Oct 09 2018 09:35 AM
Hello,
We have a user who was accidentally added as site collection admin to various OneDrive accounts. Is it possible to pull a list of all site collection admin for all OneDrive accounts?
I've tried using the following cmdlet on one of the site before creating the full script.
get-spouser -Site "<site url>" | select DisplayName, LoginName, UserType, IsSiteAdmin
The above returns all site users with isSiteAdmin as false unless I grant my admin account as site collection admin which is not ideal solution.
Running Get-Sposite returns only primary site collection admin.
Which should be the best way to pull list of all site collection admins?
Thank you.
B
Oct 09 2018 10:27 AM
Oct 09 2018 12:15 PM
Oct 09 2018 12:18 PM
Oct 09 2018 02:22 PM
Have not looked at the script yet, but you have to be a owner yourself to be able to read the other site collection admins. Not sure if that is the problem.
Oct 12 2018 10:41 AM
Oct 14 2018 03:11 PM
Yup, Totally understand! I didn't want to do that as well. But that was the only way I could get it working. Would be keen to know, if someone else have a different solution.
Jan 30 2020 11:12 AM
I wish I had a solution, but I don't. I can just add a "Me Too". The only thing I can think of is to write a script that does the following:
I'm amazed that Get-SPOSite and Get-SPOUser have this limitation for Global admins and SharePoint admins, and that Microsoft hasn't worked around this by providing an Audit report from the Office 365 or SharePoint Admin sites.
Jul 20 2021 06:13 AM
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
$AdminAccount = "administrator@company.com"
$AdminCenterURL = "https://company-admin.sharepoint.com/"
#Connect to SharePoint Online Admin Center
Connect-SPOService -Url $AdminCenterURL
#Get All OneDrive for Business Sites in the Tenant
$OneDriveSites = Get-SPOSite -Limit ALL -includepersonalsite $True -Filter "Url -like '-my.sharepoint.com/personal/'"
#Loop through each OneDrive Site
Foreach($Site in $OneDriveSites)
{
Write-host "Scanning site:"$Site.Url -f Yellow
try{
$checkadmin = Get-SPOUser -Site $Site.Url | Where {$_.IsSiteAdmin -eq $true -and $_.LoginName -eq $AdminAccount}
$setAdmin = $false;
#Add Temp Site Admin
if($checkadmin.Count -eq 0){
#Write-host "Add Temp Admin:"$Site.URL -f Gray
Set-SPOUser -Site $Site -LoginName $AdminAccount -IsSiteCollectionAdmin $True | Out-Null
$setAdmin = $true
}
}catch{
#Write-Host "Error:" $_.Exception.Message
if($_.Exception.Message -like "Access is denied*"){
#Write-host "Add Temp Admin:"$Site.URL -f Gray
Set-SPOUser -Site $Site -LoginName $AdminAccount -IsSiteCollectionAdmin $True | Out-Null
$setAdmin = $true
}
}
#Get All Site Collection Administrators
$SiteAdmins = Get-SPOUser -Site $Site.Url | Where {$_.IsSiteAdmin -eq $true -and $_.LoginName -ne $AdminAccount -and $_.LoginName -ne $Site.Owner}
if($SiteAdmins.Count -gt 0){
#Iterate through each admin
Foreach($Admin in $SiteAdmins)
{
Write-host "Found other Admin:"$Admin.LoginName -f Blue
}
}
#Remove Temp Site Administrator if added
if($setAdmin -eq $true){
#Write-host "Remove Temp Admin:"$Site.URL -f Gray
Set-SPOUser -site $Site -LoginName $AdminAccount -IsSiteCollectionAdmin $False | Out-Null
}
}
Dec 20 2021 08:52 AM
Dec 28 2021 03:41 PM
Where ever you see a Write-Host you could just output to a file on your disk.
Try using Add-Content or Out-File.
Add-Content (Microsoft.PowerShell.Management) - PowerShell | Microsoft Docs
Out-File (Microsoft.PowerShell.Utility) - PowerShell | Microsoft Docs