Technologies I’m Using and/or Watching

April 29, 2009 Brian T. Jackett Technology

As this week has been very busy I haven’t had time to write up a full blog post about some of the fun things I’m working on, but instead I thought I’d throw out a listing of some technologies I’m currently working on or watching.

Windows 7 Beta (build 7000) – I have this installed as my primary OS on my home desktop. Loving the slick interface and list of new features that keep getting announced. My only gripes so far are that the included build of IE8 is beta and can’t be upgraded to RTM, and that I need to get used to doing certain things under “Run as Administrator”. Looking forward to the RC being released next week to the public, at least so I hear.
PowerShell 2.0 CTP 1.3 – I’ve been following PowerShell for awhile now and it is a tool that really intrigues me. A few years ago I was writing shell scripts in Unix land to support some Oracle systems at my then employer. I then moved onto AutoIt which is an excellent Windows automation tool. Now though I am very excited about PowerShell. Not only does it allow scripting of normally mundane tasks, but it also is able to process .Net objects such as elements available through the SharePoint API. As you can see from my previous post I like to push tools to see what they are capable of. PowerShell 2.0 RTM is schedule to launch with Windows 7 and it’s my personal opinion that we’ll be seeing a greater emphasis on PowerShell in the coming product releases.
SharePoint 2010 – Until recently SharePoint 14. This is a no-brainer for anyone who working with SharePoint currently. I hear that this will be a prominent discussion piece at SharePoint Conference 2009. Here’s hoping I can get time off and make it to this conference.
Visual Studio Extensions for Windows SharePoint Services 1.2 – OK, Microsoft could really use to shorten this title up, and they have by renaming it Visual Studio 2010. In case you haven’t seen, Visual Studio 2010 is meant to include the proper SharePoint development tools that should’ve existed back when SharePoint 2007 was released. For now though my personal choices are between VSeWSS 1.2 and WSPBuilder, but I’ve had more use with the former so I tend to know it a little better.
Sysinternals Suite – Hopefully I don’t need to be the first to let many people know about this set of tools, but if this is your first hearing about Sysinternals you owe yourself as a technology person to check them out. I use Process Explorer, AutoRuns, and a few other tools almost daily.
Windows Live Programs – I was apprehensive about downloading these programs for some reason, but I’m quickly starting to love some of the offerings. I’m using Live Writer for my blog and Sky Drive (no download required) for sharing documents and other files. I’ll start exploring the other programs as I have time.
TweetDeck – I’m using Twitter more and more lately and beginning to experiment with different clients. Digsby was my favorite until I started getting overwhelmed by followers/followees. TweetDeck is suiting me well currently, but I’ve heard good things about Blu as well.
Digsby – Best IM / social networking client I’ve ever used. It combines my Facebook, LinkedIn, Gmail, GChat, AIM, and until recently Twitter accounts. Can’t even imagine going back to having 6 separate applications or windows open to manage them all.

Well that turned into a much longer post than expected. Feel free to leave feedback about any new tools, products, or applications you are using that you think should be shared. I love to check out new technology as much as I can and share the word.

The Power of PowerShell and SharePoint: Enumerating SharePoint Permissions and Active Directory

April 24, 2009June 12, 2018 Brian T. Jackett Active Directory, PowerShell, SharePoint

<Update 2013-07-01> This script has been updated for SharePoint 2010 / 2013. Please see my updated script and blog post at PowerShell
Script to Enumerate SharePoint 2010 or 2013 Permissions and Active Directory
Group Membership.

</Update 2013-07-01>

Posting code didn’t format as well as hoped. Download the below script here.

</Update>

For those of you who are SharePoint admins or developers but have never dug into the SharePoint API or PowerShell, I would recommend first checking out some tutorials on both and referencing the SharePoint Developer Center. At a later date I hope to be able to provide some quick demo scripts that highlight the power, time savings, and overall usefulness that can be gained by combining PowerShell and the SharePoint API. For now though I wish to post a script I developed almost a year ago as a side project to combine a number of powerful features into one script. To start, let me overview what the below script is capable of.

