Replace-RequestAccessEmail

Retrieve and update/change access request on all the sites/webs inside a web application that has my email as the access request. Some sites have a branch site managers email group that need to be used as well. Sourced from PowerShell script to update Access Request Email Address for multiple sites and webs and Windows PowerShell: Build a Better Function.

function Replace-RequestAccessEmail {
<#
.SYNOPSIS
Update Access Request containing Specified Email
.DESCRIPTION
Find all the Access Request Settings that have a specified email and replace it with either another account, another account and the Branch Site Managers email, or remove from string
.EXAMPLE
Replace the email address with a new address and the Branch Site Managers email
Replace-RequestAccessEmail -webapp "https://WEBAPP1" -email "Joe.Cool@email" -replace "SPADMIN@email" -SPSiteMgrs
.EXAMPLE
Removes the email address from the string
Replace-RequestAccessEmail -webapp "https://WEBAPP1" -email "Joe.Cool@email"
.PARAMETER webapp
Web Application to cycle through.
.PARAMETER email
Email in Access Request Setting to locate
.PARAMETER replace
(OPTIONAL) Email to use as replacement - leave off to have email removed from string.
.PARAMETER SPSiteMgrs
(OPTIONAL) Include to replace using Site Managers email based on Site Collection
#>
[CmdletBinding()]
param
(
[Microsoft.SharePoint.PowerShell.SPWebApplicationPipeBind]$webapp,
[string]$email,
[string]$replace,
[switch]$SPSiteMgrs
)
process {
$webapplication = Get-SPWebApplication -Identity $webapp
[string]$trimSites = $webapplication.URL
$trimSites = $trimSites + "sites/"
foreach($site in $webapplication.Sites)
{
foreach($web in $site.AllWebs)
{
if ($web.HasUniquePerm -and $web.RequestAccessEnabled)
{
if ($web.RequestAccessEmail -like "*$email*")
{
$siteCollection = $web.Site | %{$_.URL}
$siteCollection = $siteCollection.TrimStart($trimSites)
Write-Host "Site Collection: " $siteCollection
Write-Host "On Web" $web.Title ", URL" $web.URL
Write-Host "`tAccess requests go to :" $web.RequestAccessEmail
If($SPSiteMgrs.IsPresent)
{
If(!$replace.IsPresent)
{
#Default with Admin Account
$replace = "SPADMIN@EMAIL"
}
switch ($siteCollection)
{
"BRANCH_A" {$requestAccessEmail = "$replace; BRANCH_A.SPSiteMgr@EMAIL"}
"BRANCH_B" {$requestAccessEmail = "$replace; BRANCH_B.SPSiteMgr@EMAIL"}
"BRANCH_C" {$requestAccessEmail = "$replace; BRANCH_C.SPSiteMgr@EMAIL"}
default {$requestAccessEmail = "$replace"}
}
} else
{
$requestAccessEmail = $web.RequestAccessEmail
$reqeustAccessEmail = $requestAccessEmail.ToLower()
$email = $email.ToLower()
$requestAccessEmail = $requestAccessEmail.Replace($email,$replace)
}
# If the Request Access Email would be blank, set to SharePoint Admins Email
If ($requestAccessEmail -eq "")
{
$requestAccessEmail = "SPADMIN@EMAIL"
}
Write-Host "`t***Will Update Request Access Email to: "$requestAccessEmail "***"
$web.RequestAccessEmail = $requestAccessEmail
$web.Update()
}
}
} #end ForEachWeb
#Dispose of the site object
$site.Dispose()
} #end ForEachSite
} #end Process
} #endFunction

Copy Users between SharePoint Groups

I had a situation where I needed to create a new site and copy over specific groups from the old site. The groups had already been created using another script. Thanks to Justin Kobel (the smartest person I personally know) for helping me with this script.

$allGroups = (“Eastern Mountain Contributors”, “Eastern Mountain Visitors”, “Salt River Contributors”, “Salt River Visitors”)

$fromWeb = ‘https://WEBAPP/sites/SITEA’

$toWeb = ‘https://WEBAPP/sites/SITEB’

foreach ($group in $allGroups){

Write-Host “Group: $group”

$users = Get-SPUser -Web $fromWeb -Group $group | Select-Object LoginName

foreach ($user in $users){

New-SPUser –UserAlias $user.LoginName –web $toWeb

Set-SPUser -Identity $user.LoginName -Group $group -Web $toWeb

}

}

Vanishing SharePoint Groups

It’s like an episode of CSI – all of the evidence points to one suspect for half the show and then the surprise evidence shows up and turns the case on its head. You don’t usually expect that to happen in IT.

The email comes in “Help please… sudden loss of access to Project Management SP Site.” I’m able to get to the site, so it’s not down. Further details come in and the group “All Projects Staff” is missing, of course they want to know what WE (our IT group) did to cause this. So I run the audit report and have the satisfaction of reporting that the business site manager (the one reporting the issue,) “Vinny Dadeleter”, deleted three groups that day. Now the tables are turned – he’s swearing up and down he’s done nothing to the permissions – hasn’t even been in the site settings. But it’s all there in the audit logs:

Item Type	User Id	Document Location	Occurred (GMT)	Event	Event Data
Site Collection	DOMAIN\vinny.dadeleter	sites/PRJ	2012-08-21T19:43:47	Security Group Delete	<groupid>1019</groupid> DMS Staff
Site Collection	DOMAIN\vinny.dadeleter	sites/PRJ	2012-08-21T19:43:50	Security Group Delete	<groupid>785</groupid> All Projects Staff
Site Collection	DOMAIN\vinny.dadeleter	sites/PRJ	2012-08-21T19:43:50	Security Group Delete	<groupid>1018</groupid> CC Staff

Case closed – right?

