Give ability to "re-assign" access to one drive to an IS Service Desk?

Brass Contributor

Our company has decided that when a user leaves they no longer automatically delete that user's AD account.  It just get's stuck in some "left the company" type OU.


As a result the automatic re-assignment of the user's one drive account to their manager doesn't happen.  And due to the way our company has rolled out one drive as each user's default storage area that means every user has one with business data in it.


So now for every user who leaves our company, (we have around 3,500), there is a ticket that comes in to the global  O365 admins asking them to manually re-assign permissions to that user's account to their boss.  Needless to say this is aggravating.


We'd like to give the ability to do this to our Service Desk, but we can't figure out how to tailor their permissions so that they can do this, and only this.  We've been told repeatedly by management that they want us to delegate basic tasks, (like this one most definitely is), to the Service Desk, but we don't want to make them Global Admins to do it.


Can anyone tell me if there is some handy powershell command that would enable me to assign permissions to a group of users, (the service desk), that would enable them to just re-assign permissions on another user's ODFB account to someone else?


Thanks in advance.



2 Replies
Set-spouser -site “thesite” -loginname “userloginname” -issitecolectionadmin $true is the command. What roles can be applied to restrict users to that command Not sure if anything outside global admin can. I would check if there are any sharepoint roles that can be assigned since onedrive is SharePoint. I’ll poke around later if you or someone else doesn’t confirm.

SharePoint admin should be enough, however there is no way to restrict it to just a specific ODFB site. In effect, the SD personal will be able to grant/remove permissions on every SPO SC.