Post
Ask Question

SharePoint Get/ADD/Remove Users to Farm Admin Group Using PowerShell

Farm Admin

Two sets of users are allowed to do administrative functions for Microsoft: members of the administrators group for the local server computer and members of the SharePoint administration group. The SharePoint administration group is a Microsoft Windows domain group that is registered with it. Members of this domain group can do Central Administration tasks without having to be given administrator rights to the local server computer. This is particularly useful in a server Farm, because you can grant rights across the server Farm, rather than individually for each computer in the server Farm. This is also useful for applications that call into the administrative object model for whatever. If the application process can be configured to run as a member of the SharePoint administration group, it can create new sites, modify quota values for sites and so on.

Members of the SharePoint administration group can do SharePoint Central Administration tasks, but do not have access to the file system of the server or the IIS metabase, so they cannot perform actions on other applications running on the server, such as IIS, Microsoft SQL Server, ASP.NET and so on.

Members of the SharePoint administration group can perform any other administrative action using the HTML Administration pages or object model for. For example, members of the group can view and manage all sites created on their servers. This means that a member of the SharePoint administration group can read documents or list items, change survey settings, delete a site, or perform any action on a site that the site administrator can perform.

Get Farm admins

The following piece of code gets the users under the SharePoint Farm Administrator group.

