locked
Find and delete users permission accross the farm RRS feed

  • Question

  • Hi,

    I'm looking for a way (maybe power shell script) to find a user's permissions and delete it across the farm instead of me to go site collection one by one and remove him.

    Any thoughts?

    Thanks a lot in advance

    Wednesday, November 25, 2015 6:42 AM

Answers

  • Hi,

    You could create a banned group in active directory. And you could add that group to the Web Application policies with deny all setting in central administration.

    You could go to the central administration-> manage web applications->select one web application->click user policy in the ribbon->select the user group and select deny all.

    Then you could add the user in the banned group.

    And you also could remove the user from all site collections by PowerShell script. If you remove the user in the site collection, he will not have the permission in the site collection.

    For more detailed information, you could refer to the case below.

    There is a similar case:

    https://social.technet.microsoft.com/Forums/office/en-US/eba46699-d3e2-4447-b7fa-2ec87c00ce68/powershell-to-remove-a-user-from-all-site-collection

    Best regards,

    Sara Fan


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Victoria Xia Wednesday, December 2, 2015 1:10 AM
    • Marked as answer by Victoria Xia Wednesday, December 9, 2015 7:16 AM
    Thursday, November 26, 2015 9:46 AM

All replies

  • There's a dozen scripts out there that do this. For one that reports on user permissions you can try this:

    http://www.sharepointdiary.com/2013/01/permission-report-for-specific-user.html

    You can either modify that to remove permissions or find another one that deletes them.

    Wednesday, November 25, 2015 9:12 AM
  • Hi,

    You could create a banned group in active directory. And you could add that group to the Web Application policies with deny all setting in central administration.

    You could go to the central administration-> manage web applications->select one web application->click user policy in the ribbon->select the user group and select deny all.

    Then you could add the user in the banned group.

    And you also could remove the user from all site collections by PowerShell script. If you remove the user in the site collection, he will not have the permission in the site collection.

    For more detailed information, you could refer to the case below.

    There is a similar case:

    https://social.technet.microsoft.com/Forums/office/en-US/eba46699-d3e2-4447-b7fa-2ec87c00ce68/powershell-to-remove-a-user-from-all-site-collection

    Best regards,

    Sara Fan


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Victoria Xia Wednesday, December 2, 2015 1:10 AM
    • Marked as answer by Victoria Xia Wednesday, December 9, 2015 7:16 AM
    Thursday, November 26, 2015 9:46 AM