Default Site Collection Admins

%3CLINGO-SUB%20id%3D%22lingo-sub-210319%22%20slang%3D%22en-US%22%3EDefault%20Site%20Collection%20Admins%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-210319%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20would%20seem%20that%20whenever%20a%20new%20OD4B%20account%20gets%20created%2C%20along%20with%20the%20real%20owner%2C%20two%20additional%20accounts%20are%20granted%20Site%20Collection%20administrator%20rights%20over%20that%20onedrive.%26nbsp%3B%20One%20of%20these%20is%20an%20account%20for%20a%20backup%20solution%2C%20and%20the%20other%20is%20one%20of%20our%20SharePoint%20admins.%26nbsp%3B%20I%20do%20not%20want%20the%20admin%20to%20have%20rights%2C%20I%20need%20to%20understand%20how%20the%20backup%26nbsp%3B%20account%20is%20being%20given%20rights.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20thought%20that%20the%20default%20behavior%20was%20for%20the%20owner%20to%20be%20the%20only%20Site%20Collection%20Admin.%26nbsp%3B%20Can%20anyone%20give%20me%20any%20pointers%20on%20where%20to%20look%20to%20find%20how%20these%20additional%20admins%20are%20set%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-210319%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-210499%22%20slang%3D%22en-US%22%3ERe%3A%20Default%20Site%20Collection%20Admins%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-210499%22%20slang%3D%22en-US%22%3EIt's%20probably%20that%20there%20is%20a%20job%20running%20somewhere%20that's%20doing%20what%20Juan%20provided.%20You'll%20have%20to%20track%20down%20that%20job%20and%20see.%20You%20might%20be%20able%20to%20find%20the%20activity%20in%20the%20Audit%20logs%20in%20Security%20Center%2C%20but%20not%20sure%20how%20detailed%20that%20will%20be%20as%20far%20as%20where%20it's%20coming%20from%2C%20but%20you'll%20be%20able%20to%20see%20the%20user%20etc.%20assuming%20it's%20not%20connected%20under%20the%20local%20global%20admin.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-210329%22%20slang%3D%22en-US%22%3ERe%3A%20Default%20Site%20Collection%20Admins%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-210329%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%2C%20that%20useful%20to%20have.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20I'm%20not%20looking%20for%20how%20to%20do%20this%2C%20but%20how%20%3CSTRONG%3Enot%3C%2FSTRONG%3E%20to%20do%20it.%26nbsp%3B%20Accounts%20are%20being%20created%20with%20extra%20admins%2C%20and%20I%20don't%20want%20them%20to%20be.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-210327%22%20slang%3D%22en-US%22%3ERe%3A%20Default%20Site%20Collection%20Admins%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-210327%22%20slang%3D%22en-US%22%3EIf%20you%20want%20to%20achieve%20this%2C%20you%20have%20to%20automate%20ODFB%20provisioning%20when%20you%20add%20users%20to%20your%20tenant.%20In%20this%20way%2C%20as%20you%20are%20controlling%20when%20ODFB%20per%20user%20is%20provisioned%2C%20you%20can%20add%20additional%20admins.%20%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-ie%2Farticle%2Fpre-provision-onedrive-for-users-in-your-organization-ceef6623-f54f-404d-8ee3-3ce1e338db07%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.office.com%2Fen-ie%2Farticle%2Fpre-provision-onedrive-for-users-in-your-organization-ceef6623-f54f-404d-8ee3-3ce1e338db07%3C%2FA%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor

It would seem that whenever a new OD4B account gets created, along with the real owner, two additional accounts are granted Site Collection administrator rights over that onedrive.  One of these is an account for a backup solution, and the other is one of our SharePoint admins.  I do not want the admin to have rights, I need to understand how the backup  account is being given rights.

 

I thought that the default behavior was for the owner to be the only Site Collection Admin.  Can anyone give me any pointers on where to look to find how these additional admins are set?

 

Thanks

3 Replies
Highlighted
If you want to achieve this, you have to automate ODFB provisioning when you add users to your tenant. In this way, as you are controlling when ODFB per user is provisioned, you can add additional admins.
https://support.office.com/en-ie/article/pre-provision-onedrive-for-users-in-your-organization-ceef6...
Highlighted

Thanks, that useful to have.

 

However, I'm not looking for how to do this, but how not to do it.  Accounts are being created with extra admins, and I don't want them to be.

Highlighted
It's probably that there is a job running somewhere that's doing what Juan provided. You'll have to track down that job and see. You might be able to find the activity in the Audit logs in Security Center, but not sure how detailed that will be as far as where it's coming from, but you'll be able to see the user etc. assuming it's not connected under the local global admin.