  1. Function GetSPfarmAdministrators   
  2. {  
  3.     $localServer = $env:computername  
  4.     write-host "Getting farm administartors list" -fore magenta  
  5.     $output = $scriptbase + "\" + "FarmAdmins.csv"  
  6.     "ServerName" + "," + "FarmAdmin" + "," + "DisplayName" | Out-File -Encoding Default -FilePath $Output;  
  7.     $adminwebapp = Get-SPwebapplication -includecentraladministration | where   {$_.IsAdministrationWebApplication}  
  8.     $adminsite = Get-SPweb($adminwebapp.Url)  
  9.     $AdminGroupName = $adminsite.AssociatedOwnerGroup  
  10.     $farmAdministratorsGroup = $adminsite.SiteGroups[$AdminGroupName]  
  11.     $FarmAdminUsers = $farmAdministratorsGroup.users  
  12.     foreach($user in $FarmAdminUsers)  
  13.     {  
  14.         write-host $user.name -fore cyan  
  15.         $localServer + "," + $user.Loginname + "," + $user.name | Out-File -Encoding Default -Append            -FilePath Output;  
  16.     }  
  17.     write-host "Farm administrators details collectd" -fore green  
  18. }  
Add users or groups to Farm admin group.
  1. Function AddSPfarmAdministrator([string] $LoginName)  
  2. {  
  3.     $ans = read-host "Do you want the user $LoginName to be added to the SP farm administrator group    (y/n)? "  
  4.     if($ans -eq 'y')  
  5.     {  
  6.         $adminwebapp = Get-SPwebapplication -includecentraladministration | where       {$_.IsAdministrationWebApplication}  
  7.         $adminsite = Get-SPweb($adminwebapp.Url)  
  8.         $admingroup = $adminsite.AssociatedOwnerGroup  
  9.         write-host "Adding user $LoginName to the SP farm admin group" -fore cyan  
  10.         $adminsite.SiteGroups[$admingroup].AddUser($LoginName,"","","")  
  11.         write-host "User $LoginName added to successfully to the SP farm admin group" -fore green  
  12.     }  
  13.     else  
  14.     {  
  15.         write-host "User choose not to add the user to SP farm admin group"  
  16.     }  
  17. }  
Add users or groups from Farm admin group
  1. Function RemoveSPfarmAdministrator([string] $LoginName)  
  2. {  
  3.     $ans = read-host "Do you want the user $LoginName to be removed from SP farm administrator group    (y/n)? "  
  4.     if($ans -eq 'y')  
  5.     {  
  6.         $adminwebapp = Get-SPwebapplication -includecentraladministration | where       {$_.IsAdministrationWebApplication}  
  7.         $adminsite = Get-SPweb($adminwebapp.Url)  
  8.         $admingroup = $adminsite.AssociatedOwnerGroup  
  9.         write-host "Removing user $LoginName from SP farm admin group" -fore cyan  
  10.         $user = get-spuser $LoginName -web $adminwebapp.Url  
  11.         $adminsite.SiteGroups[$admingroup].RemoveUser($user)  
  12.         write-host "User $LoginName removed successfully from SP farm admin group" -fore green  
  13.     }  
  14.     else  
  15.     {  
  16.         write-host "User choose not to remove the user from SP farm admin group"  
  17.     }  
  18. }  
Complete Code
  1. $LogTime = Get-Date -Format yyyy-MM-dd_hh-mm  
  2. $LogFile = ".\GetAddRemoveUsersToSPFarmAdminGroupPatch-$LogTime.rtf"  
  3. # Add SharePoint PowerShell Snapin  
  4.     if ( (Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null )   
  5.     {  
  6.         Add-PSSnapin Microsoft.SharePoint.Powershell  
  7.     }  
  8.         import-module WebAdministration  
  9.         $scriptBase = split-path $SCRIPT:MyInvocation.MyCommand.Path -parent  
  10.         Set-Location $scriptBase  
  11.         write-host "TESTING FOR LOG FOLDER EXISTENCE" -fore yellow  
  12.         $TestLogFolder = test-path -path $scriptbase\Logs  
  13.     if($TestLogFolder)  
  14.     {  
  15.         write-host "The log folder already exist in the script location" -fore yellow  
  16.         $clearlogfolder = read-host "Do you want to clear the log folder (y/n)"  
  17.     if($clearlogfolder -eq 'y')  
  18.     {  
  19.         write-host "The user choosen to clear the log folder" -fore yellow  
  20.         write-host "Clearing the log folder" -fore yellow  
  21.         remove-item $scriptbase\Logs\* -recurse -confirm:$false  
  22.         write-host "Log folder cleared" -fore yellow  
  23.     }  
  24.     else  
  25.     {  
  26.     write-host "The user choosen not to clear the log files" -fore yellow  
  27.     }  
  28.     }  
  29.     else  
  30.     {  
  31.         write-host "Log folder does not exist" -fore yellow  
  32.         write-host "Creating a log folder" -fore yellow  
  33.         New-Item $Scriptbase\Logs -type directory  
  34.         write-host "Log folder created" -fore yellow  
  35.     }   
  36.         #moving any .rtf files in the scriptbase location  
  37.         $FindRTFFile = Get-ChildItem $scriptBase\*.* -include *.rtf  
  38.     if($FindRTFFile)  
  39.     {  
  40.         write-host "Some old log files are found in the script location" -fore yellow  
