网站与SharePoint整合同步用户

最近的项目中，使用到了把使用的网站，整合到SP，做了一写东西，也分享一下。

主要做的是用户的同步，把现有网站的用户到同步到SharePoint 中。SharePoint以下简称：SP

其中，网站的用户，添加到SP中，主要两个种用户，local user(本地用户)或AD user(域用户)。这边的SP域环境下的。

概念整理：

同步用户：用户添加到SP，并加入到相应的用户组中（没有用户组，就要先添加，并配置权限）。

用户添加到SP：先将用户添加为local user 或者 AD user，再加到SP中。

用户组的权限设置：先添加Permission Level(权限级别)，再给用户组指定权限级别。

权限级别：权限点的集合，可查看SP新建权限级别时的选项，加深理解。

同步用户的步骤：

1.将全部用户读出，写成alluser.xml文件。
2.写power shell script：CreateADuser.ps1，利用alluser.XMl文件，将用户添加到AD中。（添加为local user也可以，按环境需要）
3.将用户的按组取出，写为group.xml文件
4.按写power shell script：AddUserToGroup.ps1组分类将用户加入到对应该得组中，没有组，先添加。其中涉及用户组的权限设置，只给出的例子是已经建
立好权限级别，直接给组指定。

代码参考：

power shell script添加的结果写到了日志文件中，请看代码中写法。

alluser.xml：

<?xml version="1.0" ?>
<Users>
  <User>
    <UserAC>gzfusion006\testUser</UserAC>
    <Email>abcd@abcde.com</Email>
    <UserName>testUser</UserName>
  </User>
  <User>
    <UserAC>gzfusion006\eric1</UserAC>
    <Email>abcd@abcde.com</Email>
    <UserName>eric1</UserName>
  </User>
  <User>
    <UserAC>gzfusion006\michael</UserAC>
    <Email>abc@cbd.fusion.com</Email>
    <UserName>michael</UserName>
  </User>
</Users>

CreateADuser.ps1:

Import-Module ActiveDirectory
# Get current directory and set import file in variable
$path     = Split-Path -parent $MyInvocation.MyCommand.Definition
$date     = Get-Date
$xmlFilePath = $path + "\alluser.xml"
$log     = $path + "\create_ad_users.log"

Function Check-ADUser 
{ 
    Param ($Username) 
 
    $Username = ($Username.Split("\")[1]) 
    $ADRoot = [ADSI]'' 
    $ADSearch = New-Object System.DirectoryServices.DirectorySearcher($ADRoot)  
    $SAMAccountName = "$Username" 
    $ADSearch.Filter = "(&(objectClass=user)(sAMAccountName=$SAMAccountName))" 
    $Result = $ADSearch.FindAll() 
 
    If($Result.Count -eq 0) 
    { 
        $Status = "0" 
    } 
    Else 
    { 
        $Status = "1" 
    } 
    $Results = New-Object Psobject 
    $Results | Add-Member Noteproperty Status $Status 
    Write-Output $Results     
}


"Created following users (on " + $date + "): " | Out-File $log -append
"--------------------------------------------" | Out-File $log -append
$ctsXML = [xml](Get-Content($xmlFilePath))

$ctsXML.users.user | ForEach-Object {
       $username =  $_.UserName 
       $password = "P@ssw0rd"
       $email = $_.Email
       $Status = (Check-ADUser -username $username).Status
       if ($Status -eq 1){
            #write-host $username "already exists!"
            $username + "already exists!" | Out-File $log -append
       }else{
            #设置用户的属性
            #-PasswordNeverExpires $True : 用户密码永不过期
            new-aduser -samaccountname $username -name $username -EmailAddress $email -PasswordNeverExpires $True -enabled $true -accountpassword (convertto-securestring $password -asplaintext -force)
            #write-host "add [" $username "] success"  
            "add [" + $username + "] success"  | Out-File $log -append
       }
}

"==================================================================" | Out-File $log -append


write-host "Complete!!"

group.xml:

<?xml version="1.0"?>
<Groups>
  <Group name="ContractID_0230_RoleID_0007" contractid="230" roleid="7">
    <Users>
      <User>gzfusion006\testUser</User>
      <User>gzfusion006\eric1</User>
    </Users>
  </Group>
  <Group name="ContractID_0245_RoleID_0003" contractid="245" roleid="3">
    <Users>
      <User>gzfusion006\michael</User>
      <User>gzfusion006\eric1</User>
      <User>gzfusion006\testUser</User>
    </Users>
  </Group>
</Groups>

AddUserToGroup.ps1:

[Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint");

$path        = Split-Path -parent $MyInvocation.MyCommand.Definition
$xmlFilePath = $path + "\group.xml"
$log         = $path + "\add_users_to_sharepoint.log"
$date        = Get-Date


    #$siteurl = $siteCollectionURL + $_.Code;
    $siteurl = "http://localhost:34914/";
    $site = New-Object Microsoft.SharePoint.SPSite($siteurl)
    $web = $site.RootWeb;
    
    "Created following users (on " + $date + "): " | Out-File $log -append
    "--------------------------------------------" | Out-File $log -append
    $ctsXML = [xml](Get-Content($xmlFilePath))

    $ctsXML.Groups.Group | ForEach-Object {
        
        $groupName = $_.name       
        $exists = $web.SiteGroups | where { $_.Name -eq $groupName }
        # add UserGroup
        if ($exists -eq $null)
        {
            $owner = "administrator"
            $permission = "讀取"
            # Create group
            $web.SiteGroups.Add($groupName, $web.EnsureUser($owner), $null, "");
            # Give permissions to the group
            $assign = New-Object Microsoft.SharePoint.SPRoleAssignment($web.SiteGroups[$groupName]);
            $assign.RoleDefinitionBindings.Add($web.RoleDefinitions[$permission])
            $web.RoleAssignments.Add($assign)
            
        }

        $spUserGroup = $web.SiteGroups[$groupName]    
        #Add the users defined in the XML to the SharePoint group
        $_.Users.User | ForEach-Object {
            $UserAC = $_
            $UserName = $UserAC.substring($UserAC.indexof('\')+1)
    
            $spuser = $web.EnsureUser($UserName);
         
            $spUserGroup.AddUser($spuser);
            
            try {
                $spuser = $web.EnsureUser($UserName);
                $spUserGroup.AddUser($spuser);
                write-host "groupName: [" + $groupName + "] add user name:" + $UserName
            } catch [Exception] {
              $_.Exception.GetType().FullName | Out-File $log -append
              $_.Exception.Message | Out-File $log -append
            }
        }
    }
    $web.dispose()
    $site.dispose()
    
    "==================================================================" | Out-File $log -append
    write-host "Complete!!"

        
        

最后，希望对有需要的人，有帮助，有错误或问题请指出，相互学习学习，谢谢！