SharePoint Dragons

Nikander & Margriet on SharePoint

Adding users and groups to SharePoint 2010 Lists via PowerShell Braindump

A braindump follows the train of thought of a person solving a problem. This process allows you to optimize through processes and reasoning patterns, and as such can be a useful and entertaining exercise. What follows is the braindump of adding users and groups to SharePoint 2010 Lists via PowerShell.

Let’s start by firing the SharePoint 2010 Management Shell and see what I can learn about SharePoint related PS commands.

I know that such commands contain “sp” in it, so I’ll do:

help *sp*.

Ah, that’s too much. I assume that I need to retrieve a list before I can add permissions, but in order to do that I’ll probably need to get hold of the correct site collection and site first. In that case, I’ll just go ahead and look for cmdlets that have get in it. I do:

help get-sp*

There they are, on the first page, Get-SPSite and Get-SPWeb. They look promising. Let’s see if I can get a site directly by using Get-SPWeb. But in order to do that, I first need to find out how to use it. I want to read the documentation, so I do:

help get-spweb -full

Hmm, if I take a look at the -Identity parameter, it seems to be enough to get hold of a specific site. Let’s try it.

get-spweb http://moon

Ok, got it. That wasn’t too bad. I notice that now i have an SPWeb object. Now, let’s see what I can do with a site, there should be a way to get a specific list. I do:

get-spweb http://moon | gm | more

Either the GetList or the GetListFromUrl method should help me to get a list. Let’s switch to MSDN at and look for:

spweb getlist

As it turns out, this method needs a server-relative URL for a list, for example, /sites/MySiteCollection/Lists/Announcements. That’s good enough for me. Once I have an SPList object, I’ll see what I can do with that. I’ll change the PS code a bit, so that I’ll have references to the various objects. I do:

$web = get-spweb http://moon
$list = $web.getlist(“/Lists/TheTestList”)

Let’s see that I really got it and try:


Fine, let’s find out about the list object then. I do:

$list | gm | more

Hmm, things are getting a little bit more complicated. Time to fire up Windows PowerShell ISE and work from there. That won’t do me any good unless I load the SharePoint PS snap in first. So, I do:

$snapIn = “Microsoft.SharePoint.PowerShell”

if ( get-pssnapin $snapIn -ea “silentlycontinue”)
  remove-pssnapin $snapIn

if ( get-pssnapin $snapIn -registered -ea “silentlycontinue”)
  add-pssnapin $snapIn

$web = get-spweb http://moon
$list = $web.getlist(“/Lists/TheTestList”)

The traditional PowerShell approach is getting too cumbersome by now. Instead of continuing going down this road, let’s find some C# code which does what I want and convert it to PowerShell.

$snapIn = “Microsoft.SharePoint.PowerShell”

Write-Host “Initializing SharePoint PowerShell Environment”
if ( get-pssnapin $snapIn -ea “silentlycontinue”)
  Write-Host “Remove SharePoint snap-in”
  remove-pssnapin $snapIn

if ( get-pssnapin $snapIn -registered -ea “silentlycontinue”)
  Write-Host “Add SharePoint snap-in”
  add-pssnapin $snapIn

Write-Host “Get web”
$web = get-spweb http://moon
Write-Host “Get list”
$list = $web.getlist(“/Lists/TheTestList”)

#Reset permissions
Write-Host “Reset to original security settings”
Write-Host “Break role inheritance”

# Remove all current assignments.
Write-Host “Remove all Role assignments”
Write-Host “Count:” $list.RoleAssignments.Count
while ($list.RoleAssignments.Count -gt 0)
  Write-Host “Removing a specific assignment for” $list.RoleAssignments[0].Member.Name
Write-Host “Count:” $list.RoleAssignments.Count

$userName = “lc\Administrator”
$user = $web.EnsureUser($userName)
Write-Host “user:” $user
$userRole = New-Object Microsoft.SharePoint.SPRoleAssignment($user)
$builtInRole = $web.RoleDefinitions[“Read”]
Write-Host “Built in role” $builtInRole.Name


$groupName = “SharePoint Dragons Owners”
$group = $web.SiteGroups[$groupName]
Write-Host “Group:” $group
$groupRole = New-Object Microsoft.SharePoint.SPRoleAssignment($group)

Write-Host “Finished”

Ah, there’s my proof of concept that I can later convert to Enterprise-level code. Now, let’s write that blog post.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: