Forum Discussion
Add AD Security group as Site collection administrator - SPO
Is there a way to add a security group as Primary or secondary site collection administrator to all the sites in the tenant via PowerShell?
I know this works for adding a user account to all the sites as SC Admin
$Sites = Get-SPOSite -Limit ALL Foreach ($Site in $Sites) { Set-SPOUser -site $Site.Url -LoginName $AdminName -IsSiteCollectionAdmin $True
The same command with Set-SPOSiteGroup does not work Set-SPOSiteGroup : A parameter cannot be found that matches parameter name 'IsSiteCollectionAdmin'
Since 'IsSiteCollectionAdmin' is not accepted with Set-SPOSiteGroup
Any suggestions on how to set security group as site collection administrator via PS script/ cmdlets
Thanks in advance.
- That's not correct...you can add an AD Security Group as site collection admins with no problems and it can be also done through PS: https://kirkbarrett.wordpress.com/2016/04/04/adding-an-o365-security-group-to-the-site-collection-administrators-group/
6 Replies
Hi, there is the possibility to do it with the object ID of the security group:
Set-SPOUser -Site $SiteUrl -LoginName $Group -IsSiteCollectionAdmin $trueI have described it in detail here:
https://sposcripts.com/add-site-collection-administrator/
jean090681 - you can also use PNP as suggested by Murilo Santana on StackExchange:
https://sharepoint.stackexchange.com/questions/268250/add-ad-security-group-as-site-collection-administrator-spo
I modified the original script to the one below. You must be a Site Collection Admin to run the Add-PnPSiteCollectionAdmin command. Use Set-PnPTenantSite -Owners if you are not an Admin for the site but have the SharePoint admin role.
Connect-PnPOnline -url "https://tenant.sharepoint.com/sites/SiteCollection" $web = Get-PnPWeb $admins = Get-PnPSiteCollectionAdmin write-host "Original Site Colletion Admins: " $admins $azureADGroup = "c:0t.c|tenant|AzureAD-SecurityGroup-ID" $ensureUser = $web.EnsureUser($azureADGroup) $user = Get-PnPUser -Identity $azureADGroup Add-PnPSiteCollectionAdmin -Owners $user.LoginName Start-Sleep -s 5 $admins = Get-PnPSiteCollectionAdmin write-host "New Site Collection Admins: " $admins(
Currently, there is no way to have the Office 365 nested group as site collection admin, I know Microsoft working on nested AAD Group but there is no timeline for that.
But as Juan said you can have your current security group as site collection primary admin.
- That's not correct...you can add an AD Security Group as site collection admins with no problems and it can be also done through PS: https://kirkbarrett.wordpress.com/2016/04/04/adding-an-o365-security-group-to-the-site-collection-administrators-group/
jcgonzalezmartin Thank you so much, this is exactly what i was looking for.
