Tue. Jan 4th, 2022
Function CopySecurityGroupsToTarget([String]$WebDomain,[String]$SiteURL,[String]$SiteTitle, [String]$dstURL,[String]$ReportOutput, $Credentials, $SPOCredentials)
{

    Try{
    $Timestamp = GetTimeStamp
    $ReportOutputFilePath = $ReportOutput + '\' + $SiteTitle +'_CopiedSecurityGroups ' + $Timestamp + '.xlsx'
    Write-Host "Checking for file - " $ReportOutputFilePath -ForegroundColor Yellow
    if (Test-Path $ReportOutputFilePath) 
    {
         Write-Host "Permissions Report already exists - " $FilePath -ForegroundColor Yellow
    }else{

    $global:sitePermissionsSheetRow = 2
    $global:listPermissionsSheetRow = 2
    $global:itemPermissionsSheetRow = 2
    $global:GroupMembersSheetRow = 2

    $src_ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $src_ctx.Credentials = $credentials;

    Write-host "Connecting to destination site $dstURL" -ForegroundColor DarkYellow
    Connect-PnPOnline -url $dstURL -Credentials $SPOcredentials
    Write-host "Conneced to destination site $dstURL" -ForegroundColor Green
    
    $SPOweb = Get-PnPWeb -Includes RoleAssignments
    $dst_ctx= Get-PnPContext
    
    $Web = $src_ctx.Web
    $src_ctx.Load($Web)
    $src_ctx.ExecuteQuery()
    $src_ctx.Load($web.RoleAssignments)
    $src_ctx.ExecuteQuery();
    #Get all Groups
    $Groups=$src_Ctx.Web.SiteGroups
    $src_Ctx.Load($Groups)
    $src_Ctx.ExecuteQuery()

    foreach ($roleAssignment in $web.RoleAssignments)
    {
        $src_ctx.Load($roleAssignment.Member)
        $src_ctx.Load($roleAssignment.RoleDefinitionBindings)
        $src_ctx.ExecuteQuery();

        $src_member = $roleAssignment.Member;
        $rdb = $roleAssignment.RoleDefinitionBindings
        $rolesText = ''
         
        foreach ($role in $rdb)
        {
            $rolesText = $rolesText + ',' + $role.Name
        }

        if ($rolesText.StartsWith(','))
        {
            $rolesText = $rolesText.Substring(1);
        }
        if($src_member.PrincipalType -eq "SharePointGroup" -and (-not($rolesText -eq "Limited Access")))
        {
            try
            {
                $SPOgroup = Get-PNPGroup -Identity $src_member.Title
            }catch
            {
                write-host "Group does not exists"
            }
         
            If($SPOGroup)
            {
                foreach($role in $SPOweb.RoleAssignments)
                {
                    $dst_ctx.Load($role.RoleDefinitionBindings)
                    $dst_ctx.Load($role.Member)
                    $dst_ctx.ExecuteQuery()
                    $dst_member = $role.Member
                    if($SPOgroup.Title -eq $member)
                    {
                        $dst_Member = $member.title + " | " + $role.RoleDefinitionBindings.name;
                        write-host $src_Member "|" $dst_Member
                    }
                }
            }

        }
    }

    #Get Each member from the Group
    Foreach($Group in $Groupsrole)
    {
        Write-Host "--- $($Group.Title) --- "
 
        #Getting the members
        $SiteUsers=$Group.Users
        $Ctx.Load($SiteUsers)
        $Ctx.ExecuteQuery()
        Foreach($User in $SiteUsers)
        {
            Write-Host "$($User.Title), $($User.Email), $($User.LoginName)"
        }
    }

    $rootWeb = $ctx.Web
    $ctx.Load($rootWeb)
    $ctx.ExecuteQuery()
    $SiteTitle = $rootWeb.Title

    #Create Output Workbook
    $excel = New-Object -comobject Excel.Application
    $workbook = $excel.Workbooks.Add()
    $sitePermissionsSheet = $workbook.Worksheets.Item(1);
    $listPermissionsSheet = $workbook.Worksheets.Add()
    $itemPermissionsSheet = $workbook.Worksheets.Add()
    $groupMembersSheet = $workbook.Worksheets.Add()

    ContructWorksheets -sitePermissionsSheet $sitePermissionsSheet -listPermissionsSheet $listPermissionsSheet -itemPermissionsSheet $itemPermissionsSheet -groupMembersSheet $groupMembersSheet
    GetPermissionsForWeb -web $ctx.Web -ctx $ctx -sitePermissionsSheet $sitePermissionsSheet -listPermissionsSheet $listPermissionsSheet -itemPermissionsSheet $itemPermissionsSheet
    GetGroupMembers -web $ctx.Web -ctx $ctx -memberSheet $groupMembersSheet -credentials $psCreds

    
        $excel.Visible = $true
        Add-Type -AssemblyName Microsoft.Office.Interop.Excel
        $xlFixedFormat = [Microsoft.Office.Interop.Excel.XlFileFormat]::xlWorkbookDefault
        
        #Delete the Output Report, if exists
        write-host 'Saving to' $ReportOutputFilePath -ForegroundColor Green

        $excel.ActiveWorkbook.SaveAs($ReportOutputFilePath, $xlFixedFormat)
        $excel.Workbooks.Close();
        $excel.Quit()
        
        return $ReportOutputFilePath     
    }#if
    }
    Catch {
        write-host -f Red "Error Generating permissions audit Report!" $_.Exception.Message
    }
}

This website uses cookies. By continuing to use this site, you accept our use of cookies.