berrydunn.com | GAIN CONTROL

USING POWERSHELL TO IMPROVE SHAREPOINT MANAGEMENT

SharePoint Saturday Boston

June 13, 2015

Mitch Darrow, Senior Consultant

2

• Public accounting and management/IT consulting firm

• Founded in 1974, the firm now has over 250 personnel and 36 principals

• $50 million in annual revenue

• For the last four years, BerryDunn was designated as an INSIDE Public Accounting (IPA) “Top 100 Firm,” and was also named as a “Fastest-Growing” firm.

• Named “Best CPA Firm for Women” by the American Society of Women Accountants and the American Woman’s Society of Certified Public Accountants.

BerryDunn Overview

Legend

Office Locations

Satellite Office Locations

3

INDEPENDENCE AND OBJECTIVITY

We do not sell or develop hardware or software.

We do not partner with software developers or solution providers.

Independence allows our team to provide objective IT consulting services and to offer recommendations that

represent only the client’s best interests.

4

MITCH DARROWSENIOR CONSULTANTGOVERNMENT CONSULTING GROUP

Over 25 years of IT experience in global manufacturing companies.

Specializing in:• Windows Architecture• Security Best Practices• Databases• SharePoint• Exchange• Programming ( C#, PowerShell)

Representative clients• Colorado DHS• Washington State Auditors Office• West Virginia Bureau of Medical Services

5

MITCH DARROWAbout meHusband and father of three

Live in the Portland, Maine area

Avid Kayaker, hopefully soon to be a

Maine guide

Bike commuter

Volunteer

IT Geek

6

GAP YEARADVOCATE

All three of my kids have had an adventure before starting University. Ask me about it after the presentation, if you are interested!

7

WHAT ARE THE CHALLENGES?

Important information is everywhere• Central Administration• Site Collection• Sites• SQL Management Studio

How do we get the information into the hands of those who need it?HelpdeskIT On CallManagersBusiness Users

8

POWERSHELL CAN HELP!

Read information from almost anywhere in SharePoint

Read information from SQL Server

Read data from Active Directory

Write all this data into a SharePoint Site

Create Ops dashboard

Management dashboard

All using the same toolkit!

9

SOME PREREQUISITES

User context running the script needs permissions:

Add-SPShellAdmin

Adds user to:

• SharePoint_Shell_Access Role

• WSS_ADMIN_WPG group on the local computer

Add-SPShellAdmin -UserName CONTOSO\User1 -database 4251d855-3c15-4501-8dd1-98f960359fa6

Additional information:

https://technet.microsoft.com/en-us/library/ff607596.aspx

10

BEFORE WE BEGIN

Please don’t develop and/or test in Production!

If you don’t understand what a script is doing, you probably shouldn’t be running it!

PowerShell allows you to structure logic in dramatically different ways. All are correct, but they are not all equal.

Don’t assume that one structure is better than another. If performance is important, measure it with measure-command{}.

Error handling (Try/Catch) is always a best practice. I acknowledge this is absent from my sample code.

11

THE BASICS:

Add the snap in to PowerShell

Add-PSSnapIn Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

Create an array of all the web application objects:

$webApps = Get-SPWebApplication http://intranet.contoso.com

foreach($webApp in $webApps) {

}

12

THE BASICS CONTINUED:

Looping through all the site collections in the web application:

foreach($site in $webApp.Sites){

}

Looping through all of the sites in each site collection:

foreach($web in $site.AllWebs) {

}

13

SO, WHAT KINDS OF INFORMATION CAN WE COLLECT?

Inventory the names and URLs of all sites in the farm

Inventory Crawl information for the farm

Last status & Duration

Number of items crawled

Get all Role Assignments and Permission levels

Expand SharePoint groups

Expand AD groups

14

SO, WHAT KINDS OF INFORMATION CAN WE COLLECT?

