I had a couple of requests to write a PowerShell script to be run against ODFB. The requirements are that it should find all the files that are shared and show the filename, who it was shared with, the path and the type (file or folder). One additional requirement that might be a little strange, that the script could be run by someone who is NOT a Global or SharePoint admin. So the intent is that a regular user can run this script against their own ODFB and see the files and who they are shared with. Another possible use case for the script would be granting someone secondary admin rights on all ODFB sites in the Tenant such as a help desk employee and that they may have a need to identify the files and who is sharing them.
You may also think, “Say, there is already a view in ODFB that does this. Why do I need this script?” that is, if you know that view is there. Of course you can see the files that you have shared as shown below:
But you will notice that although it shows when I shared the file, it does not show me WHO I shared it with. So that bit of info could be found in this view as well by highlighting the specific document and click Manage access as shown:
But that only gets me the users for a single document, so if my intent is to audit the sharing of ALL files, then this script is for you.
The only requirements for running the script are:
- That you are the owner of the ODFB or
- you are a secondary admin on the site and
- have installed the SharePoint PowerShell PnP module.
Now if you haven’t seen it, I have another post on PnP that will detail how to install the module (pretty easy). Once done you should be ready to run the script as shown below:
Pretty cool that it is so short, right? Courtesy of PnP, if I had to do this with CSOM it would have been much longer. First, we connect to the ODFB site (it will always be configured as your UPN such as UPN@company.com to be \personal\UPN_company_com).
Then we use the Get-PnPListItem command to get all of the documents in the List, wait for it…. Documents! We set the pagesize to 4000 to batch them in something less than the 5000 item view limit. I write the header with an out-file, etc., all very humdrum stuff, you’ve probably done it a thousand and one times.
Then we do a foreach through the files and extract some values. Before getting to the point that the CSV is output we filter the results with the if ($lookup -ne $null) filter so that the result extracts only files that have been shared in the output. So if you wanted to get all the files then you would remove the if statement and just write out the results.
I think this is a pretty utilitarian script and one that you may find useful. If you do find it to be useful, I would appreciate it if you would post a comment on the blog.
Live Long and Prosper,