Remove all Users and Groups from SharePoint Site

Welcome Forums General PowerShell Q&A Remove all Users and Groups from SharePoint Site

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
3 months, 4 weeks ago.

  • Author
    Posts
  • #103226

    Participant
    Points: 0
    Rank: Member

    hoping someone out there can point me in the right direction. We have identified around 200+ sites which have not been accessed for 6 months+ and would like to remove access to those sites for a period of time, then if nobody contacts us..we will archive them. I have tried to create a powershell script which imports a list of SharePoint site URLs and iterates through them and removes all the groups and users on that site. First of all, it breaks the inheritance (works) then should remove the users (works) and groups (not working). Am I going about this in the wrong way – or do i just not have the correct syntax?

    #Add SharePoint PowerShell SnapIn if not already added
    if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {
    Add-PSSnapin "Microsoft.SharePoint.PowerShell"
    }
    
    $sites = import-csv "C:\temp\sites.csv"
    $Header = "URL"
    
    ForEach ($item in $sites)
    {
        $URL = $item.("URL")
        $spweb = Get-SPWeb $item.("URL")
        $spweb.BreakRoleInheritance($true,$true)
        $groups = $spweb.SiteGroups
        $users = $spweb.SiteUsers
      
        ForEach($group in $groups)
        {
            #$spweb.SiteGroups.Remove($group)
            #Write-Output $group
            Remove-SPOSiteGroup -Site $spweb -Identity $group
        }
    
        ForEach($user in $users)
        {
            Remove-SPUser -Identity $user -web $spweb -Confirm:$False
        }
    
        $spweb.Dispose()
    }

    Grateful for any help or tips.

    Thanks

  • #103265

    Participant
    Points: 45
    Helping Hand
    Rank: Member

    IMHO, as I've had to deal with this in the past, but this was general IIS sites.
    (I had a customer that had 1400 sites, only 10% were being used.)
    It would be far simpler to simply disable the sites.
    If no one complains after a period of time, archive and delete them.
    Thus none of this permissions stuff to mess with, thus not breaking anything.

    Or just directly lock access to the site or redir.

    So, maybe this... for SP... will work for you, for example,

    # Using Set-SPSite, you can lock down the site collection with the LockState parameter.
    Set-SPSite -Identity https://contoso.sharepoint.com -LockState NoAccess
    

    I'd also suggest a redir to a simple site page stating why the X sites are not accessible / currently decommissioned to eliminate random helpdesk calls.

  • #103295

    Participant
    Points: 0
    Rank: Member

    Hi. Thanks for coming back to me. Your suggestion is exactly where I started when looking into this, unfortunately...the LockStatus is only available at the Site Collection level and the majority of the sites not in use are sub sites. I agree totally that locking would be much simpler and easier to re-instate, but unless there is a way to do it at the site level – options are limited I think. I got the script to work (copied below)

    #Add SharePoint PowerShell SnapIn if not already added
    if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {
    Add-PSSnapin "Microsoft.SharePoint.PowerShell"
    }
    
    $sites = import-csv "C:\temp\sites.csv"
    #$Header = "URL"
    
    ForEach ($item in $sites)
    {
        $URL = $item.("URL")
    
        #Get first web in the list
        $spweb = Get-SPWeb $item.("URL")
        $spweb.BreakRoleInheritance($true,$true)
        $spgroups = $spweb.SiteGroups
        $users = $spweb.SiteUsers
      
        ForEach($user in $users)
        {
            $spweb.RoleAssignments.Remove([Microsoft.SharePoint.SPUser]$user);
            $spweb.Update();
        }
    
        ForEach($group in $spgroups)
        {
            $spgroup = $spweb.SiteGroups[$group]
            $spweb.RoleAssignments.Remove($spgroup)
            $spweb.Update();
        }
    
        $spweb.Dispose()
    }

    Good shout on redirect, I'll look into it...would need to look at creating a new page at each site and set it as the homepage...there is probably a smarter way at the IIS level you could do this for certain sites, will investigate.

    Thanks again for your reply.

The topic ‘Remove all Users and Groups from SharePoint Site’ is closed to new replies.