A Comprehensive script for finding All Users Invited to SharePoint, Including Guests with Limited Access.

SharePoint, Microsoft's powerful collaboration platform, enables teams to efficiently collaborate, store, organize, and share documents. As a SharePoint administrator or owner, it is crucial to have a comprehensive understanding of who has access to your SharePoint site, including both internal users and external guests with limited access. In this article, we will walk you through the process of finding all the users invited to SharePoint, ensuring that you have complete visibility and control over your site's permissions.

Find all users with access to a SharePoint site by using a CSharp C# CSOM Console application.

using System;

using System.Collections.Generic;

using System.Dynamic;

using System.Net;

using System.Security;

using System.Xml;

using GetSiteAccess;

using Microsoft.SharePoint.Client;

//using Microsoft.SharePoint.Client;

using PnP.Core;

using PnP.Framework;

// See https://aka.ms/new-console-template for more information

Console.WriteLine("Hello, World!");

var pwd = "<YOUR_PWD>";

var passWord = new SecureString();

foreach (char c in pwd.ToCharArray()) passWord.AppendChar(c);

var users = new UsersResult();

var auth = new PnP.Framework.AuthenticationManager("xxx@yourtenant.onmicrosoft.com", passWord);

var ctx = auth.GetContext("https://yourtenant.sharepoint.com/sites/site");

var web = ctx.Web;

var site = ctx.Site;

ctx.Load(web, a => a.HasUniqueRoleAssignments, b => b.RoleAssignments, c => c.SiteUsers, d => d.SiteUserInfoList);

ctx.Load(site);

ctx.ExecuteQuery();

foreach (var role in ctx.Web.RoleAssignments)

{

ctx.Load(role, a => a.Member, b => b.RoleDefinitionBindings);

}

ctx.ExecuteQuery();

foreach (var role in ctx.Web.RoleAssignments)

{

var m = role.Member;

if (role.Member.PrincipalType == Microsoft.SharePoint.Client.Utilities.PrincipalType.SharePointGroup ||

role.Member.PrincipalType == Microsoft.SharePoint.Client.Utilities.PrincipalType.SecurityGroup ||

role.Member.PrincipalType == Microsoft.SharePoint.Client.Utilities.PrincipalType.DistributionList)

{

ctx.Load(role.Member as Microsoft.SharePoint.Client.Group, a => a.Users);

}

ctx.ExecuteQuery();

foreach (var user in web.SiteUsers)

{

if (user.IsSiteAdmin)

{

// include the site admins

users.Add(new

{

LoginName = user.LoginName,

Name = user.Title,

Member = user,

Role = "",

Group = "Site Collection Administrator"

});

}

foreach (var role in ctx.Web.RoleAssignments)

{

var m = role.Member;

if (role.Member.PrincipalType == Microsoft.SharePoint.Client.Utilities.PrincipalType.SharePointGroup ||

role.Member.PrincipalType == Microsoft.SharePoint.Client.Utilities.PrincipalType.DistributionList)

{

var group = role.Member as Microsoft.SharePoint.Client.Group;

if (group != null)

{

foreach (var user in group.Users)

{

// include users from groups

users.Add(new

{

LoginName = user.LoginName,

Name = user.Title,

Member = user,

Role = role.RoleDefinitionBindings,

Group = role.Member.Title

});

}

if (role.Member.PrincipalType == Microsoft.SharePoint.Client.Utilities.PrincipalType.SecurityGroup)

{

// fetch from the ms graph

}

if (role.Member.PrincipalType == Microsoft.SharePoint.Client.Utilities.PrincipalType.User)

{

// includes users with unique permissions via the Share button

users.Add(new

{

LoginName = role.Member.LoginName,

Name = role.Member.Title,

Member = role.Member,

Role = role.RoleDefinitionBindings,

Group = ""

});

}

var documentsList = ctx.Web.Lists.GetByTitle("Documents");

ctx.Load(documentsList);

ctx.ExecuteQuery();

var query = new CamlQuery();

query.ViewXml = "<View Scope='RecursiveAll'><Query><Where><IsNotNull><FieldRef Name='SharedWithDetails' /></IsNotNull></Where></Query></View>";

var items = documentsList.GetItems(query);

ctx.Load(items);

ctx.ExecuteQuery();

var i = items;

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Threading.Tasks;

namespace GetSiteAccess

{

internal class UsersResult

{

public List<dynamic> Users { get; }

public UsersResult()

{

Users = new List<dynamic>();

}

public List<dynamic> Add(dynamic user)

{

if(user == null) return Users;

var existingUser = Users.FirstOrDefault(x => x.LoginName == user.LoginName);

if(existingUser != null) return Users;

Users.Add(user);

return Users;

}

Find all users with access to a SharePoint site by using a PnP PowerShell.

Connect-PnPOnline https://yourtenant.sharepoint.com/sites/yoursite -Interactive

$web = Get-PnPWeb -Includes HasUniqueRoleAssignments,RoleAssignments,SiteUsers

$site = Get-PnPSite

foreach ($role in $web.RoleAssignments)

{

Get-PnPProperty -ClientObject $role -Property Member,RoleDefinitionBindings

}

foreach ($role in $web.RoleAssignments)

{

$m = $role.Member;

if ($m.PrincipalType -eq "SharePointGroup" -or $m.PrincipalType -eq "SecurityGroup" -or $m.PrincipalType -eq "DistributionList")

{

Get-PnPProperty -ClientObject $role.Member -Property Users

}

$users = [System.Collections.ArrayList]::new()

foreach ($user in $web.SiteUsers)

{

if ($user.IsSiteAdmin)

{

# include site admins

$users.Add(

LoginName = $user.LoginName;

Name = $user.Title;

Member = $user;

Role = "";

Group = "Site Collection Administrator"

});

}

foreach ($role in $web.RoleAssignments)

{

$m = $role.Member;

if ($m.PrincipalType -eq "SharePointGroup" -or

$m.PrincipalType -eq "DistributionList")

{

$group = $role.Member;

if ($group -ne $null)

{

foreach ($user in $group.Users)

{

# include users SharePoint from groups

$users.Add(

LoginName = $user.LoginName;

Name = $user.Title;

Member = $user;

Role = "";

Group = "Site Collection Administrator"

});

}

if ($m.PrincipalType -eq "SecurityGroup") {

# fetch from MS Graph

}

if ($m.PrincipalType -eq "User")

{

# include users with unique permissions via the Share button

$users.Add(

LoginName = $user.LoginName;

Name = $user.Title;

Member = $user;

Role = "";

Group = "Site Collection Administrator"

});

}

# find items shared iva the share button

$listItems = Get-PnPListItem -List "Documents" -Query "<View Scope='RecursiveAll'><Query><Where><IsNotNull><FieldRef Name='SharedWithDetails' /></IsNotNull></Where></Query></View>"

# find shared with details

foreach($i in $listItems) {

$s1 = $i.FieldValues.SharedWithUsers;

$s2 = $i.FieldValues.SharedWithDetails;

Write-Host $s1

Write-Host $s2

}

Write-Host $users

Having a clear understanding of who has access to your SharePoint site is crucial for effective administration and data security. By following the steps outlined in this article, you can easily find all users invited to SharePoint, including guests with limited access. Regularly reviewing and managing permissions will help you maintain a secure and well-organized collaboration environment for your team.