Well Vinny wasn’t going to take the fall and did some research. He discovered this article on the forums about “Vanishing SharePoint Permissions” and sent it to us. He had indeed deleted a sub-site almost a month before. I had the backup from last night restore the content database to my test farm. I was able to see the groups there (from which we restored them to production), then cleared the recycle bin, and the groups disappeared.

I am now in the process of trying to reproduce this in my test environment without success. I’ll post more when I discover how to reproduce this. If this has happened to you, please let me know with as much detail as possible, what were the groups, where were they created, and what site templates were used.

Update Permission Set

I needed to create a script to update two permission sets throughout my farm:

$allWebApps = ("https://WEBAPP1.COM", "https://WEBAPP2.COM")
function fnUpdatePermSet {
    #Get the root Web site of the site collection.
    $web=$site.RootWeb
    # Use the RoleDefinitions property of the SPWeb class to get the collection of role definitions for a Web site. Use an indexer to return a single item from the collection.
    $UpdatePermissionSet=$web.RoleDefinitions[$roleName];
    # Use the BasePermissions property of the SPRoleDefinition class to set the base permissions for a role definition.
    $UpdatePermissionSet.BasePermissions=$rolePerms;
    # Use the Update Method of the SPRoleDefinition class
    $UpdatePermissionSet.Update()
}
foreach ($siteUrl in $allWebApps){
   Write-Host "$siteUrl";
   $rootSite = New-Object Microsoft.SharePoint.SPSite($siteUrl);
   $spWebApp = $rootSite.WebApplication;
   foreach($SPSite in $spWebApp.Sites){
      #Get site collection
      $site = Get-SPSite $SPSite
      Write-Host $site
      $roleName = "Edit-Add";
      $rolePerms = "ViewListItems,AddListItems,EditListItems,OpenItems,ViewVersions,ViewFormPages,Open,ViewPages,BrowseDirectories,BrowseUserInfo,UseRemoteAPIs,UseClientIntegration,CreateAlerts,ManagePersonalViews";
      fnUpdatePermSet;
      
      $roleName = "Add Only";
      $rolePerms = "ViewListItems,AddListItems,OpenItems,ViewVersions,ViewFormPages,Open,ViewPages,BrowseDirectories,BrowseUserInfo,UseRemoteAPIs,UseClientIntegration,CreateAlerts,ManagePersonalViews";
      fnUpdatePermSet;

      #Dispose of the site object
      $site.Dispose()
   }
$rootSite.Dispose();
}

Find all groups in Site Collection using a specific permission level

Find all groups in Site Collection using a specific permission level. Helpful for removing outdated custom permission levels.

$siteUrl = "https://WEBAPP/sites/SITECOLLECTION"
$permission = "Restricted Read"
function Get-SPGroupByPermissionLevel([string]$url, [string]$permLevel) {
$spWeb = Get-SPWeb $url
$spGroupCollection = $spWeb.SiteGroups;
$group = $spGroupCollection | ? {$_.Roles | ? {$_.Name -eq $permLevel} }
$spWeb.Dispose()
return $group;
}
$rootSite = New-Object Microsoft.SharePoint.SPSite($siteUrl);
$spWebApp = $rootSite.WebApplication;
foreach($SPSite in $spWebApp.Sites)
{
$siteURL = $SPSite.URL;
Write-Host "SITEURL: $siteURL"
        $groups = Get-SPGroupByPermissionLevel $siteURL $permission;
        foreach($group in $groups)
        {
if($group -ne $NULL){
Write-Host "-Web "$siteURL "-Group "$group
}
}
$SPSite.Dispose();
}
$rootSite.Dispose();

“Add users to a SharePoint group” Disabled

In researching this error, the posted answers had to do with the site being created by code – and the solution was a change in the code.

However, it wasn’t my code creating the sites, but the migration tool I was using. Changing their code wasn’t an option. So if you have a site where the “Add users to a SharePoint group” drop-down is disabled, you can solve this in two ways.

Using the GUI:

Site Actions > Site Permissions – go into each group you want available in the drop down and make it the default group -leaving for last the actual group you want to make the default.

PowerShell Script:

Add all of the groups desired to be part of the dropdown – leaving the actual group you want to make the default last.

cls
$snapIn = Get-PSSnapin | where-object {$_.Name -eq "Microsoft.SharePoint.PowerShell"}
if($snapIn -eq $null) {
Add-PsSnapin Microsoft.SharePoint.PowerShell
}
$Web=Get-SPweb https://WEBAPP/sites/SITE/SUBSITE
$Web.AssociatedMemberGroup=$Web.SiteGroups["SITENAME Contributors"]
$Web.AssociatedMemberGroup=$Web.SiteGroups["SITENAME Manager"]
$Web.AssociatedMemberGroup=$Web.SiteGroups["SITENAME CUSTOM Group"]
$Web.AssociatedMemberGroup=$Web.SiteGroups["SITENAME Visitors"]
$Web.update()
$Web.dispose()