Monday, 4 July 2016

Creating Group, Premission level, Assigning permission to the group and Users to the group


<#
NOTE:
-----

In this Powershell Script to achieve Group Creation, Permission Levels Creation, Permission Given to the created group and Add Users to the group.
--------------------------------------------------------------------------------------------------------------------------------------------------
All required data are fetching from CSV file such as GroupName, GroupDescription, PermissionLevelName, PermissionLevelDescription, PermissionLevelList and Users.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
We can use this script in On-Premises(Offline) and Office365(Online).
---------------------------------------------------------------------
When start to run the script it will ask On-Premises (or) Office365 after choose the environment.
-------------------------------------------------------------------------------------------------
If it is On-Premises then it will ask Site URL and CSV file name finally Hit Enter then progress message will display there.
----------------------------------------------------------------------------------------------------------------------------
If it is Office365 then it will ask UserName, Password, Site URL and CSV file name finally Hit Enter then progress message will display there.
----------------------------------------------------------------------------------------------------------------------------------------------

#>


######################### Add SharePoint PowerShell Snapin ###############################################
 
 if ( (Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null )
 {
 
 Add-PSSnapin Microsoft.SharePoint.Powershell
 
 }
 


 ########################### End of Add SharePoint PowerShell Snapin ##################################

  ######################## Set Execution Path ################################################
 
 $scriptBase = split-path $SCRIPT:MyInvocation.MyCommand.Path -parent
 
 Set-Location $scriptBase
 
 ################################# End of Set Execution Path #################################



############################ Functions Starts Here #########################################

function PermissionLevelCreation([string]$PermissionLevelName, [string]$PermissionLevelDescription, [string]$PermissionLevelList)
{
 try
  {
    $web = $Context.Web  
    $Context.Load($web)  
    $permissionlevel = $PermissionLevelList;
    #"ManageLists, CancelCheckOut, AddListItems, EditListItems, DeleteListItems, ViewListItems, ApproveItems, OpenItems, ViewVersions, DeleteVersions, CreateAlerts, ViewFormPages, ManagePermissions, BrowseDirectories, ViewPages, EnumeratePermissions, BrowseUserInfo, UseRemoteAPIs, Open"
    $RoleDefinitionCol = $web.RoleDefinitions
    $Context.Load($RoleDefinitionCol)
    $Context.ExecuteQuery() 
   
    $permExists = $false
    $spRoleDef = New-Object Microsoft.SharePoint.Client.RoleDefinitionCreationInformation
    $spBasePerm = New-Object Microsoft.SharePoint.Client.BasePermissions
    $permissions = $permissionlevel.split(",");

    foreach($perm in $permissions)
    {
    $spBasePerm.Set($perm)
    }  
    try
    {

    #Create Permission Levels for group

    $spRoleDef.Name = $PermissionLevelName
    $spRoleDef.Description = $PermissionLevelDescription
    $spRoleDef.BasePermissions = $spBasePerm   
    $roleDefinition = $web.RoleDefinitions.Add($spRoleDef)
    $Context.ExecuteQuery()
    Write-Host $PermissionLevelName "Permission Levels created successfully!!!"  
    }
    catch
    {
    Write-Host "Permission Level Name is already created so try it in different Permission Level Name" -ForegroundColor Red
    }
   }
   catch
   {
  
   }
}


function CreateGrpNPermissionLevel([string]$GroupName, [string]$GroupDescription, [string]$PermissionLevelName)
 
 {
 try
 {  
    try
    {
    #Retrieve Groups

    $Groups = $Context.Web.SiteGroups
    $Context.Load($Groups)
    $Context.ExecuteQuery() 

    #Create Group

    $NewGroup = New-Object Microsoft.SharePoint.Client.GroupCreationInformation
    $NewGroup.Title = $GroupName
    $NewGroup.Description = $GroupDescription
    $custGroup = $Context.Web.SiteGroups.Add($NewGroup)
    $Context.Load($custGroup)
    $Context.ExecuteQuery()
    Write-Host $GroupName "Group created successfully!!!"
    }
    catch
    {
    Write-Host $GroupName "Group Name is already created so try it in different Group Name" -ForegroundColor Red

     }

    try
    {

     #Retrieve Permission Level by Name
   
     $grpPermissionLevel = $Context.Web.RoleDefinitions.GetByName($PermissionLevelName)   

     #Bind Permission Level to Group

      $currentGroupName = $Context.Web.SiteGroups.GetByName($GroupName)
      $RoleDefBind = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Context)
      $RoleDefBind.Add($grpPermissionLevel)
      $Assignments = $Context.Web.RoleAssignments
      $RoleAssignOneNote = $Assignments.Add($currentGroupName,$RoleDefBind)
      $Context.Load($currentGroupName)
      $Context.ExecuteQuery()
      Write-Host $PermissionLevelName "Group permission level activated successfully!!!"
    
