PowerShell command to add all users via claims via PowerShell to SharePoint
New-spuser “c:0(.s|true" -web http://www.mysharepointsite.com/ -permissionlevel "read"
PowerShell command to add all users via claims via PowerShell to SharePoint
New-spuser “c:0(.s|true" -web http://www.mysharepointsite.com/ -permissionlevel "read"
I recently was given a WSP to add to our farm.
In this case after the WSP was installed and deployed we needed to activate the feature at the site collection level.
Thats usually easy enough to do through the UI, but in this particular case we had a web application which had over a dozen site collections.
ie:
Activating it at http://jack.com from the UI was fine, but when the user navigated to http://jack.com/blog they were stumbling onto another site collection, and the feature wasn’t activated there.
To activate it on every Site collection meant that I’d have to a) know what each site collection was, and b) visit that site, and activate the feature.
Too much work.
What was needed was a simple script that would loop though each site collection, enabling the feature on each one.
The script below is a result of that need…
# this script enables a feature on every site collection on a given web app
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue
$webs = get-spsite -webapplication "http://www.yoursharepointURL.com"
$feature = "YourFeatureName" #this might not be what you expect it to be, best to do get-spfeature | Select displayname
Foreach ($oneweb in $webs)
{
write-host $oneweb
$siteFeature = get-spfeature -site $oneweb | Where {$_.displayname -eq $feature}
if ($siteFeature -eq $null)
{
Write-Host "Activating Site level Features at $oneweb" -foregroundcolor Yellow
Enable-SPFeature -Identity $Feature -URL $oneweb.URL -Confirm:$False
}
else
{
Write-Host "Feature $feature is already activated on $oneweb" -foregroundcolor green
}
}
If you look at the simple logic, you’ll see you can run it more than once – and the second time you run it, it should display an all green list indicating that all the site collections already have the feature activated.
See who has them with
get-spshelladmin
add one with
add-spshelladmin
Add-SPShellAdmin Domain\Username #then do it again for all the content databases Get-SPContentDatabase | Add-SPShellAdmin Domain\Username
This is another “Wow that was easy!” SharePoint items…
Open Central Admin
Go to the Monitoring section, then under “Timer Jobs”, select “Review job definitions”
There’s a timer job called “Diagnostic Data Provider: Trace Log”
It’s disabled by default, enable it and it will create new tables and a view on your logging database. (I think by default this is named WSS_Logging)
Leave it enabled (mine is set to run every 10 minutes)
Open SQL server Management studio and connect to your sharepoint DB server.
expand the WSS_Logging DB
Expand Views
Look for the new view called “ULSTraceLog”
I usually right click on the view name and “Select Top 1000 Rows”
Then from there I can add a where clause to the query thats on screen,
most often it’s
WHERE CorrelationID = ‘abcd-efg-hijk-lmnop-qrstuv’
Another tip- in the results (which on my system default to the “grid” view),
Right Click, Select All, then
Right Click, Copy with headers
you can then paste this into Excel and it’s pretty readable if you need to email it to someone.
As a side note, I’ve enabled this on a handful of farms and it seems to auto trim the DB sizes – so you don’t need to worry about the DB filling up over time.
This was so easy, I had to bookmark it here…
Get-SpSolution | forEach-Object { $_.SolutionFile.SaveAs("C:\exportedWSP\$($_.Name)") }
Note that this only exports farm solutions, not sandboxed ones that sit in the content database
If a user’s Active Directory (AD) account is deleted, then re-added, they will have a different SID and this will cause some trouble in SharePoint.
In SharePoint 2007 & 2010 the fix for this is easy:
Stsadm -o migrateuser -oldlogin domain\jsmith -newlogin domain\jjones -ignoresidhistory
I wanted a way to inject myself as a site collection admin into every site in sharepoint, Note, I’m not talking about the primary/secondary that you can set in Central admin.
I’m talking about that group you can only get to from within each site itself. Or in this case, with the powershell script below…
Note that it takes an array of names – if you have a team of admins or developers that all need access, you can put all their names in the list.
