off a given date, and spits out a report.

——————————————————————————————————————————————

$webApp = Get-SPWebApplication “URL OF WEB APPLICATION”
$daysInActive = Read-Host “Enter in number of days to check since last modified”
$date = (Get-Date).AddDays(-$daysInActive).ToString(“MM/dd/yyyy”)

Foreach ($web in $webApp | Get-SPSite -Limit All | Get-SPWeb -Limit All)
{

if ($web.LastItemModifiedDate -le $date)
{

Write-Host $web.Url
Write-Host $web.LastItemModifiedDate

$web.Url + ” | ” + “Last Modified Date: ” + $web.LastItemModifiedDate >> LastModified.txt

}

}

——————————————————————————————————————————————

UPDATE:

The following updated script generates a cvs file, and emails specific individuals who need to be notified of “InActive” Site Collections/Sites

——————————————————————————————————————————————

#Get Web Application
$webApp = Get-SPWebApplication “URL OF WEB APPLICATION”

#Get Today’s Date
$today = Get-Date

#Set EmailSentDate
$EmailSentDate = $today.ToString(“MM-dd-yyyy”)

#Create csv Log Name and Location
$csvLog = “c:\temp\lastModified_” + $EmailSentDate + “.csv”

#Set Count to 0
$count = 0

#CREATE .CVS Column Headers
“siteTitle `t” + “siteURL `t” + “siteOwners `t” + “lastModifiedDate” >> $csvLog

#GET NUMBER DAYS OF INACTIVE FROM USER
$daysInActive = Read-Host “Enter in number of days to check since last modified”
$date = (Get-Date).AddDays(-$daysInActive).ToString(“MM/dd/yyyy”)

#LOOP THROUGH ALL SITE COLLECTIONS AND SUB-SITES IN A WEB APPLICATION
Foreach ($web in $webApp | Get-SPSite -Limit All | Get-SPWeb -Limit All)
{
if ($web.LastItemModifiedDate -le $date)
{

#SET $siteOwner VARIABLE TO EMPTY
$siteOwner = “”
#SET COUNT TO
$count = 0

#LOOP THROUGH SITE OWNERS
foreach ($siteAdmin in $web.SiteAdministrators)
{

$count = $count + 1

#IF MORE THAN 1 SITE OWNER, PUT OWNERS ON ONE LINE SEPERATED WITH A COMMA
if ($count -gt 1)
{
$siteOwner = $siteAdmin.LoginName + “, ” + $siteOwner
}
#IF ONLY ONE SITE OWNER
else
{
$siteOwner = $siteAdmin.LoginName
}
}
#WRITE TO .CSV FILE
$web.Title + “`t” + $web.URL + “`t” + $siteOwner + “`t” + $web.LastItemModifiedDate >> $csvLog
}
}

#SEND EMAIL NOTIFICATION
$att1 = New-Object Net.Mail.Attachment($csvLog)
$email = New-Object System.Net.Mail.MailMessage
$email.From = “FROM EMAIL ADDRESS”
$email.To.Add(“TO EMAIL ADDRESS”)
$email.Subject = “SharePoint Sites With Inactivity – ” + $daysInActive
$email.Body = “The Following SharePoint sites have not been visited in the past, $daysInActive days.  Please notify the Site Owners of these sites to decommission”
$email.Attachments.Add($att1)
$smtpServer = “SMTP SERVER NAME or IP ADDRESS”
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($email)

—————————————————————————————————————————————————————————