Copy Permission from windows authentication to LDAP Membership FBA
在将Web Application 验证从windows authentication改成LDAP Membership FBA后,用PowerShell将Windows用户的权限复制到LDAP Membership用户
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 | Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue #Function to copy user permissions Function Copy-UserPermissions($SourceUserID, $TargetUserID, [Microsoft.SharePoint.SPSecurableObject]$Object){ #Determine the given Object type and Get URL of it Switch($Object.GetType().FullName) { "Microsoft.SharePoint.SPWeb" { $ObjectType = "Site" ; $ObjectURL = $Object.URL; $web = $Object } "Microsoft.SharePoint.SPListItem" { If($Object.Folder -ne $null) { $ObjectType = "Folder" ; $ObjectURL = "$($Object.Web.Url)/$($Object.Url)"; $web = $Object.Web } Else { $ObjectType = "List Item"; $ObjectURL = "$($Object.Web.Url)/$($Object.Url)" ; $web = $Object.Web } } #Microsoft.SharePoint.SPList, Microsoft.SharePoint.SPDocumentLibrary, Microsoft.SharePoint.SPPictureLibrary,etc Default { $ObjectType = "List/Library"; $ObjectURL = "$($Object.ParentWeb.Url)/$($Object.RootFolder.URL)"; $web = $Object.ParentWeb } } #Get Source and Target Users $SourceUser = $Web.EnsureUser($SourceUserID) $TargetUser = $Web.EnsureUser($TargetUserID) #Get Permissions of the Source user on given object - Such as: Web, List, Folder, ListItem $SourcePermissions = $Object.GetUserEffectivePermissionInfo($SourceUser) #Iterate through each permission and get the details ForEach($SourceRoleAssignment in $SourcePermissions.RoleAssignments) { #Get all permission levels assigned to User account directly or via SharePOint Group $SourceUserPermissions=@() ForEach($SourceRoleDefinition in $SourceRoleAssignment.RoleDefinitionBindings) { #Exclude "Limited Accesses" If($SourceRoleDefinition.Name -ne "Limited Access") { $SourceUserPermissions += $SourceRoleDefinition.Name } } #Check Source Permissions granted directly or through SharePoint Group If($SourceUserPermissions) { If($SourceRoleAssignment.Member -is [Microsoft.SharePoint.SPGroup]) { $SourcePermissionType = "'Member of SharePoint Group - " + $SourceRoleAssignment.Member.Name +"'" #Add Target User to the Source User's Group #Get the Group $Group = [Microsoft.SharePoint.SPGroup]$SourceRoleAssignment.Member #Check if user is already member of the group - If not, Add to group if( ($Group.Users | where {$_.UserLogin -eq $TargetUserID}) -eq $null ) { #Add User to Group $Group.AddUser($TargetUser) #Write-Host Added to Group: $Group.Name } } else { $SourcePermissionType = "Direct Permission" #Add Each Direct permission (such as "Full Control", "Contribute") to Target User ForEach($NewRoleDefinition in $SourceUserPermissions) { #Role assignment is a linkage between User object and Role Definition $NewRoleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($TargetUser) $NewRoleAssignment.RoleDefinitionBindings.Add($web.RoleDefinitions[$NewRoleDefinition]) $object.RoleAssignments.Add($NewRoleAssignment) $object.Update() } } $SourceUserPermissions = $SourceUserPermissions -join ";" Write-Host "***$($ObjectType) Permissions Copied: $($SourceUserPermissions) at $($ObjectURL) via $($SourcePermissionType)***" } }} Function Clone-SPUser($SourceUserID, $TargetUserID, $WebAppURL){ ###Check Whether the Source Users is a Farm Administrator ### # Write-host "Scanning Farm Administrators Group..." #Get the SharePoint Central Administration site # $AdminWebApp = Get-SPwebapplication -includecentraladministration | where {$_.IsAdministrationWebApplication} # $AdminSite = Get-SPWeb $AdminWebApp.Url # $AdminGroupName = $AdminSite.AssociatedOwnerGroup # $FarmAdminGroup = $AdminSite.SiteGroups[$AdminGroupName] # #Enumerate in farm adminidtrators groups # ForEach ($user in $FarmAdminGroup.users) # { # If($User.LoginName.Endswith($SourceUserID,1)) #1 to Ignore Case # { # #Add the target user to Farm Administrator Group # $FarmAdminGroup.AddUser($TargetUserID,"",$TargetUserID , "") # Write-Host "***Added to Farm Administrators Group!