映射/迁移共享点用户

时间:2019-03-06 12:16:37

标签: sharepoint migration usergroups

我目前正在测试环境中进行共享点迁移,现在我想将现有的广告组和用户从SP 2010映射/迁移到SP2013。现在,在进行研究时,我发现很多模糊的信息,但是对此事没有什么扎实的证据。我最好怎么做。

假设我的csv文件中有以下用户,这些用户代表SP 2010环境中的用户:

  

c:0!.s | windows
  i:0#.w | domainhere \ administrator   i:0#.w | domainhere \ apservice
  i:0#.w | domainhere \ koen
  NT AUTHORITY \ LOCAL服务
  SHAREPOINT \ system
  Domainhere \ APService

我应该编写类似于以下内容的powershell脚本

$csv = Import-CSV ".\sites-default.csv"

$web = Get-SPWeb = "https://mymachine.mydomain"

foreach($row in $csv)
{

#You could do this to format your account name if not already in the csv

$username = "Domain\" + $row.key

$web.EnsureUser($username)

$group = $web.SiteGroups |?{$_.name -eq "GROUPNAME"}

Set-SPUser -identity $username -web $web.url -group $group

}

还是他们做这种事情的更好方法?

2 个答案:

答案 0 :(得分:0)

我有一些使用CSOM在C#中工作的代码。它从所有列表(文档库也是列表)和网站级别读取权限,并将其写入Excel。

然后,它从Excel中读取权限,并将其放到新的SharePoint中。

Excel使用using OfficeOpenXml;

模型

public class PermissionsToExcel
{
    public string ListTitle { get; set; }
    public string Gebruikersnaam { get; set; }
    public string Rechten { get; set; }
    public string ListUrl { get; set; }
    public bool HasUniqueRoleAssignments { get; set; }
}

从每个列表中获取组及其权限的代码:

List<PermissionsToExcel> permissionsToExcelList = new List<PermissionsToExcel>();
using (ClientContext ctx = new ClientContext(@"http://yoursharepointurl.com/"))
{
    Web web = ctx.Web;
    ctx.Load(web, w => w.HasUniqueRoleAssignments, w => w.Url);
    ctx.Load(web.RoleAssignments);
    ctx.Load(web.Lists);
    ctx.Load(web.Lists, lists => lists.Include(list => list.Title, list => list.DefaultViewUrl, list => list.RoleAssignments, list => list.RoleAssignments.Groups, list => list.HasUniqueRoleAssignments));
    ctx.ExecuteQuery();
    //Get permissions on site level
    foreach (RoleAssignment webRA in web.RoleAssignments)
    {
        ctx.Load(webRA.Member);
        ctx.Load(webRA.RoleDefinitionBindings);
        ctx.ExecuteQuery();
        foreach (RoleDefinition definition in webRA.RoleDefinitionBindings)
        {
            ctx.Load(definition);
            ctx.ExecuteQuery();
            permissionsToExcelList.Add(new PermissionsToExcel() { ListTitle = "", Gebruikersnaam = webRA.Member.LoginName, Rechten = definition.Name, ListUrl = web.Url, HasUniqueRoleAssignments = web.HasUniqueRoleAssignments });
        }
    }
    //Write down each group per list and their permissions
    foreach (List list in web.Lists)
    {
        string listUrl = list.Context.Url + list.GetWebRelativeUrl();
        foreach (RoleAssignment listRA in list.RoleAssignments)
        {
            ctx.Load(listRA.Member);
            ctx.Load(listRA.RoleDefinitionBindings);
            ctx.ExecuteQuery();
            foreach (RoleDefinition definition in listRA.RoleDefinitionBindings)
            {
                ctx.Load(definition);
                ctx.ExecuteQuery();
                permissionsToExcelList.Add(new PermissionsToExcel() { ListTitle = list.Title, Gebruikersnaam = listRA.Member.LoginName, Rechten = definition.Name, ListUrl = listUrl, HasUniqueRoleAssignments = list.HasUniqueRoleAssignments });
            }
        }
    }
}

使用EPPlus将权限写入Excel

ExcelPackage excel = new ExcelPackage();
var workSheet = excel.Workbook.Worksheets.Add("Permissions");
workSheet.Cells[1, 1].LoadFromCollection(permissionsList, true);

using (var memoryStream = new MemoryStream())
{
    Response.ContentType = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
    Response.AddHeader("content-disposition", "attachment;  filename=Permissions.xlsx");
    excel.SaveAs(memoryStream);
    memoryStream.WriteTo(Response.OutputStream);
    Response.Flush();
    Response.End();
 }

从Excel中读取权限

List<PermissionsToExcel> permissionslist = new List<PermissionsToExcel>();

