登录  |  注册
当前位置:网站首页 > 更多 > 玩电脑 > 正文

[玩转系统] SharePoint Online:查找网站集中的所有 Active Directory 安全组

作者:精品下载站 日期:2024-12-14 21:12:46 浏览:13 分类:玩电脑

SharePoint Online:查找网站集中的所有 Active Directory 安全组

要求:获取 SharePoint Online 网站中的所有 AD 安全组。

使用 PowerShell 查找 SharePoint Online 中的所有 AD 组:

在许多组织中,Active Directory 组用于管理 SharePoint Online 网站和内容的访问和权限。通常,新组是根据需要创建的,而旧组可能不会被使用甚至被遗忘。因此,您可能需要查找 SharePoint Online 租户中的所有 AD 组并确定其成员身份以进行故障排除或审核。幸运的是,使用 PowerShell 可以轻松完成此任务。本博文将向您展示如何使用 PowerShell 查找 SharePoint Online 租户中的所有 AD 组。

以下是用于从 SharePoint Online 网站集中获取所有 Active Directory 域组的 PowerShell:


#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
   
#Set Variables for Site URL
$SiteURL= "https://crescent.sharepoint.com/sites/marketing/"
$ADGroupCollection= @()
 
#Setup Credentials to connect
$Cred = Get-Credential
 
Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
 
    #Get all Users
    $Users=$Ctx.Web.SiteUsers
    $Ctx.Load($Users)
    $Ctx.ExecuteQuery()
 
    #Filter AD Groups from Users collection
    $ADGroups  = $Users | Where {$_.PrincipalType -eq "SecurityGroup"}

    #Get Each AD Group details
    Foreach($Group in $ADGroups)
    {
        #Get SharePoint Groups of the AD Group
        $Ctx.Load($Group.Groups)
        $Ctx.ExecuteQuery()
        $GroupNames = $Group.Groups | Select -ExpandProperty Title

        #Getting the members
        $ADGroup = new-object psobject
        $ADGroup | add-member noteproperty -name "AD Group Name" -value $Group.Title
        $ADGroup | add-member noteproperty -name "SP Group Membership" -value ($GroupNames -join "; ")
        #Add to Array
        $ADGroupCollection+=$ADGroup 
    }
    #Get the results
    $ADGroupCollection
}
Catch {
    write-host -f Red "Error getting AD Groups:" $_.Exception.Message
}

使用 SharePoint Online Management Shell 获取网站集中的 AD 组:

这次,让我们借助 SharePoint Online 管理 shell 来检索 AD 安全组。


#Set Config Variables
$AdminCenterURL = "https://crescent-admin.sharepoint.com"
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ADGroupCollection= @()

#Connect to SharePoint Online
Connect-SPOService -URL $AdminCenterURL

#Get All AD Security Groups from the site collection
$ADGroups = Get-SPOUser -Site $SiteUrl -Limit All | Where { $_.IsGroup -and $_.DisplayName -ne "Everyone" -and $_.DisplayName -ne "Everyone except external users" }
 
#Iterate through each AD Group
Foreach($Group in $ADGroups)
{
        #Send Data to an object array
        $ADGroup = new-object psobject
        $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName
        $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($Group.Groups -join ",")
        #Add to Array
        $ADGroupCollection+=$ADGroup          
}
#Get the Data
$ADGroupCollection

在执行脚本之前,请确保您的客户端计算机中已安装 SharePoint Online Management Shell。

使用 PowerShell 导出所有网站集的 Active Directory 组:

现在,我们稍微修改一下上面的脚本,从租户中的所有网站集中提取 AD 组并将其导出到 CSV 报告。


#Set Config Variables
$AdminCenterURL = "https://crescent-admin.sharepoint.com"
$ADGroupCollection= @()
$ReportPath ="C:\Temp\ADGroups.csv"

#Connect to SharePoint Online
Connect-SPOService -URL $AdminCenterURL

#Get All Site Collections from the tenant
$Sites  = Get-SPOSite -Limit ALL

#Iterate through each site collection
ForEach($Site in $Sites)
{
    Write-host "Processing Site Collection:"$Site.URL -f Yellow