***" # } # } # ### Check Web Application User Policies ### Write-host "Scanning Web Application Policies..." $WebApp = Get-SPWebApplication $WebAppURL #Convert UserID Into Claims format - If WebApp is claims based! Domain\User to i:0#.w|Domain\User # If( $WebApp.UseClaimsAuthentication) # { # $SourceUserID = (New-SPClaimsPrincipal -identity $SourceUserID -identitytype 1).ToEncodedString() # $ip = New-SPIdentityProvider -ASPNetMembershipProvider "membership" -ASPNetRoleProvider "rolemanager" # $TargetUserID = (New-SPClaimsPrincipal $TargetUserID -TrustedIdentityTokenIssuer $ip).ToEncodedString() # } Foreach ($Policy in $WebApp.Policies) { #Check if the search users is member of the group If($Policy.UserName.EndsWith($SourceUserID,1)) { #Write-Host $Policy.UserName $PolicyRoles=@() ForEach($Role in $Policy.PolicyRoleBindings) { $PolicyRoles+= $Role } } } #Add Each Policy found If($PolicyRoles) { $WebAppPolicy = $WebApp.Policies.Add($TargetUserID, $TargetUserID) ForEach($Policy in $PolicyRoles) { $WebAppPolicy.PolicyRoleBindings.Add($Policy) } $WebApp.Update() Write-host "***Added to Web application Policies!***" } ### Drill down to Site Collections, Webs, Lists & Libraries, Folders and List items ### #Get all Site collections of given web app $SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All #Loop through all site collections Foreach($Site in $SiteCollections) { #Prepare the Target user $TargetUser = $Site.RootWeb.EnsureUser($TargetUserID) Write-host "Scanning Site Collection Administrators Group for:" $site.Url ###Check Whether the User is a Site Collection Administrator Foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators) { If($SiteCollAdmin.LoginName.EndsWith($SourceUserID,1)) { #Make the user as Site collection Admin $TargetUser.IsSiteAdmin = $true $TargetUser.Update() Write-host "***Added to Site Collection Admin Group***" } } #Get all webs $WebsCollection = $Site.AllWebs #Loop throuh each Site (web) Foreach($Web in $WebsCollection) { If($Web.HasUniqueRoleAssignments -eq $True) { Write-host "Scanning Site:" $Web.Url #Call the function to Copy Permissions to TargetUser Copy-UserPermissions $SourceUserID $TargetUserID $Web } #Check Lists with Unique Permissions Write-host "Scanning Lists on $($web.url)..." Foreach($List in $web.Lists) { If($List.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false)) { #Call the function to Copy Permissions to TargetUser Copy-UserPermissions $SourceUserID $TargetUserID $List } #Check Folders with Unique Permissions $UniqueFolders = $List.Folders | where { $_.HasUniqueRoleAssignments -eq $True } #Get Folder permissions If($UniqueFolders) { Foreach($folder in $UniqueFolders) { #Call the function to Copy Permissions to TargetUser Copy-UserPermissions $SourceUserID $TargetUserID $folder } } #Check List Items with Unique Permissions $UniqueItems = $List.Items | where { $_.HasUniqueRoleAssignments -eq $True } If($UniqueItems) { #Get Item level permissions Foreach($item in $UniqueItems) { #Call the function to Copy Permissions to TargetUser Copy-UserPermissions $SourceUserID $TargetUserID $Item } } } } } Write-Host "Permission are copied successfully!"} #Define variables for processing$WebAppURL = "http://WebApplicationURL/" #Provide input for source and Target user Ids$SourceUser ="i:0#.w|contoso\s.p"$TargetUser ="i:0#.f|membership|s.p" #Call the function to clone user access rightsClone-SPUser $SourceUser $TargetUser $WebAppURL |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构