    }
    catch
    {
    Write-Host $PermissionLevelName "Group Permission Level is already active only" -ForegroundColor Red
    }
 }
 catch
 {
 
 }
 }

 function addUsernGrp([string]$GroupName, [string]$Users)
 {
 try
 {
    $spoGName=$GroupName
    $currentGroup = $Web.SiteGroups.GetByName($spoGName)

    $userToAdd=$Users

    $userList = $userToAdd.split(",");
    foreach($NUsers in $userList)
    {
    #$spGrpUsers.Set($NUsers)
    $Member = $Context.Web.EnsureUser($NUsers)
    $Context.Load($Member)

    # Add Member (can be user or Security Group)
    $addMember=$currentGroup.Users.AddUser($Member)
    $Context.Load($addMember)
    $Context.ExecuteQuery()
    }

   
    Write-Host "Users Added Successfully to" $GroupName "!!!"
 }
 catch
 {

 }
 }


########################### Functions Ends Here ###########################################

 #Add references to SharePoint client assemblies and authenticate to Office 365 site - required for CSOM
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Taxonomy.dll"

 $question = Read-Host "Are you proceed with On-Premises or Office365? If On-Premises Type ON Else Type OFF for Office365"


 If (($question -eq "ON") -or ($question -eq "on") -or ($question -eq "On") -or ($question -eq "oN"))
{
$SiteURL = Read-Host -Prompt "Please enter the Site URL"
$CSVFileName=Read-Host -Prompt "Please enter Your CSV file Name"


$Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)


if (!$Context.ServerObjectIsNull.Value)
{
    Write-Host "Connected to SharePoint On-Premises site: '$SiteURL'" -ForegroundColor Green
   
    $web = $Context.Web  
    $Context.Load($web)  
    $Context.ExecuteQuery()
 
}

}



Elseif (($question -eq "OFF") -or ($question -eq "off") -or ($question -eq "Off") -or ($question -eq "oFF"))
{

$User = Read-Host -Prompt "Please enter your Login Name"
$Password = Read-Host -Prompt "Please enter your password" -AsSecureString
$Creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($User,$Password)
$SiteURL = Read-Host -Prompt "Please enter the Site URL"
$CSVFileName=Read-Host -Prompt "Please enter Your CSV file Name"


#Bind to site collection
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($User,$Password)
$Context.Credentials = $Creds

if (!$Context.ServerObjectIsNull.Value)
{
    Write-Host "Connected to SharePoint Office365 site: '$SiteURL'" -ForegroundColor Green

     
    $web = $Context.Web  
    $Context.Load($web)  
    $Context.ExecuteQuery()
    
 }


}
  


Else
{
    Write-Host -BackgroundColor White -ForegroundColor Red "INVALID ENTRY! Please try again."
    Break
    #Exit
}


 #################Creating Group##########################################################

 
$permissionLevelsCSV = $scriptBase + "\" + $CSVFileName
 
 import-csv $permissionLevelsCSV |select -first 1 | where {
 
 PermissionLevelCreation $_.PermissionLevelName $_.PermissionLevelDescription $_.PermissionLevelList
 
 }



$GrpCreationPermissionLvlBindingtoGrpCSV = $scriptBase + "\" + $CSVFileName
 
 import-csv $GrpCreationPermissionLvlBindingtoGrpCSV | where {

 
    CreateGrpNPermissionLevel $_.GroupName $_.GroupDescription $_.PermissionLevelName
 

 }



 $AddUserstoGrpCSV = $scriptBase + "\" + $CSVFileName
 
 import-csv $AddUserstoGrpCSV | where {

 
    addUsernGrp $_.GroupName $_.Users
 

 }


Sample CSV file:







No comments:

Post a Comment