Recursively crawl a site or entire web application within SharePoint
Enumerate permissions assigned to a SharePoint site
Detail the SharePoint users assigned to a SharePoint group
Determine if an Active Directory group is a member of a SharePoint group
Detail the Active Directory users who are members of an Active Directory group
Search for a specific user’s permissions on a SharePoint site

Before anyone says anything, yes I realize that combining so many utilities into one script is probably a bad design and I should’ve broken out functionality. Yes this is probably true, but I want to state that this script was never intended for Production release. Instead I was prototyping what was possible with PowerShell and I even surprised myself with what I ended up with. Here is an attempt to visualize what the above hierarchy would look like.

–Site

——SharePoint User A

——SharePoint Group A

————SharePoint User B

————Active Directory Group A

——————Active Directory User A

——————Active Directory User B

As you can see, this allows you to dig much further than what you might normally surface from the SharePoint API. The true purpose of this script was to determine if a user was assigned permissions anywhere within a web application, even if indirectly by membership in a SharePoint group or Active Directory group. This was only ever intended for a test environment, so you may still find some bugs when running against your own environment.

Before running this, ensure that you have loaded the SharePoint assembly with the following call (typically placed into your PowerShell profile for ease of use):

[void][System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.SharePoint”)

Please leave me feedback if you end up trying out this script or have any questions on how/why I wrote things the way I did. I always enjoy constructive criticism and dialog. If you do re-post this anywhere, be sure to include the reference to the source material for the Active Directory call portion as I borrowed it from the PowerShell Script Center.

Example call:

.DisplaySPWebApp6.ps1 http://server WebApp userA

Note: The below script does not format properly through WordPress after I migrated my blog. Please refer to the source script for better view.


###########################################################
#DisplaySPWebApp6.ps1 -URL  -searchScope  -userToFind 
#
#Author: Brian Jackett
#Last Modified Date: Jan. 12, 2009
#
#Supply Traverse the entire web app site by site to display
# hierarchy and users with permissions to site.
###########################################################

&nbsp;

#DECLARE VARIABLES
[string]$siteUrl = $args[0]
[string]$searchScope = $args[1]
[string]$userToFind = $args[2]

#DECLARE CONSTANTS
$BUFFER_CHARS = " "

function DetermineSpaceBuffer #-iterations 
{
[string]$spaceBuffer = ""
for($i = 0; $i -lt $args[0]; $i++)
{$spaceBuffer += $BUFFER_CHARS}

return $spaceBuffer
}

#DECLARE FUNCTIONS
function DrillDownADGroup #-group  -depth 
{
[string]$spaceBuffer = DetermineSpaceBuffer $args[1]
$domain = $args[0].Name.substring(0, $args[0].Name.IndexOf("\") + 1)
$groupName = $args[0].Name.Remove(0, $args[0].Name.IndexOf("\") + 1)

#BEGIN - CODE ADAPTED FROM SCRIPT CENTER SAMPLE CODE REPOSITORY
#http://www.microsoft.com/technet/scriptcenter/scripts/powershell/search/users/srch106.mspx

#GET AD GROUP FROM DIRECTORY SERVICES SEARCH
$strFilter = "(&amp;(objectCategory=Group)(name="+($groupName)+"))"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = $strFilter

#
$colProplist = ("name","member")
foreach ($i in $colPropList)
{
$catcher = $objSearcher.PropertiesToLoad.Add($i)
}
$colResults = $objSearcher.FindAll()

#END - CODE ADAPTED FROM SCRIPT CENTER SAMPLE CODE REPOSITORY

&nbsp;

foreach ($objResult in $colResults)
{
foreach ($member in $objResult.Properties.member)
{
$indMember = [adsi] "LDAP://$member"

#ATTEMPT TO GET AD OBJECT TYPE FOR USER, NOT WORKING RIGHT NOW
#$user = $indMember.PSBase
#$user.Properties

