SOLVED

OneDrive + Get-PnPRecycleBinItem : Access denied. You do not have permission

Iron Contributor

Hi

 

Firstly, I   am not sure this bug or by design :thinking_face: however, it is impeding my progress.

 

Anyway, I am looking to initially, review the deleted files in a set of User's  ODFB  recycle bins. To do this I thought the best approach is PowerShell. 

 

 

# connect to the user's ODFB

Connect-PnPOnline -Url $ODFBUserUrl -SPOManagementShell # -UseWebLogin

Write-Host -ForegroundColor Blue (Get-PnPSite).Url

Get-PnPRecycleBinItem | Select-object -First 100 Title, DirName, DeletedByName, DeletedDate, DeletedDateLocalFormatted
Unfortunately, I get faced with a limiting error:

Get-PnPRecycleBinItem : Access denied. You do not have permission to perform this action or access this resource.

 

I am an Office 365 global & SharePoint admin and I have even added myself as the MySIte Secondary Admin:

Mysites secondary admin.PNG

However I am still hitting this permissions issue.  Do I need to add myself as a site collection admin to the OneDrive of each user - assuming I have permissions to do that.

2 Replies
best response confirmed by Daniel Westerdale (Iron Contributor)
Solution

I believe the Secondary admin setting you have pictured only applies to new My Sites.

 

For existing My Sites/OneDrive sites, you will probably have to add yourself directly as a Site Collection Admin for the ones you are trying to access.

@Kevin McKeown  You are 100% correct.  

 

Located, How to add a secondary administrator  to a user's OneDirve

 

From this I simply added:

 

Set-SPOUser -LoginName $ODFBSecondaryAdmin -Site $ODFBUserUrl -IsSiteCollectionAdmin $True
Then I am able to inspect each user's Recycle bin and filter by Deleted Date as desired. Happy days!
1 best response

Accepted Solutions
best response confirmed by Daniel Westerdale (Iron Contributor)
Solution

I believe the Secondary admin setting you have pictured only applies to new My Sites.

 

For existing My Sites/OneDrive sites, you will probably have to add yourself directly as a Site Collection Admin for the ones you are trying to access.

View solution in original post