Powershell, Sharepoint

SharePoint 2013 Sites and Permissions Enumerator


Hi Everyone. I’m sure there are tonnes of SharePoint Site/Permissions PowerShell scripts out there, but I still went ahead and wrote my own.

. The following PowerShell Script will Enumerate your entire Farm and list the following:

  • Farm Administrators
  • Web Applications
  • Site Collections
    • Site Collection Administrators
  • Webs
    • Web Owners or Web FullControl Users

Example of what the script does:

*****  Pointtoshare SharePoint Site Enumerator     *****

Farm Administrators:  (BUILTIN\administrators) (DemoDomain\Administrator)

-Web Application:  http://demo-sharepoint-01:5000/
– Site Collection:  http://demo-sharepoint-01:5000
– Administrators:  (DemoDomain\Farm Admin) (DemoDomain\Administrator)
– Root Web:  http://demo-sharepoint-01:5000
– Owners group Members: (DemoDomain\Farm Admin) (DemoDomain\Administrator)

Couple of things to note:

  • You need to execute the script with Farm Admin and Local Admin rights
  • Save the Below code in a file named EnumPermissions.PS1 and Execute

Here’s the PowerShell CMDLet

function UserCollectionToString($obj){
    $usersString = ''
    if($obj -eq $null){
        return ''
    foreach($user in $obj){
        $usersString+='(' + $user.UserLogin + ') '
    return $usersString;
function EnumWebPermissions($Web){
        return '  - Permissions inherited from Parent: ' + $web.ParentWeb.Url
        if($Web.AssociatedOwnerGroup -eq $null){
            $fullOwnerUsers = '  - Users with Full Control: '
            foreach($Perm in $Web.Permissions){
                    $UsersInGroup = UserCollectionToString($Perm.Member.Users);                    
                    $fullOwnerUsers+= '[' + $Perm.Member.LoginName + $UsersInGroup + ']'

            return $fullOwnerUsers;            
            $siteOwnersUsers =  UserCollectionToString($Web.AssociatedOwnerGroup.users);
            return '  - Owners group Members: ' + $siteOwnersUsers
function EnumFarm($Web){
Write-Host '*****  Pointtoshare SharePoint Site Enumerator     *****' -ForegroundColor Green
Write-Host ''
Add-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue

$centralAdminSite = (Get-SPWebApplication -IncludeCentralAdministration | ? IsAdministrationWebApplication | Get-SPSite)[0]
$Admins = $centralAdminSite.RootWeb.SiteGroups["Farm Administrators"]
$AdminUsers = UserCollectionToString($Admins.Users);
Write-Host 'Farm Administrators: ' $AdminUsers -ForegroundColor DarkCyan
Write-Host ''

$AllWebApps = Get-SPWebApplication
foreach($WebApp in $AllWebApps){
    Write-Host '-Web Application: ' $WebApp.Url -ForegroundColor White
        foreach ($siteCollection in $WebApp.Sites) {
            Write-Host ' - Site Collection: ' $siteCollection.Url -ForegroundColor Yellow                                                                                                                                                                                                                                                                               
                $siteAdmins = UserCollectionToString($siteCollection.RootWeb.SiteAdministrators)
                    Write-Host ' - Administrators: ' $siteAdmins -ForegroundColor DarkYellow  
                    foreach ($web in $siteCollection.AllWebs){  
                                Write-Host '  - Root Web: ' $web.Url -ForegroundColor Green                                 
                                Write-Host '  -- SubWeb: ' $web.Url -ForegroundColor Green                                
                            $permissionsString = EnumWebPermissions($web);
                            Write-Host $permissionsString -ForegroundColor DarkGreen

                            Write-Host ''
        $WebApp = $null        
$AllWebApps = $null;


Using Powershell – ISE (Integrated Scripting Environment)

A lot of Administrators think that PowerShell is a one-hit-wonder single command tool used to quickly perform a task which can’t be found in the GUI. They couldn’t be further from the truth. Something that very little people know, is that All Operating systems including Server OS since Windows 7 and Server 2008 has a built in PowerShell Debugger and Developer. And the best thing of all is: ITS FREE! . It’s called Windows PowerShell Integrated Scripting Environment. The description “from Microsoft” about this tool is:


This tool as stated above allows you to actually develop your own script-lets which will then be saved as runnable .ps1 files.

I use this tool when I want to write something that will be re-used and paramaterised.

Take note, that the tool is not installed when windows or server is installed out of the box. You have to activate it. To install it :

Open Server manager

Server Manager

Click on Features


Click on Add Features


Scroll down and select Windows PowerShell Integrated Scripting Environment

Select ISE

Click Next and then Install.

You can now find the ISE under > Start > All Programs > Windows PowerShell

Powershell Location

Take note that if you are developing SharePoint related scriptlets, you have to run the 64 bit one.(The one not marked as x86) because SharePoint is a 64bit only Application. Also, always run the application as Administrator as you might run into some nasties if you don’t

The Application opens and you are ready to start writing your script:

Powershell ISE Open

More on the usage of this app in my next blog coming soon.