$fullUserName = $domain + ($indMember.Name)
DisplayADEntry $fullUserName ($args[1])
}
}
}

function DisplaySPGroupMembers #-group  -depth 
{
[string]$spaceBuffer = DetermineSpaceBuffer $args[1]

if($args[0].Users -ne $Null)
{
#START SHAREPOINT USERS ENTITY
Write-Output $spaceBuffer""

foreach($user in $args[0].Users)
{
DisplayADEntry $user ($args[1] + 1)
}

#END SHAREPOINT USERS ENTITY
Write-Output $spaceBuffer""
}
}

function DisplayADEntry #-user/group  -depth 
{
#FILTER RESULTS IF LOOKING FOR SPECIFIC USER
if($args[0].IsDomainGroup -eq "True")
{
$outputText = "$spaceBuffer$BUFFER_CHARS" + ($args[0])
Write-Output $outputText
DrillDownADGroup $args[0] ($args[1])
$outputText = "$spaceBuffer$BUFFER_CHARS"
Write-Output $outputText
}
else
{
#USER FOUND AS A CHILD OF AN EMBEDDED AD GROUP
if(($userToFind -ne "" -and ($userToFind.ToUpper() -eq $args[0].LoginName.ToUpper() -or $userToFind.ToUpper() -eq $args[0].ToUpper())) -or $userToFind -eq "")
{
$outputText = "$spaceBuffer$BUFFER_CHARS" + ($args[0]) + ""
Write-Output $outputText
}
}
}

function DetermineUserAccess #-web  -depth 
{
[string]$spaceBuffer = DetermineSpaceBuffer $args[1]

#START SHAREPOINT GROUPS ENTITY
Write-Output "$spaceBuffer"

foreach($perm in $args[0].Permissions)
{
#CHECK IF MEMBER IS AN ACTIVE DIRECTORY ENTRY OR SHAREPOINT GROUP
if($perm.XML.Contains('MemberIsUser="True"') -eq "True")
{
DisplayADEntry $perm.Member ($args[1] + 1)
}
#IS A SHAREPOINT GROUP
else
{
$outputText = "$spaceBuffer$BUFFER_CHARS" + ($perm.Member)
Write-Output $outputText
DisplaySPGroupMembers $perm.Member ($args[1] + 2)
Write-Output "$spaceBuffer$BUFFER_CHARS"
}
}

#END SHAREPOINT GROUPS ENTITY
Write-Output "$spaceBuffer"
}

function DisplayWebApplication #-webApp 
{
[string]$spaceBuffer = DetermineSpaceBuffer $args[1]

#START WEB APPLICATION ENTITY
$outputText = "$spaceBuffer" + ($args[0].Name)
Write-Output $outputText

if($args[0].Sites -ne $Null)
{
#START CONTAINED SITE COLLECTIONS ENTITY
Write-Output "$spaceBuffer$BUFFER_CHARS"

foreach($spSiteColl in $args[0].Sites)
{
DisplaySiteCollection $spSiteColl ($args[1] + 2)
$spSiteColl.Dispose()
}

#END CONTAINED SITE COLLECTIONS ENTITY
Write-Output "$spaceBuffer$BUFFER_CHARS"
}

#END WEB APPLICATION ENTITY
"$spaceBuffer"
}

function DisplaySiteCollection #-siteColl  -depth 
{
[string]$spaceBuffer = DetermineSpaceBuffer $args[1]
$sc = $args[0].OpenWeb()

#START SITE COLLECTION ENTITY
$outputText = "$spaceBuffer" + ($sc.URL)
Write-Output $outputText

if($sc -ne $Null)
{
#START CONTAINED SITES ENTITY
Write-Output "$spaceBuffer$BUFFER_CHARS"

foreach ($spWeb in $sc)
{
DisplayWeb $spWeb ($args[1] + 2)
$spWeb.Dispose()
}

#END CONTAINED SITES ENTITY
Write-Output "$spaceBuffer$BUFFER_CHARS"
}

#END SITE COLLECTION ENTITY
Write-Output "$spaceBuffer"