FileInfo existingFile = new FileInfo(@"C:\path\Permissions.xlsx");
using (ExcelPackage package = new ExcelPackage(existingFile))
{
    //Get the first worksheet in the workbook
    ExcelWorksheet excelWorksheet = package.Workbook.Worksheets["Permissions"];
    int colCount = excelWorksheet.Dimension.End.Column;  //get Column Count
    int rowCount = excelWorksheet.Dimension.End.Row;     //get row count
    for (int row = 2; row <= rowCount; row++)//Rij 1 is de titel rij, beginnen bij rij 2
    {
        PermissionsToExcel permission = new PermissionsToExcel
        {
            ListTitle = excelWorksheet.Cells[row, 1].Value.ToString().Trim(),
            Gebruikersnaam = excelWorksheet.Cells[row, 2].Value.ToString().Trim(),
            Rechten = excelWorksheet.Cells[row, 3].Value.ToString().Trim(),
            ListUrl = excelWorksheet.Cells[row, 4].Value.ToString().Trim(),
            HasUniqueRoleAssignments = excelWorksheet.Cells[row, 5].Value.ToString().Trim().ToBoolean()
        };
        permissionslist.Add(permission);
    }
    return permissionslist;
}

将权限放到一个新站点(该站点具有与旧站点相同的库设置!!

using (ClientContext ctx = new ClientContext(@"http://newSharePointSiteUrl.com/"))
{
    Web web = ctx.Web;
    ctx.Load(web.Lists);
    ctx.Load(web.RoleDefinitions);
    ctx.ExecuteQuery();
    //Ophalen rollen
    RoleDefinition roleTypeOwner = ctx.Web.RoleDefinitions.GetByType(RoleType.Administrator);
    RoleDefinition roleTypeEditor = ctx.Web.RoleDefinitions.GetByType(RoleType.Editor);
    RoleDefinition roleTypeVisitor = ctx.Web.RoleDefinitions.GetByType(RoleType.Reader);
    //RoleDefinition roleTypeNone = ctx.Web.RoleDefinitions.GetByType(RoleType.None);//Werkt niet
    ctx.ExecuteQuery();
    //Get groups
    ctx.Load(ctx.Web.SiteGroups);
    ctx.Load(ctx.Web.SiteUsers);
    ctx.ExecuteQuery();
    foreach (PermissionsToExcel pte in permissionslist)
    {
        if (pte.ListTitle == "")//If listtitle is empty, it's the site permissions
        {
            //Get site
            User user = ctx.Web.SiteUsers.GetByLoginName(pte.Gebruikersnaam);
            ctx.Load(user);
            ctx.ExecuteQuery();
            //Check if the site had unique permissions
            if (pte.HasUniqueRoleAssignments)//Site had unique permissions, break inheritance and take away the old groups
            {
                RoleDefinitionBindingCollection rdbc = new RoleDefinitionBindingCollection(ctx);
                switch (pte.Rechten)
                {
                    case "Read":
                        rdbc.Add(roleTypeVisitor);
                        break;
                    case "Edit":
                        rdbc.Add(roleTypeEditor);
                        break;
                    case "Full Control":
                        rdbc.Add(roleTypeOwner);
                        break;
                    default:
                        break;
                }
                web.BreakRoleInheritance(false, true);
                web.RoleAssignments.Add(user, rdbc);
            }
            else//Site had no unique permissions, inherit from above
            {
                //TODO: do we want that?
            }
        }
        else if (web.ListExists(pte.ListTitle))//Go over all lists
        {
            //Get List
            List list = web.Lists.First(t => t.Title == pte.ListTitle);
            //var group = ctx.Web.SiteGroups.GetByName(pte.Gebruikersnaam);
            //ctx.Load(Group);
            //ctx.ExecuteQuery();
            User user = ctx.Web.SiteUsers.GetByLoginName(pte.Gebruikersnaam);
            ctx.Load(user);
            ctx.ExecuteQuery();
            //Check if list had unique permissions
            if (pte.HasUniqueRoleAssignments)//List had unique permissions, stop inheritance and put back groups with their permissions
            {
                RoleDefinitionBindingCollection rdbc = new RoleDefinitionBindingCollection(ctx);
                switch (pte.Rechten)
                {
                    case "Read":
                        rdbc.Add(roleTypeVisitor);
                        break;
                    case "Edit":
                        rdbc.Add(roleTypeEditor);
                        break;
                    case "Full Control":
                        rdbc.Add(roleTypeOwner);
                        break;
                    default:
                        break;
                }
                list.BreakRoleInheritance(false, true);
                //list.RoleAssignments.Add(Group, rdbc);
                list.RoleAssignments.Add(user, rdbc);
            }
            else //List had no unique permissions, inherit from above
            {
                list.ResetRoleInheritance();
            }
        }
        else
        {
            Debug.WriteLine("LIST NOT FOUND: PROBLEM");
        }
    }
}

答案 1 :(得分:0)

您要遵循的过程是:

$ user = Get-SPUser-标识“ DOM \ john.smith” -Web https://siteCollectionUrl

Move-SPUser-身份$ user -NewAlias“ i:0#.w | IDD \ 142909” -IgnoreSid

这将在整个服务器场范围内迁移用户。您无需致电确保用户。

如果您使用的是User Profile Service应用程序,请确保您的用户帐户具有对UPSA的完全控制权,以迁移用户。如果使用Windows Claims auth,我还提供了上面的示例。在Get-SPUser上,您不必指定它,但是在Move-SPUser上,您可以指定它。

https://social.technet.microsoft.com/Forums/en-US/2703f6de-7a79-46b8-9184-01279a845c4b/migrating-all-users-to-a-new-domain?forum=sharepointadmin