Tuesday, May 22, 2012

Find a users in SharePoint groups with PowerShell

I've been spending some time investigating the Get-SPUser and Set-SPUser commandlets.  I'll be the first to say that SharePoint 2010 and Powershell is a GREAT way to manage a SharePoint Farm. 

The Problem

I was trying to figure out a simple way to get "Setup Like" information for an existing user, so that we could grant permissions for new users.

It would turn out that this is a pretty simple task. 

get-spuser -identity contoso\bgates -web http://contoso/sites/sitecollection | select groups

{Contoso Owners}

Turns out, contoso\bgates is in the "Contoso Owners" Group (didn't see that one coming).  Well since contoso\sbalmer needs to be setup like contoso\bgates we need to run another line of PowerShell

set-spuser -identity contoso\sbalmer -web http://contoso/sites/sitecollection -group 'Contoso Owner'

Thursday, May 17, 2012

Update Site collection user without the User Profile Service

Updating Site Collection Users - Without a User Profile Service

Recently I ran into users, who were added to a Site Collection, but found they had incorrect information in Active Directory at the time of addition.  Active Directory had been updated since, but the Site Collection User had not been.

Problem - Update a Site Collection User that had incorrect information, listed in Active Directory, when added to the Site Collection.

It was a simple mistake where a Display Name had been was listed incorrectly. 

The Script

Here is an extremely complex PowerShell command to fix this issue:

Set-SPUser -Identity 'contoso\sbalmer' -DisplayName 'Balmer, Steve' -Web http://contoso/sites/sitecollection

The basics of this line of extremely complex powershell is broken down to the following:

Commandlet - Set-SPUser
Identity - 'Domain\UserName'
DisplayName 'LastName, FirstName'
Web - The site collection where the user needs to be updated.

The Next Question

This made me ask another question:  How do we refresh all attributes from Active Directory for a User? 

I found this to be even more complex than the first line of PowerShell from above. 

Set-SPUser -Identity 'contoso\sbalmer' -SyncFromAd -Web http://contoso/sites/sitecollection

This will simply update the user from Active Directory, for the listed site collection. 

This will also resolve the issue if a user has the same Domain Account ID as a former employee.  This is probably rare, unless the site was migrated from previous environments from years past.