# set site collection owner for all sites...
# 1-2012
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
# $AccountList is an array of Windows Identities in the format of $AccountList = @("DOMAIN\USERID" , "DOMAIN\USERID2")
$AccountList = @("LAB\Jack", "Lab\tom", "Lab\dick", "lab\harry")
#this gets an array of objects representing the sites at the IIS level:
$IISSites = Get-SPWebApplication
Foreach($oneIISSite in $IISSites)
{
#using .Sites, we can get a list of the site collections
foreach ($SharepointSiteCollection in $oneIISSite.Sites)
{
write-host $SharepointSiteCollection.url -ForegroundColor Cyan
$spweb = Get-SPWeb $SharepointSiteCollection.url
#now we have the website, so lets look at each account in our array
foreach ($Account in $AccountList)
{
#lets see if the user already exists
Write-host "Looking to see if User " $account " is a member on " $SharepointSiteCollection.url -foregroundcolor Blue
$user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url -ErrorAction SilentlyContinue #This will throw an error if the user does not exist
if ($user -eq $null)
{
#if the user did NOT exist, then we will add them here.
$SPWeb.ALLUsers.ADD($Account, "", "", "Added by AdminScript")
$user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url
Write-host "Added user $Account to URL $SPWeb.URL" -Foregroundcolor Magenta
}
else
{
Write-host "user $Account was already in URL " $SPWeb.URL -Foregroundcolor DarkGreen
}
if ($user.IsSiteAdmin -ne $true)
{
$user.IsSiteAdmin = $true
$user.Update()
Write-host "$account has been made an admin on $SPWeb.URL" -Foregroundcolor Magenta
}
else
{
Write-host "$account was already an admin on $SPWeb.URL" -Foregroundcolor DarkGreen
}
}
$SharePointSiteCollection.Dispose()
}
}
Here’s another version of the script, this one also takes an array of top level URL’s
It’s handy if you have lots of url’s on your site and only want to work with a few of them.
# set site collection owner for all sites...
# 2-2013 Jack
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
$logfile = "Powershelloutput.log"
# $AccountList is an array of Windows Identities in the format of $AccountList = @("DOMAINUSERID" , "DOMAINUSERID2")
$AccountList = @("domaintom", "domaindick", "domainharry")
# $iisSiteList is an array of top level IIS site URLs
$iisSiteList = @("http://site1.yoururl.com", "http://anothersite.yoururl.com")
# this is from an earlier version of the script
# That scrip looks at all SP sites on the farm, I've left the old code here for reference
# this gets an array of objects representing the sites at the IIS level:
## $IISSites = Get-SPWebApplication
Foreach($oneIISSite in $IISSiteList)
{
#using .Sites, we can get a list of the site collections
#so really what were saying is for each SharepointSiteCollection
#this code is altered a bit, since we're using an array of top level site names.
# we need to use (Get-SPWebApplication $oneIISSite).Sites
# which is the same as $sitelist = Get-SPWebApplication $oneIISSite
# $sitelist.sites
foreach ($SharepointSiteCollection in (Get-SPWebApplication $oneIISSite).Sites)
{
$msg = $SharepointSiteCollection.url
write-host -ForegroundColor Cyan $msg
Add-Content $logfile $msg
$spweb = Get-SPWeb $SharepointSiteCollection.url
#now we have the website, so lets look at each account in our array
foreach ($Account in $AccountList)
{
#lets see if the user already exists
$msg = "Looking to see if User " + $account + " is a member on " + $SharepointSiteCollection.url
Write-host -foregroundColor Blue $msg
Add-Content $logfile $msg
$user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url -ErrorAction SilentlyContinue #This will throw an error if the user does not exist
if ($user -eq $null)
{ #if the user did NOT exist, then we will add them here.
