Function CopySecurityGroupsToTarget([String]$WebDomain,[String]$SiteURL,[String]$SiteTitle, [String]$dstURL,[String]$ReportOutput, $Credentials, $SPOCredentials)
{
Try{
$Timestamp = GetTimeStamp
$ReportOutputFilePath = $ReportOutput + '\' + $SiteTitle +'_CopiedSecurityGroups ' + $Timestamp + '.xlsx'
Write-Host "Checking for file - " $ReportOutputFilePath -ForegroundColor Yellow
if (Test-Path $ReportOutputFilePath)
{
Write-Host "Permissions Report already exists - " $FilePath -ForegroundColor Yellow
}else{
$global:sitePermissionsSheetRow = 2
$global:listPermissionsSheetRow = 2
$global:itemPermissionsSheetRow = 2
$global:GroupMembersSheetRow = 2
$src_ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$src_ctx.Credentials = $credentials;
Write-host "Connecting to destination site $dstURL" -ForegroundColor DarkYellow
Connect-PnPOnline -url $dstURL -Credentials $SPOcredentials
Write-host "Conneced to destination site $dstURL" -ForegroundColor Green
$SPOweb = Get-PnPWeb -Includes RoleAssignments
$dst_ctx= Get-PnPContext
$Web = $src_ctx.Web
$src_ctx.Load($Web)
$src_ctx.ExecuteQuery()
$src_ctx.Load($web.RoleAssignments)
$src_ctx.ExecuteQuery();
#Get all Groups
$Groups=$src_Ctx.Web.SiteGroups
$src_Ctx.Load($Groups)
$src_Ctx.ExecuteQuery()
foreach ($roleAssignment in $web.RoleAssignments)
{
$src_ctx.Load($roleAssignment.Member)
$src_ctx.Load($roleAssignment.RoleDefinitionBindings)
$src_ctx.ExecuteQuery();
$src_member = $roleAssignment.Member;
$rdb = $roleAssignment.RoleDefinitionBindings
$rolesText = ''
foreach ($role in $rdb)
{
$rolesText = $rolesText + ',' + $role.Name
}
if ($rolesText.StartsWith(','))
{
$rolesText = $rolesText.Substring(1);
}
if($src_member.PrincipalType -eq "SharePointGroup" -and (-not($rolesText -eq "Limited Access")))
{
try
{
$SPOgroup = Get-PNPGroup -Identity $src_member.Title
}catch
{
write-host "Group does not exists"
}
If($SPOGroup)
{
foreach($role in $SPOweb.RoleAssignments)
{
$dst_ctx.Load($role.RoleDefinitionBindings)
$dst_ctx.Load($role.Member)
$dst_ctx.ExecuteQuery()
$dst_member = $role.Member
if($SPOgroup.Title -eq $member)
{
$dst_Member = $member.title + " | " + $role.RoleDefinitionBindings.name;
write-host $src_Member "|" $dst_Member
}
}
}
}
}
#Get Each member from the Group
Foreach($Group in $Groupsrole)
{
Write-Host "--- $($Group.Title) --- "
#Getting the members
$SiteUsers=$Group.Users
$Ctx.Load($SiteUsers)
$Ctx.ExecuteQuery()
Foreach($User in $SiteUsers)
{
Write-Host "$($User.Title), $($User.Email), $($User.LoginName)"
}
}
$rootWeb = $ctx.Web
$ctx.Load($rootWeb)
$ctx.ExecuteQuery()
$SiteTitle = $rootWeb.Title
#Create Output Workbook
$excel = New-Object -comobject Excel.Application
$workbook = $excel.Workbooks.Add()
$sitePermissionsSheet = $workbook.Worksheets.Item(1);
$listPermissionsSheet = $workbook.Worksheets.Add()
$itemPermissionsSheet = $workbook.Worksheets.Add()
$groupMembersSheet = $workbook.Worksheets.Add()
ContructWorksheets -sitePermissionsSheet $sitePermissionsSheet -listPermissionsSheet $listPermissionsSheet -itemPermissionsSheet $itemPermissionsSheet -groupMembersSheet $groupMembersSheet
GetPermissionsForWeb -web $ctx.Web -ctx $ctx -sitePermissionsSheet $sitePermissionsSheet -listPermissionsSheet $listPermissionsSheet -itemPermissionsSheet $itemPermissionsSheet
GetGroupMembers -web $ctx.Web -ctx $ctx -memberSheet $groupMembersSheet -credentials $psCreds
$excel.Visible = $true
Add-Type -AssemblyName Microsoft.Office.Interop.Excel
$xlFixedFormat = [Microsoft.Office.Interop.Excel.XlFileFormat]::xlWorkbookDefault
#Delete the Output Report, if exists
write-host 'Saving to' $ReportOutputFilePath -ForegroundColor Green
$excel.ActiveWorkbook.SaveAs($ReportOutputFilePath, $xlFixedFormat)
$excel.Workbooks.Close();
$excel.Quit()
return $ReportOutputFilePath
}#if
}
Catch {
write-host -f Red "Error Generating permissions audit Report!" $_.Exception.Message
}
}