Get content database associated with site collection

database growth settings

database sizes

backup mode

full/differential/log backup statuses

Inventory list versioning settings

Site size

Site last updated

15

USERS AND PERMISSIONS OVERVIEW

SharePoint Site Permissions can be messy

Role Assignments can be

SharePoint Groups

AD Groups

User Objects

SharePoint Groups can contain users or AD groups

AD groups can contain users and other groups

16

USERS AND PERMISSIONS

Check if the site has unique permissions of inherits:

if($web.HasUniqueRoleAssignments -eq $false) { }

If permissions are unique:

foreach($assignment in $web.RoleAssignments){ }

Check if the member string is empty or not:

if(-not [string]::IsNullOrEmpty($assignment.Member.Xml)) { }

Check if the xml starts with a group tag:

if($assignment.Member.XML.StartsWith('<Group') -eq "True") { }

17

USERS AND PERMISSIONS 2

Check if the xml starts with a group tag:

if($assignment.Member.XML.StartsWith('<Group') -eq "True") { }

Get the members of the SharePoint group:

foreach($SPGroupMember in $assignment.Member.Users) { }

Check to see if the IsDomainGroup property for the member is true:

if($SPGroupMember.IsDomainGroup) { }

18

WRITING DATA TO SHAREPOINT

#Get the SPWeb object and save it to a variable

$web = Get-SPWeb $webURL

#Get the List object to retrieve the "Demo List"

$list = $web.Lists[$listName]

#Create a new item

$newItem = $list.Items.Add()

19

WRITING DATA TO SHAREPOINT 2

Add data to this list item

$newItem["SiteURL"] = $SiteURL

$newItem["InheritsPerms"] = $InheritsPerms

$newItem["SPGroup"] = $SPGroup

$newItem["ADGroup"] = $ADGroup

$newItem["ADUserGroupMembers"] = $ADUserGroupMembers

$newItem["PermLevel"] = $PermLevel

$newItem["ADUser"] = $ADuser

Update the object so it gets saved to the list

$newItem.Update()

20

LETS LOOK AT THE SCRIPT

SP_SiteandLibraryInventoryTemplate.ps1

Basic script that will iterate through all sites, just add actions.

SP_SiteandLibrarySecurityInventory.ps1

This script will also catalog any Library that has unique permission assignments

Utilizes the constructions highlighted

This is one way to structure the code, there are others.

21

THE RESULTS

22

SITE MAP

We can easily get these data points for every site:

• Site Name via the Name property

• URL

• Parent Site Collection

This is not very useful in an environment where you have a lot of project sites.

23

SITE MAP 2

We add a list and populate it with data at creation:

• Project Sponsor

• Project Manager

• Client

• Executive Summary

Combining this data using powershell into a single list creates a dynamic and functional site map that the helpdesk, management and employees can leverage.

This may not fit all use cases.

24

A DIFFERENT USE CASE

Find where a particular lives on web part on pages in your site

Maybe it is one of the “Fab 40”, maybe just a feature that you think may no longer be needed.• Use the structure to iterate through all your sites

• Look for ASPX pages

• Read the data into an object (check textstream)

• Check for the web part GUID

• Write information to a custom object for any site and page that has the web part.

25

VERSIONING SETTINGS

Function GetVersioningSettings{

foreach ($web in (Get-SPSite -Limit All | Get-SPWeb -Limit All)){

foreach ($list in ($web.Lists | ? {$_ -is [Microsoft.SharePoint.SPDocumentLibrary]})){

$Moderation = $list.EnableModeration

$VersioningEnabled= $list.EnableVersioning

$MajorVersionEnabled = $list.EnableMinorVersions

$MajorMinorVersionLimit = $list.MajorWithMinorVersionsLimit

$MajorVersionLimit = $list.MajorVersionLimit

$RequireCheckout = $list.ForceCheckout

$DraftVisibility = $list.DraftVersionVisibility

} #end for each list

$web.Dispose();

} #end for each web

} #end function

26

SITE SIZE

[long]$WebSize = BD-CalculateFolderSize($Web.RootFolder)

foreach($RecycleBinItem in $Web.RecycleBin){

$WebSize += $RecycleBinItem.Size

}

$Size = [Math]::Round($WebSize/1MB, 2)

27

SITE SIZE 2

Function BD-CalculateFolderSize($Folder){

[long]$FolderSize = 0

foreach ($File in $Folder.Files){

#Get File Size

$FolderSize += $file.TotalLength;