$SPWeb.ALLUsers.ADD($Account, "", "", "Added by AdminScript")
$user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url
$msg = "Added user $Account to URL $SPWeb.URL"
Write-host -Foregroundcolor Magenta $msg
Add-Content $logfile $msg
}
else
{
$msg = "user $Account was already in URL " + $SPWeb.URL
Write-host -ForegroundColor DarkGreen $msg
Add-Content $logfile $msg
}
if ($user.IsSiteAdmin -ne $true)
{
$user.IsSiteAdmin = $true
$user.Update()
$msg = "$account has been made an admin on $SPWeb.URL"
Write-host -Foregroundcolor Magenta $msg
Add-Content $logfile $msg
}
else
{
$msg = "$account was already an admin on $SPWeb.URL"
Write-host -ForegroundColor DarkGreen $msg
Add-Content $logfile $msg
}
}
$SharepointSiteCollection.Dispose()
}
}
$msg = "=============== ALL DONE ================"
Write-host -ForegroundColor DarkGreen $msg
Add-Content $logfile $msg
-user must be local admin on box
-user must be in farm admin group in SP
-user must be in sharepoint_shell_access role on SQL server on Sharepoint_config db
-user must have dbo role on each content db being accessed (Sharepoint_shell_access role only exists on sharepoint_Config- this is ok)
I had this problem enough times that I wanted to capture the solution.
First of all, credit goes to Craig Lussier on the Technet forms, his post has the full solution and background.
I used the above solution and it worked great.
I also found a script that I did not try. The script is described as being able to change this setting system wide by looping through each document library in each subsite of a given site – it could come in handy. (the script is by the same poster – Craig Lussier – Thanks Craig!
http://gallery.technet.microsoft.com/scriptcenter/Set-SPDocumentLibrary-0426781c
The code below is from the first link above, I’ve copied it here in case MS ever changes the link structure and the original post can’t be found.
# SPAssignment $gc = Start-SPAssignment #Get Web $web = $gc | Get-SPWeb "http://yourspweburl" #Get Document Library $docLib = $web.lists["Your Document Library Title"] #View all properties/methods of the Document Library and you'll see that BrowserFileHandling is a property $docLib | Get-Member #See the current BrowserFileHandling setting for the Document Library $docLib.BrowserFileHandling #If you need to change it from Strict to Permissive $docLib.BrowserFileHandling = "Permissive" $docLib.Update() # End SPAssgment $gc | Stop-SPAssignment
Ok this took a bit of wrangling and some new understandings on my part to understand.
I was trying to index a file share of content, and create a FAST search page that would ONLY search that content. Since the FAST server had tons of other stuff on it, I needed to create a scope to narrow down the search.
I used this powershell command to create the scope – this is key – you can’t do this from the sharepoint GUI (As of Sharepoint 2010 SP)
New-SPEnterpriseSearchQueryScope -SearchApplication “FAST Search Query SSA” -Name thisisthescopename -Description “A scope for a file share” -DisplayInAdminUI 1 -ExtendedSearchFilter “contentsource:nameofcontentsource”
Some explanation – the -SearchApplication is the name of our FAST query SSA – yours might be named differently
The -ExtendedSearchFilter nees some explanation,
First, the word contentsource needs to be in lower case – I had orignally tried it in mixed case (ContentSource) and that didn’t work
Next, the :nameofcontentsource – this is the artificial name you gave the content source over in your FAST Content SSA – it’s NOT the URL, UNC Path etc.. of the content!
for example, if in your FAST Content SSA, you created a content source on \server1files and called it myfiles
then your ExtendedSearchFilter would look like this: “contentsource:myfiles”
Ok so that’s the end of my explanation of the command itself.
After a few minutes the scope is created and we can test it in a normal FAST search site in sharepoint
Lets say that we indexed a bunch of content on monkeys and we want to see if it turns up in our new scope.
We would search for scope:thisisthescopename monkey
If we get the results we want, then we know the scope is working.
One step beyond this, we can create a special search page for this scope,
create a new FAST search site in sharepoint.
do a bogus search on the sites home page so that it shows you the results page
Edit the results page in the browser
find the web part at the bottom that displays the results
edit that web part
On the right hand side of the page, are the web parts properties, one of them is ‘scope’
put thisisthescopename in that web part and save the page (don’t forget to check in/publish if needed too)
now on your newly modified search page, when you enter a search for monkey, it will limit it to your scope.