  41.         write-host "Moving old log files into the Logs folder" -fore yellow  
  42.     foreach($file in $FindRTFFile)  
  43.     {  
  44.         move-item -path $file -destination $scriptbase\logs  
  45.     }  
  46.         write-host "Old log files moved successfully" -fore yellow  
  47.     }  
  48. start-transcript $logfile  
  49. Function GetSPfarmAdministrators   
  50. {  
  51.     $localServer = $env:computername  
  52.     write-host "Getting farm administartors list" -fore magenta  
  53.     $output = $scriptbase + "\" + "FarmAdmins.csv"  
  54.     "ServerName" + "," + "FarmAdmin" + "," + "DisplayName" | Out-File -Encoding Default -FilePath $Output;  
  55.     $adminwebapp = Get-SPwebapplication -includecentraladministration | where   {$_.IsAdministrationWebApplication}  
  56.     $adminsite = Get-SPweb($adminwebapp.Url)  
  57.     $AdminGroupName = $adminsite.AssociatedOwnerGroup  
  58.     $farmAdministratorsGroup = $adminsite.SiteGroups[$AdminGroupName]  
  59.     $FarmAdminUsers = $farmAdministratorsGroup.users  
  60.     foreach($user in $FarmAdminUsers)  
  61.     {  
  62.         write-host $user.name -fore cyan  
  63.         $localServer + "," + $user.Loginname + "," + $user.name | Out-File -Encoding Default -Append        -FilePath $Output;  
  64.     }  
  65.         write-host "Farm administrators details collectd" -fore green  
  66.     }  
  67. Function AddSPfarmAdministrator([string] $LoginName)  
  68. {  
  69.         $ans = read-host "Do you want the user $LoginName to be added to the SP farm administrator      group   (y/n)? "  
  70.     if($ans -eq 'y')  
  71.     {  
  72.     $adminwebapp = Get-SPwebapplication -includecentraladministration | where   {$_.IsAdministrationWebApplication}  
  73.     $adminsite = Get-SPweb($adminwebapp.Url)  
  74.     $admingroup = $adminsite.AssociatedOwnerGroup  
  75.     write-host "Adding user $LoginName to the SP farm admin group" -fore cyan  
  76.     $adminsite.SiteGroups[$admingroup].AddUser($LoginName,"","","")  
  77.     write-host "User $LoginName added to successfully to the SP farm admin group" -fore green  
  78.     }  
  79.     else  
  80.     {  
  81.         write-host "User choose not to add the user to SP farm admin group"  
  82.     }  
  83. }  
  84. Function RemoveSPfarmAdministrator([string] $LoginName)  
  85. {  
  86.         $ans = read-host "Do you want the user $LoginName to be removed from SP farm administrator      group   (y/n)? "  
  87.     if($ans -eq 'y')  
  88.     {  
  89.         $adminwebapp = Get-SPwebapplication -includecentraladministration | where   {$_.IsAdministrationWebApplication}  
  90.     $adminsite = Get-SPweb($adminwebapp.Url)  
  91.     $admingroup = $adminsite.AssociatedOwnerGroup  
  92.     write-host "Removing user $LoginName from SP farm admin group" -fore cyan  
  93.     $user = get-spuser $LoginName -web $adminwebapp.Url  
  94.     $adminsite.SiteGroups[$admingroup].RemoveUser($user)  
  95.     write-host "User $LoginName removed successfully from SP farm admin group" -fore green  
  96. }  
  97.     else  
  98.     {  
  99.         write-host "User choose not to remove the user from SP farm admin group"  
  100.     }  
  101. }  
  102. write-host "########################################################################################################" -fore cyan  
  103.     write-host "Enter 1 to get the SP farm administrator details" -fore green.  
  104.     write-host "Enter 2 to add users to SP farm administrator group" -fore green.  
  105.     write-host "Enter 3 to remove users from SP farm administrator group" -fore green.  
  106.     write-host  "########################################################################################################" -fore cyan  
  107. $option = read-host "Enter the option "  
  108.     switch($option)  
  109.     {  
  110. 1{  
  111.     GetSPfarmAdministrators  
  112. }  
  113. 2{  
  114.     write-host "Preparing to add users to SP farm administrator group" -fore magenta  
  115.     $csvfile = $scriptbase + "\" + "AddUsers.csv"  
  116.     import-csv $csvfile | where {  
  117.     AddSPfarmAdministrator $_.LoginName  
  118. }  
  119.     write-host "Users has been added to SP farm administrators group" -fore green  
  120. }  
  121. 3{  
  122.     write-host "Preparing to remove users from the SP farm administrator group" -fore magenta  
  123.     $csvfile1 = $scriptbase + "\" + "RemoveUsers.csv"  
  124.     import-csv $csvfile1 | where {  
  125.     RemoveSPfarmAdministrator $_.LoginName  
  126. }  
  127.     write-host "Users has been removed from SP farm administrators group" -fore green   
  128. }  
  129. }  
  130. write-host "SCRIPT COMPLETED" -fore green  
  131. stop-transcript  
Conclusion

Thus this article has explained how to Get/Add/Remove users in a SharePoint administrator group using a PowerShell script.


Similar Articles