Translating Site ID and PrincipleID
I produced a
Audit report for Security events and though I can see that some security events
occurred on the relevant dates I couldn't find a way to translate the Site ID and
the Principle ID in the Site ID and Event Data columns.
It can be done! Enter PowerShell!!!!
Audit Log exported
to Excel and downloaded: It just looks horrible
Translate the siteID:
$site = get-spsite -limit all
$site | select ID, url | ft -AutoSize | out-file
C:\Scripts\siteID.txt
Then I did a find in the .txt file to match the site
ID with the URL
e.g.
Translate the PrincipleID:
$site = new-object
Microsoft.SharePoint.SPSite("http://SPWebApplication");
$ServiceContext =
[Microsoft.SharePoint.SPServiceContext]::GetContext($site);
$ProfileManager = new-object
Microsoft.Office.Server.UserProfiles.UserProfileManager($ServiceContext)
$AllProfiles = $ProfileManager.GetEnumerator()
$AllProfiles | select displayname,recordID | ft
-autosize | out-file c:\scripts\profiles.txt
Then do a Find on the Principle ID and you will get
the Display name mapping:
Translating groupid and userid
Pasted
from <http://sharepoint.stackexchange.com/questions/156443/who-is-behind-which-id-in-audit-logs>
E.G
I’ve
run a custom security report and the results show 5 permissions edits:
The
Event Data column shows the user affected in group\user format
To
find:
Etc
This shows you either the user's information or the
group's members depending on the entered id
So:
Note: The ids
are unique within site collections only. So ...?id=42 within site
collection A might be a different user or group in site
collection B.
That's all folks - Thanks for visiting!
Great Content. It will useful for knowledge seekers. Keep sharing your knowledge through this kind of article.
ReplyDeleteSharepoint Training in Chennai
Sharepoint Course in Chennai