网站与SharePoint整合--同步用户

最近的项目中，使用到了把使用的网站，整合到SP，做了一写东西，也分享一下。

主要做的是用户的同步，把现有网站的用户到同步到SharePoint 中。SharePoint以下简称：SP

其中，网站的用户，添加到SP中，主要两个种用户，local user(本地用户)或AD user(域用户)。这边的SP域环境下的。

概念整理：

同步用户：用户添加到SP，并加入到相应的用户组中（没有用户组，就要先添加，并配置权限）。

用户添加到SP：先将用户添加为local user 或者 AD user，再加到SP中。

用户组的权限设置：先添加Permission Level(权限级别)，再给用户组指定权限级别。

权限级别：权限点的集合，可查看SP新建权限级别时的选项，加深理解。

同步用户的步骤：

1.将全部用户读出，写成alluser.xml文件。
2.写power shell script：CreateADuser.ps1，利用alluser.XMl文件，将用户添加到AD中。（添加为local user也可以，按环境需要）
3.将用户的按组取出，写为group.xml文件
4.按写power shell script：AddUserToGroup.ps1组分类将用户加入到对应该得组中，没有组，先添加。其中涉及用户组的权限设置，只给出的例子是已经建

立好权限级别，直接给组指定。

代码参考：

power shell script添加的结果写到了日志文件中，请看代码中写法。

alluser.xml：

<?xml version="1.0" ?>
<Users>
<User>
<UserAC>gzfusion006\testUser</UserAC>
<Email>abcd@abcde.com</Email>
<UserName>testUser</UserName>
</User>
<User>
<UserAC>gzfusion006\eric1</UserAC>
<Email>abcd@abcde.com</Email>
<UserName>eric1</UserName>
</User>
<User>
<UserAC>gzfusion006\michael</UserAC>
<Email>abc@cbd.fusion.com</Email>
<UserName>michael</UserName>
</User>
</Users>

CreateADuser.ps1:

Import-Module ActiveDirectory
# Get current directory and set import file in variable
$path     = Split-Path -parent $MyInvocation.MyCommand.Definition
$date     = Get-Date
$xmlFilePath = $path + "\alluser.xml"
$log     = $path + "\create_ad_users.log"

Function Check-ADUser
{
Param ($Username)

$Username = ($Username.Split("\")[1])
$ADRoot = [ADSI]''
$ADSearch = New-Object System.DirectoryServices.DirectorySearcher($ADRoot)
$SAMAccountName = "$Username"
$ADSearch.Filter = "(&(objectClass=user)(sAMAccountName=$SAMAccountName))"
$Result = $ADSearch.FindAll()

If($Result.Count -eq 0)
{
$Status = "0"
}
Else
{
$Status = "1"
}
$Results = New-Object Psobject
$Results | Add-Member Noteproperty Status $Status
Write-Output $Results
}

"Created following users (on " + $date + "): " | Out-File $log -append
"--------------------------------------------" | Out-File $log -append
$ctsXML = [xml](Get-Content($xmlFilePath))

$ctsXML.users.user | ForEach-Object {
$username =  $_.UserName
$password = "P@ssw0rd"
$email = $_.Email
$Status = (Check-ADUser -username $username).Status
if ($Status -eq 1){
#write-host $username "already exists!"
$username + "already exists!" | Out-File $log -append
}else{
#设置用户的属性
#-PasswordNeverExpires $True : 用户密码永不过期
new-aduser -samaccountname $username -name $username -EmailAddress $email -PasswordNeverExpires $True -enabled $true -accountpassword (convertto-securestring $password -asplaintext -force)
#write-host "add [" $username "] success"
"add [" + $username + "] success"  | Out-File $log -append
}
}

"==================================================================" | Out-File $log -append

write-host "Complete!!"

group.xml:

<?xml version="1.0"?>
<Groups>
<Group name="ContractID_0230_RoleID_0007" contractid="230" roleid="7">
<Users>
<User>gzfusion006\testUser</User>
<User>gzfusion006\eric1</User>
</Users>
</Group>
<Group name="ContractID_0245_RoleID_0003" contractid="245" roleid="3">
<Users>
<User>gzfusion006\michael</User>
<User>gzfusion006\eric1</User>
<User>gzfusion006\testUser</User>
</Users>
</Group>
</Groups>

AddUserToGroup.ps1:

[Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint");

$path        = Split-Path -parent $MyInvocation.MyCommand.Definition
$xmlFilePath = $path + "\group.xml"
$log         = $path + "\add_users_to_sharepoint.log"
$date        = Get-Date

#$siteurl = $siteCollectionURL + $_.Code;
$siteurl = "http://localhost:34914/";
$site = New-Object Microsoft.SharePoint.SPSite($siteurl)
$web = $site.RootWeb;

"Created following users (on " + $date + "): " | Out-File $log -append
"--------------------------------------------" | Out-File $log -append
$ctsXML = [xml](Get-Content($xmlFilePath))

$ctsXML.Groups.Group | ForEach-Object {

$groupName = $_.name
$exists = $web.SiteGroups | where { $_.Name -eq $groupName }
# add UserGroup
if ($exists -eq $null)
{
$owner = "administrator"
$permission = "讀取"
# Create group
$web.SiteGroups.Add($groupName, $web.EnsureUser($owner), $null, "");
# Give permissions to the group
$assign = New-Object Microsoft.SharePoint.SPRoleAssignment($web.SiteGroups[$groupName]);
$assign.RoleDefinitionBindings.Add($web.RoleDefinitions[$permission])
$web.RoleAssignments.Add($assign)

}

$spUserGroup = $web.SiteGroups[$groupName]
#Add the users defined in the XML to the SharePoint group
$_.Users.User | ForEach-Object {
$UserAC = $_
$UserName = $UserAC.substring($UserAC.indexof('\')+1)

$spuser = $web.EnsureUser($UserName);

$spUserGroup.AddUser($spuser);

try {
$spuser = $web.EnsureUser($UserName);
$spUserGroup.AddUser($spuser);
write-host "groupName: [" + $groupName + "] add user name:" + $UserName
} catch [Exception] {
$_.Exception.GetType().FullName | Out-File $log -append
$_.Exception.Message | Out-File $log -append
}
}
}
$web.dispose()
$site.dispose()

"==================================================================" | Out-File $log -append
write-host "Complete!!"

最后，希望对有需要的人，有帮助，有错误或问题请指出，相互学习学习，谢谢！