Forum Discussion

Gurdev Singh's avatar
Gurdev Singh
Iron Contributor
Feb 09, 2022

Remove O365 Groups owners from Site Collection admin for Teams connected SharePoint site

Our enterprise content management team has a requirement to remove 'O365 Group Owners' from Site Collection Admin of a Teams connected SharePoint site.

 

Is it possible to be automated via a Teams template, SharePoint site template or SharePoint site designs? E.g., can a site design remove group owners site collection admin permissions.

  • If you do that, you are going to break how the Group Site work....by design, when you create a Microsoft 365 Group, Group owners are added as Site Collection Admins
  • Lovneshk's avatar
    Lovneshk
    Copper Contributor

    Gurdev Singh 
    i have created/tested below mentioned script and it removes the M365 group owners from site collection admin


    ########### Script starts here ##############################

     

    # Parameters
    # Connect to the SharePoint Online site
    $siteUrl = "https://TenantName.sharepoint.com/sites/SiteName

     

    #This prefix is to detect the M365 group owners claim

    $prefixToRemove = "c:0o.c|federateddirectoryclaimprovider"

    # Connect to site
    Connect-PnPOnline -Url $siteUrl -Interactive

     

    # Get current site collection administrators
    $siteAdmins = Get-PnPSiteCollectionAdmin

     

    # Filter out administrators to be removed (Here we use the prefix to get M365 group owners group)
    $adminsToRemove = $siteAdmins | Where-Object { $_.LoginName -like "$prefixToRemove*" }

     

    # Remove filtered administrators
    foreach ($admin in $adminsToRemove) {
    Remove-PnPSiteCollectionAdmin -Owners $admin.LoginName
    Write-Host "Removed administrator: $($admin.LoginName)"
    }

    #Verify the change
    Connect-PnPOnline -Url $SiteURL -Interactive
    $siteAdmins = Get-PnPSiteCollectionAdmin
    Write-Host "Site Collection Administrators:"
    $siteAdmins | ForEach-Object { Write-Host $_.LoginName }

     

    ############### Script ends here ##########################

     

    I have tested and validated the same. This should do the job. I have also monitored the Sites for any unusual behavior however did not find any.

     

    Note: Please test it on your test site to verify what it does and make sure everything related to that site works well before taking it to the production site.




Resources