We have 600+ SharePoint sites and we are going to migrate them to an entirely new hybrid domain environment. We are currently attempting a configuration of a cross-tenant access scenario. I am attempting to find any users who have been directly assigned to any of our SharePoint sites. I don't want to go user by user (3000+ users) to find direct assignments unless I absolutely have to. I would rather look at the sites and determine if a user is not assigned as a part of a group. So far I am not finding a SPO cmdlet that will identify the direct assigned users.
Has anyone done this before, and if so would you be willing to share your methods and experience? I can assign all of the current users/groups but would rather clean up before migrating the sites from the old tenant to the new tenant. I have successfully assigned my account in the new tenant as an #EXT user to an existing site in the old tenant. But we are wanting to avoid direct assignments it at all possible.
I am pulling the sites into a collection with Get-SPOSite, and users/groups for each site with Get-SPOUser. From there I need to identify direct assignments and that isn't clear. TIA.
To find any users who have been directly assigned to any of the SharePoint sites, you can use the Get-SPOUser cmdlet to get a list of all users for each site, and then use the Get-SPOGroup cmdlet to get a list of all groups for each site. You can then compare the users against the members of each group to determine if any users are not assigned as part of a group. Here's an example PowerShell script that should accomplish this:
$sites = Get-SPOSite
foreach ($site in $sites) {
$users = Get-SPOUser -Site $site.Url
$groups = Get-SPOGroup -Site $site.Url
foreach ($user in $users) {
$isAssigned = $false
foreach ($group in $groups) {
$members = Get-SPOGroup -Site $site.Url -Group $group.Title | Select-Object -ExpandProperty Users
if ($members -contains $user.LoginName) {
$isAssigned = $true
break
}
}
if (!$isAssigned) {
Write-Output "User $($user.LoginName) is not assigned to a group on site $($site.Url)"
}
}
}
This script will loop through all SharePoint sites in your tenant, and for each site it will get a list of all users and groups. It will then loop through each user, and for each user it will loop through each group to see if the user is a member of that group. If the user is not a member of any group, it will output a message indicating that the user is not assigned to a group on that site.