[string]$username = "YourAdminAccount@yourtenant.onmicrosoft.com"
[string]$PwdTXTPath = "C:\SECUREDPWDFOLDER\ExportedPWD-$($username).txt"
[string]$CompteouGroupeAADavecGUIDO365= "c:0-.f|rolemanager|s-1-5-21-1575671886-733387139-3803724931-1933543"
[string]$CompteIdentifiantSP201X= "i:0#.f|membership|myUserLogin@mydomain.com"
[string]$Compteavecsimplelogin= "loginAdmin@yourtenant.onmicrosoft.com"
function Load-DLLandAssemblies
{
[string]$defaultDLLPath = ""
# Load assemblies to PowerShell session
$defaultDLLPath = "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll"
[System.Reflection.Assembly]::LoadFile($defaultDLLPath)
$defaultDLLPath = "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll"
[System.Reflection.Assembly]::LoadFile($defaultDLLPath)
$defaultDLLPath = "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
[System.Reflection.Assembly]::LoadFile($defaultDLLPath)
}
function ChangeUserStatusForSiteCollectionAdmin
{
Param(
[string]$SiteCollURL,
[string]$LoginToSet,
[boolean]$ToSiteCollAdminorNot
)
if ($ToSiteCollAdminorNot)
{
Set-SPOUser -Site $SiteCollURL -LoginName $LoginToSet -IsSiteCollectionAdmin $ToSiteCollAdminorNot;
Write-Host " >>>>>>>>", $LoginToSet, " - is now part of Site Collection Collection admins" -foregroundcolor green;
}
else
{
try
{
$CheckUserList = $Null
$CheckUserList = Get-SPOUser -Site $SiteCollURL -LoginName $LoginToSet
Set-SPOUser -Site $SiteCollURL -LoginName $CheckUserList.LoginName -IsSiteCollectionAdmin $ToSiteCollAdminorNot;
Write-Host " >>>>>>>>", $CheckUserList.LoginName, " - Set to Site Collection Collection admin: ", $ToSiteCollAdminorNot -foregroundcolor green;
}
catch
{
write-host " >>>> $LoginToSet ---Error info: $($_.Exception.Message)" -foregroundcolor red
}
}
}
cls
Write-Host " ---------------------------------------------- "
Load-DLLandAssemblies
Write-Host " ---------------------------------------------- "
$secureStringPwd = ConvertTo-SecureString -string (Get-Content $PwdTXTPath)
$adminCreds = New-Object System.Management.Automation.PSCredential $username, $secureStringPwd
Connect-SPOService –Url “https://yourtenant-admin.sharepoint.com” -credential $adminCreds -ErrorAction SilentlyContinue -ErrorVariable Err
#Retrieve all site collection infos
$sitesInfo = Get-SPOSite -Template "STS#0" -Limit ALL | Sort-Object -Property url | Select *
[int]$i = 1;
foreach ($site in $sitesInfo)
{
Write-Host "SiteColl Number:", $i, "- of:", $sitesInfo.Count;
$i += 1;
Write-Host "SPO Site collection:", $site.Url, "- Title:", $site.Title
ChangeUserStatusForSiteCollectionAdmin $site.Url $Compteavecsimplelogin $false
Remove-SPOUser -Site $site.Url -LoginName $Compteavecsimplelogin; #If you want to remove all reference to the account
ChangeUserStatusForSiteCollectionAdmin $site.Url $CompteIdentifiantSP201X $false
Remove-SPOUser -Site $site.Url -LoginName $CompteIdentifiantSP201X; #If you want to remove all reference to the account
ChangeUserStatusForSiteCollectionAdmin $site.Url $CompteouGroupeAADavecGUIDO365 $true
}
You can use or adap it depending of your local need.
Be careful with the "Group sites" which are not only SharePoint sites, but more a mix between many other components from Office 365 (SP, AAD, Exchange, ...), so that script is clearly not enough in that case.