SOLVED

OneDrive + Get-PnPRecycleBinItem : Access denied. You do not have permission

%3CLINGO-SUB%20id%3D%22lingo-sub-756952%22%20slang%3D%22en-US%22%3EOneDrive%20%2B%20Get-PnPRecycleBinItem%20%3A%20Access%20denied.%20You%20do%20not%20have%20permission%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-756952%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirstly%2C%20I%26nbsp%3B%20%26nbsp%3Bam%20not%20sure%20this%20bug%20or%20by%20design%20%3Athinking_face%3A%20however%2C%20it%20is%20impeding%20my%20progress.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyway%2C%20I%20am%20looking%20to%20initially%2C%20review%20the%20deleted%20files%20in%20a%20set%20of%20User's%26nbsp%3B%20ODFB%26nbsp%3B%20recycle%20bins.%20To%20do%20this%20I%20thought%20the%20best%20approach%20is%20PowerShell.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CPRE%3E%3CSPAN%3E%23%20connect%20to%20the%20user's%20ODFB%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EConnect-PnPOnline%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EUrl%20%3C%2FSPAN%3E%3CSPAN%3E%24ODFBUserUrl%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3ESPOManagementShell%20%3C%2FSPAN%3E%3CSPAN%3E%23%20-UseWebLogin%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EWrite-Host%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EForegroundColor%20Blue%20(%3C%2FSPAN%3E%3CSPAN%3EGet-PnPSite%3C%2FSPAN%3E%3CSPAN%3E).Url%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EGet-PnPRecycleBinItem%3C%2FSPAN%3E%20%3CSPAN%3E%7C%3C%2FSPAN%3E%20%3CSPAN%3ESelect-object%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EFirst%20%3C%2FSPAN%3E%3CSPAN%3E100%3C%2FSPAN%3E%3CSPAN%3E%20Title%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20DirName%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20DeletedByName%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20DeletedDate%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20DeletedDateLocalFormatted%3C%2FSPAN%3E%3C%2FPRE%3E%3CDIV%3E%3CSPAN%3EUnfortunately%2C%20I%20get%20faced%20with%20a%20limiting%20error%3A%3C%2FSPAN%3E%3C%2FDIV%3E%3CP%3E%3CSPAN%3EGet-PnPRecycleBinItem%20%3A%20%3CSTRONG%3EAccess%20denied.%20You%20do%20not%20have%20permission%20to%20perform%20this%20action%20or%20access%20this%20resource.%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20am%20an%20Office%20365%20global%20%26amp%3B%20SharePoint%20admin%20and%20I%20have%20even%20added%20myself%20as%20the%20MySIte%20Secondary%20Admin%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20868px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F123392iCDC6EC396017A8FF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Mysites%20secondary%20admin.PNG%22%20title%3D%22Mysites%20secondary%20admin.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EHowever%20I%20am%20still%20hitting%20this%20permissions%20issue.%26nbsp%3B%20Do%20I%20need%20to%20add%20myself%20as%20a%20site%20collection%20admin%20to%20the%20OneDrive%20of%20each%20user%20-%20assuming%20I%20have%20permissions%20to%20do%20that.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-756952%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPnP%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-757261%22%20slang%3D%22en-US%22%3ERe%3A%20OneDrive%20%2B%20Get-PnPRecycleBinItem%20%3A%20Access%20denied.%20You%20do%20not%20have%20permission%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-757261%22%20slang%3D%22en-US%22%3E%3CP%3EI%20believe%20the%20Secondary%20admin%20setting%20you%20have%20pictured%20only%20applies%20to%20new%20My%20Sites.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20existing%20My%20Sites%2FOneDrive%20sites%2C%20you%20will%20probably%20have%20to%20add%20yourself%20directly%20as%20a%20Site%20Collection%20Admin%20for%20the%20ones%20you%20are%20trying%20to%20access.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-759466%22%20slang%3D%22en-US%22%3ERe%3A%20OneDrive%20%2B%20Get-PnPRecycleBinItem%20%3A%20Access%20denied.%20You%20do%20not%20have%20permission%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-759466%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F62361%22%20target%3D%22_blank%22%3E%40Kevin%20McKeown%3C%2FA%3E%26nbsp%3B%20You%20are%20100%25%20correct.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELocated%2C%20%3CA%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2FHow-to-add-a-secondary-0b878d98%3Fredir%3D0%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EHow%20to%20add%20a%20secondary%20administrator%26nbsp%3B%20to%20a%20user's%20OneDirve%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20this%20I%20simply%20added%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CPRE%3E%3CSPAN%3ESet-SPOUser%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3ELoginName%20%3C%2FSPAN%3E%3CSPAN%3E%24ODFBSecondaryAdmin%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3ESite%20%3C%2FSPAN%3E%3CSPAN%3E%24ODFBUserUrl%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EIsSiteCollectionAdmin%20%3C%2FSPAN%3E%3CSPAN%3E%24True%3C%2FSPAN%3E%3C%2FPRE%3E%3CDIV%3EThen%20I%20am%20able%20to%20inspect%20each%20user's%20Recycle%20bin%20and%20filter%20by%20Deleted%20Date%20as%20desired.%20Happy%20days!%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
Regular Contributor

Hi

 

Firstly, I   am not sure this bug or by design :thinking_face: however, it is impeding my progress.

 

Anyway, I am looking to initially, review the deleted files in a set of User's  ODFB  recycle bins. To do this I thought the best approach is PowerShell. 

 

 

# connect to the user's ODFB

Connect-PnPOnline -Url $ODFBUserUrl -SPOManagementShell # -UseWebLogin

Write-Host -ForegroundColor Blue (Get-PnPSite).Url

Get-PnPRecycleBinItem | Select-object -First 100 Title, DirName, DeletedByName, DeletedDate, DeletedDateLocalFormatted
Unfortunately, I get faced with a limiting error:

Get-PnPRecycleBinItem : Access denied. You do not have permission to perform this action or access this resource.

 

I am an Office 365 global & SharePoint admin and I have even added myself as the MySIte Secondary Admin:

Mysites secondary admin.PNG

However I am still hitting this permissions issue.  Do I need to add myself as a site collection admin to the OneDrive of each user - assuming I have permissions to do that.

2 Replies
best response confirmed by Daniel Westerdale (Regular Contributor)
Solution

I believe the Secondary admin setting you have pictured only applies to new My Sites.

 

For existing My Sites/OneDrive sites, you will probably have to add yourself directly as a Site Collection Admin for the ones you are trying to access.

@Kevin McKeown  You are 100% correct.  

 

Located, How to add a secondary administrator  to a user's OneDirve

 

From this I simply added:

 

Set-SPOUser -LoginName $ODFBSecondaryAdmin -Site $ODFBUserUrl -IsSiteCollectionAdmin $True
Then I am able to inspect each user's Recycle bin and filter by Deleted Date as desired. Happy days!