#CLEANUP SITE COLLECTION VARIABLE
$sc.Dispose()
}

function DisplayWeb #-web  -depth  -parentWeb 
{
[string]$spaceBuffer = DetermineSpaceBuffer $args[1]

#START SITE ENTITY
$outputText = "$spaceBuffer" + ($args[0].URL)
Write-Output $outputText

if($args[0].HasUniquePerm -eq "True")
{
DetermineUserAccess $args[0] ($args[1] + 1)
}
else
{
Write-Output "$spaceBuffer<!--Inherits from parent&gt;-->"
}

&nbsp;

if($args[0].Webs -ne $Null)
{
#START CONTAINED SUBSITES ENTITY
Write-Output "$spaceBuffer$BUFFER_CHARS"

#RECURSIVELY SEARCH SUBWEBS
foreach ($spSubWeb in $args[0].Webs)
{
DisplayWeb $spSubWeb ($args[1] + 2)
$spSubWeb.Dispose()
}
#END CONTAINED SUBSITES ENTITY
Write-Output "$spaceBuffer$BUFFER_CHARS"
}

#END SITE ENTITY
Write-Output "$spaceBuffer"
}

function DisplayMissingParametersMessage
{
#Write-Output "You are missing a parameter for 'Site URL'"
$script:siteURL = Read-Host "Enter Site URL"
}

############
# MAIN
############

#IF MISSING PARM FOR SITE URL, ASK FOR INPUT TO FILL
if($args.length -eq 0)
{
DisplayMissingParametersMessage
}

$rootSite = New-Object Microsoft.SharePoint.SPSite($siteUrl)
$spWebApp = $rootSite.WebApplication

&nbsp;

Write-Output ""

#IF SEARCH SCOPE SPECIFIED FOR SITE, ONLY SEARCH SITE
if($searchScope -eq "-site")
{
DisplaySiteCollection $rootSite 1
}
#ELSE SEARCH ENTIRE WEB APP
else
{
DisplayWebApplication $spWebApp 1
}
Write-Output ""

&nbsp;

#CLEANUP
$rootSite.Dispose()

An Introduction

April 20, 2009 Brian T. Jackett Personal

Hello blog readers. This is my first official blog so let me introduce myself and let you know what types of things to expect from this blog.

My name is Brian Jackett and I’m a Senior IT Consultant for Sogeti USA in the Columbus, OH area. My primary focus is on the Microsoft stack, but I started out in the Java realm when I first became a consultant. Throughout life I’ve been called a “utility player”, “jack of all trades”, and general dabbler in many different areas. Much of that led to why I enjoy consulting work so much as it allows me to see and work with numerous different technologies and always keeps me on my toes. Generally I gravitate towards web development (ASP.Net, SharePoint), automation (Power Shell, shell scripting) and database development (SQL Server, Reporting Services) with my work engagements. In my spare time I also do enjoy computer animation, attending local user groups (COSPUG), playing video games, tinkering with new technologies, karaoke, and playing sports.

So that’s me. Onto why I’m starting this blog. Over the years I’ve gained a lot of knowledge from various blogs, forums, and helpful hints from other people in the IT industry. As my way of giving back I’ll be posting various solutions that I’ve designed, troubleshooting tips I’ve discovered, and passing along other information that others might find useful. The name of my blog is meant to reflect that passing along of information. A simple drop of knowledge into the pond of the interwebs can create a ripple in all directions that I hope helps someone somewhere to do their job better or improve a side project. So with that I thank you for stopping by and I hope to keep this updated as frequently as I can. Please feel free to leave feedback and I’ll respond as much as possible.

Frog out

The Frog Pond of Technology

Ripples of Knowledge for Microsoft Graph and Other Microsoft Technologies

Year: 2009

Technologies I’m Using and/or Watching

The Power of PowerShell and SharePoint: Enumerating SharePoint Permissions and Active Directory

An Introduction