#Get the Versions Size

foreach ($FileVersion in $File.Versions){

$FolderSize += $FileVersion.Size

}#end foreach version

}#end foreach file

foreach ($SubFolder in $Folder.SubFolders){

$FolderSize += CalculateFolderSize $SubFolder

}#end foreach subfolder

return $FolderSize

} #end function

28

CONTENT DATABASES

Identify the content databases for a web application:

$ContentDatabases = $webapp.ContentDatabases

Connect to SQL server:

$srv = new-object ('Microsoft.SqlServer.Management.Smo.Server')

$dbinfo = $srv.databases

$selectfields = @("DatabaseName","Parent","CreateDate","dboLogin","CompatibilityLevel","EncryptionEnabled","IsAccessible","ID","Owner","RecoveryModel","LastBackupDate","LastDifferentialBackupDate","LastLogBackupDate", "Status", "PrimaryFilePath")

29

CONTENT DATABASES 2

$props = New-Object -TypeName PSCustomObject -Property @{

DatabaseName = $db.Name

Parent = $db.Parent

CreateDate = $db.CreateDate

dboLogin = $db.dboLogin

CompatibilityLevel = $db.CompatibilityLevel

EncryptionEnabled = $db.EncryptionEnabled

ID = $db.ID

Owner = $db.Owner

RecoveryModel = $db.RecoveryModel

LastBackupDate = $db.LastBackupDate

LastDifferentialBackupDate = $db.LastDifferentialBackupDate

LastLogBackupDate = $db.LastLogBackupDate

} | Select-Object $selectfields

$log += $props

} # end foreach db

30

CRAWL INFORMATION

$sources = Get-SPEnterpriseSearchServiceApplication | Get-SPEnterpriseSearchCrawlContentSource

$array = @()

$obj = $null

Foreach($i in $sources) {

if($i.fullcrawlschedule) {

$obj = new-object Psobject -prop @{

Source = $i.Name

Status = $i.crawlstatus

Started = $i.crawlstarted

Completed = $i.crawlcompleted

Schedule = ($i | select -expand fullcrawlschedule).description

}

$array += $obj

}

31

WHAT IS NEXT

Load Data into a SharePoint site

Build dashboards with different views of the data for different audiences

• Helpdesk

• On Call

• Management

32

SOME SUGGESTIONS FOR BEST PRACTICES

Make repeating code into functions

• Use a prefix to readily identify

• I prefix all of my functions with BD-

Use parameters for input values rather than hard coding variables.

Get stuff for free: Use Advanced functions

• Put this line of code as the first none commented line: [cmdletbinding()]

• This gives you a verbose switch which executes write-verbose

• This gives you write-debug as well

Here is a good reference: http://blogs.technet.com/b/heyscriptingguy/archive/2014/05/30/powershell-best-practices-advanced-functions.aspx

33

RESOURCES

Here are some resources that I rely upon:

Use the get-member command to discover properties of an object. Here is a good resource: https://technet.microsoft.com/en-us/library/ee176854.aspx

MSDN is the best resource, but it can be hard to find/read. Here is a good starting point: http://blogs.msdn.com/b/powershell/

One of the best resources is http://powershell.org. This organization is constantly posting great information. I suggest that you follow them on twitter @PSHOrg.

Follow Don Jones, who is also part of PowerShell.org @ConcentratedDon

The Scripting Guys blog about all things script related, but a large percentage are powershell related. http://blogs.technet.com/b/heyscriptingguy/

34

FINAL THOUGHTS

The samples will be available for download at the SPSBOS Site.I don’t have all the answers, so:

• If you improve a script, share it with me!

• If a script triggers a cool idea, share it with me!

One final note, if you use one of these scripts in production please replace my contact details with yours! I will gladly answer questions, but I really don’t have the capacity to support another production environment.

35

SPS Boston 2015 is made possible by our Sponsors

37

Thanks for Attending!

How you can reach me:• Email: mitchell.darrow@gmail.com• Twitter: @mitchdarrow• Linkedin: https://www.linkedin.com/pub/mitch-darrow/13/268/8b7