I finally got round to writing a PowerShell script which allows you to globally add or remove users from Site Collection Administrators. I had expected to be able to do this using stsadm commands, but it turns out you cannot use stsadm to remove a Site Collection Administrator (although you can add an administrator this way – and the Microsoft documentation suggestions suggests removal works too – it doesnt!). Instead I had to delve into the Sharepoint object model and figure out where on earth the Site Administrators are set. Turns out it is in the root site (aka Web in the code) of the site collection, which has a SiteAdministrators property – a collection of SPUser objects. These need the IsSiteAdmin property setting to false. That’s how the script works.
The script will also list out the Site Collection Administrators for all Site Collections in a Web Application, which is useful. Just run the script, then quit it after you have the information you need. At some point I’ll update the script so this list is formatted in a nicer way.
As with the previous script, you will need to save the supporting functions script (Download SPFunctions) in the same directory. IMPORTANT: You must edit the value of $email-domain at line 13 to match the domain (bit after @) that your users email addresses use.
On with the script: (Download edit-spadmins)
####### # # edit-spadmins # # Adds or removes site administrators from all site collections in a given web application # # TODO: Check userinput and handle errors gracefully # ####### .\SPFunctions.ps1; ## !! Edit the email domain to whatever your users email addresses end with (after the @) $email-domain = "dunxd.com" #################################################################################### # # Main script # #################################################################################### # Preamble cls; write-host "################################################################################### This application adds or removes users from all site collections in the given Web Application. Here is a list of all Web Applications on the farm" -foregroundcolor yellow; # List the GUIDs of all web apps on this farm List-SPWebApp-GUID; write-host "Please copy the GUID for the web application you wish to use by selecting then clicking the right mouse button." -foregroundcolor yellow; write-host " Note that the Central Admin site collection has no name, but does have a GUID! Don't select this one by accident! " -foregroundcolor red; Write-Host "You can paste the GUID by clicking the Right mouse button again" -ForegroundColor yellow; # Prompt user for GUID to use $guid = Read-Host -Prompt "GUID"; $guid = $guid.Trim(); # Check GUID for correct format Write-Host "Checking GUID"; switch(Check-GUID($guid)){ "False" { Write-Host "Error: Invalid GUID. Exiting..." -ForegroundColor red; return;} } # Get the specified web app $webapp = Get-SPWebApp($guid); # Check that webapp has been got and if not inform user Write-Host "The following Web App will be affected: " $webapp.name; # List out the site collections (and their admins) that will be changed and prompt to continue Write-Host "The following site collections will be affected" -ForegroundColor yellow; foreach ($site in $webapp.Sites){ Write-Host $site.url; $web = $site.openweb(); $web.SiteAdministrators | ft LoginName, id; } $continue = Read-Host -Prompt "Continue? (y|n)>"; switch($continue){ "y" {break;} default {Write-Host "Exiting..." -ForegroundColor red; return;} } # Is this operataion adding or removing users from Site Collection Administrators Write-Host "Are you adding or removing users from Site Collection Administrators?" -ForegroundColor yellow; $operation = Read-Host -Prompt "(add|remove)"; switch($operation){ "add" { #Write-Host "The adding functionality has not been written yet" -ForegroundColor red; return; Write-Host "Please give a comma delimited list of usernames in format DOMAIN\username e.g. DOMAIN\user1,DOMAIN\user2,DOMAIN\user3 etc." -ForegroundColor yellow; $usernames = Read-Host -Prompt "Users"; #Split the list on the commas $username_array = $usernames.Split(","); $time = Measure-Command { foreach ($site in $webapp.Sites){ foreach ($user in $username_array){ $domain_username = $user.Split("\"); $email = $domain_username[1] + $email-domain; $command = "stsadm -o adduser -url " + $site.url + " -userlogin $user -useremail $email -Role `"Full Control`" -username $user -siteadmin"; Write-Host $command; Invoke-Expression $command; $count_users++; } $count_sites++; } } Write-Host $count_users "Admin Accounts added to" $count_sites "in" $time.TotalSeconds "seconds." -ForegroundColor yellow; } "remove" { $count_users = 0; # Which user(s) do we want to remove from the Site Collection Administrators list? # Collect a comma delimited list of usernames in format DOMAIN\username Write-Host "Please give a comma delimited list of users to remove from the site collection administrators e.g. DOMAIN\user1,DOMAIN\user2,DOMAIN\user3" -ForegroundColor yellow; $usernames = Read-Host -Prompt "Users"; #Split the list on the commas $username_array = $usernames.Split(","); $time = Measure-Command { foreach ($site in $webapp.Sites){ $web = $site.openweb(); $admins = $web.SiteAdministrators; foreach ($user in $admins){ # Check to see whether the user name is in the $username-array if ($username_array -contains $user.LoginName){ $user.IsSiteAdmin = $FALSE; $user.Update(); Write-Host "Removed " $user.LoginName " from Site Administrators on " $web.URL; $count_users++ } } $count_sites++ } } Write-Host $count_users "Admin Accounts removed from" $count_sites "in" $time.TotalSeconds "seconds." -ForegroundColor yellow; } default {Write-Host "You must type add or remove! Exiting..." -ForegroundColor red; return;} } ############################## End of script ############################# |
Hope you find that useful. Take a look through the code to get some ideas for accessing SPUser objects via PowerShell. I’m sure this is going to be handy in future.