    #Get All AD Groups / Office 365 Groups from the site collection
    $ADGroups = Get-SPOUser -Site $Site.Url -Limit All | Where { $_.IsGroup -and $_.DisplayName -Notin ("Everyone","Everyone except external users", "Company Administrator", "SharePoint Service Administrator","All Users `(windows`)") }
 
    #Iterate through each AD Group
    Foreach($Group in $ADGroups)
    {
            #Send Data to an object array
            $ADGroup = new-object psobject
            $ADGroup | add-member noteproperty -name "Site Name" -value $Site.Title
            $ADGroup | add-member noteproperty -name "URL" -value $Site.URL
            $ADGroup | add-member noteproperty -name "Group Name" -value $Group.DisplayName
            $ADGroup | add-member noteproperty -name "SharePoint Groups" -value ($Group.Groups -join ",")
            #Add to Array
            $ADGroupCollection+=$ADGroup          
    }
}
#Export Data to CSV
$ADGroupCollection
$ADGroupCollection | export-csv $ReportPath -notypeinformation
Write-host "SharePoint Online Domain Groups data exported to a CSV file at:"$ReportPath -ForegroundColor Cyan

确保您拥有所有网站集的权限;否则,您可能会收到:“访问被拒绝。您无权执行此操作或访问此资源。”错误!

[玩转系统] SharePoint Online:查找网站集中的所有 Active Directory 安全组

我可以在所有网站上搜索特定的 AD 组吗?当然,只需将第 18 行更改为:


$ADGroups = Get-SPOUser -Site $Site.Url -Limit All | Where { $_.IsGroup -and $_.DisplayName -ne "Everyone" -and $_.DisplayName -ne "Everyone except external users" -and $_.DisplayName -like '*ADSecurityGroupName*' }

PnP PowerShell 用于查找 SharePoint Online 中的所有 Active Directory 组和 Office 365 组

以下是用于提取所有 AD 组(包括 SharePoint Online 网站中的 Office 365 组)的 PnP PowerShell 脚本版本。


#Parameters
$AdminCenterUrl = "https://Crescent-admin.sharepoint.com"
$CSVPath = 'c:\Temp\ADGroupsInSPO.csv'

#Connect to SharePoint admin center
Connect-PnPOnline -Url $AdminCenterUrl -Interactive

#Get all SharePoint sites
$Sites = Get-PnPTenantSite
$Report = @()

#Loop through each site
ForEach ($Site in $Sites)
{
    Try {
        Write-host "Processing Site:"$Site.URL -f Yellow
        Connect-PnPOnline -Url $Site.Url -Interactive
        $ADGroups = Get-PnPUser | Where { $_.PrincipalType -eq "SecurityGroup" -and $_.Title -Notin ("Everyone","Everyone except external users", "Company Administrator", "SharePoint Service Administrator","All Users `(windows`)") }

        ForEach ($Group in $ADGroups)
        {
            $Report += New-Object Pscustomobject -Property @{
            SiteURL = $Site.URL
            GroupName = $Group.Title
            LoginName = $Group.LoginName
            GroupEmail = $Group.Email
            }
        }        
    }
    Catch {
        continue;
   }
}

$Report
 
#Generate a CSV file from the data
$Report | Export-Csv $CSVPath -NoTypeInformation

总之,通过使用 PowerShell 脚本,管理员可以找到与 SharePoint Online 网站集关联的所有 Active Directory 安全组。此信息可用于审核目的、撤销一组用户的访问权限或用于其他管理任务。对于想要维护 SharePoint 环境的安全性和完整性的管理员来说,查找 SharePoint Online 网站集中的所有 Active Directory 安全组是一个重要的工具。

猜你还喜欢

您需要 登录账户 后才能发表评论

取消回复欢迎 发表评论:

精品推荐!
欢迎 访客 登录没有账号?
  • 最新文章
  • 热门文章
  • 热评文章
最新评论
    热门tag
    友情链接

    关灯