Forum Discussion
Site Collection Admin in Modern Team Sites
I agree with the sentiment, which is why all of our modern UX guides users down safe paths. But as you can see from this thread, we also have a community of people who depend on being able to do some advanced, custom configuration, and don't want to leave them in the lurch. We believe that we've struck a good balance here, where unlike the past 10 years we avoid users accidentally stumbling into trouble, but empowering the experts who to get their job done. I hear your feedback that you think we need to go further, but I know if we completely block it we'll have a lot of feedback saying we went too far.
Okay, I read through all this and I thought I had a game plan. My goal is to get a list of all my SPO site collections and enumerate their respective owners. Figured that was easy. Not so much...
$all = Get-SPOSite -Limit all
$all.Count
368
$ListOwner = $all | Where {$_.Owner.Length -ge 1}
$ListOwner.Count
37
Okay, what the flip is that?? That 37 is just about the number of site collections I've created. Based on that, it seems the only the SPO site collections that define an Owner by name are those made by the SPO admin (via the SCA portal or New-SPOSite). But wait....
I picked one of the 'no owner' sites at random to verify the 'Owner' column. It is indeed blank (but interestingly, not $null).
$all[100] Url Owner Storage Quota --- ----- ------------- https://[tenant].sharepoint.com/sites/[sitename] 1048576
So...no owner then? I better double check. I ran Get-SPOSite against just this one site.
Get-SPOSite -Identity $all[100] Url Owner Storage Quota --- ----- --------- https://[tenant].sharepoint.com/sites/[sitename] [guid]_o 1048576
This time, a GUID appeared as the Owner. It had an '_o' at the end which I think denotes this as an Office 365 group. To confirm this wasn't a user account, I ran Get-MSOLUser
Get-MsolUser : User Not Found. User: [guid]
So then I ran Get-MSOLGroup and....
Get-MsolGroup -ObjectId [guid] ObjectId DisplayName GroupType -------- ----------- --------- [guid] Test Plan DistributionList
What the what?? Can distribution list be a site collection owner? I guess so. And why didn't this show up as the owner in the first place? I mean it has a display name, an email address and everything. Anyway, I then ran Get-MSOLGroupMember to see who the heck was in this group.
$g = Get-MsolGroup -ObjectId [guid] $members = Get-MSOLGroupMember $g.ObjectId $members GroupMemberType EmailAddress DisplayName --------------- ----------------- ------------ User j.smith@my.domain John Smith
Okay, I am getting there. Once armed with this information, I ran Get-MSOLUser again.
Get-MSOLUser -ObjectID $members.ObjectId UserPrincipalName DisplayName isLicensed ----------------- ----------- ---------- j.smith@my.domain John Smith True
Ah, there's the Owner! So that only took, what, like 5 steps? To get a single user name from a single site collection. It's okay though because, while it's a cumbersome process, at least I have hundreds of these to do (and more each day!).
Seriously though, this is unquestionably in-freaking-sane. How in all the verse is a person supposed to manage this?? Can this be done the other way? That is, can I take a single user and find out all the sites they own? Because, if not, all it takes is someone needing to know which sites are owned by User X (like after they were fired or something) and I would have to run this process, complete with cross-lookups of guids, against 300+ site collections. This wouldn't include verifying this against local AD. Keep in mind that getting this info about admin-created site collections takes about 10 seconds.
My brain hurts now. I am going to lie down.