Unexpected changes to Login Name for SharePoint service/group IDs




I recently noticed in the last few days that some of my scripts/webjobs/apps had started producing errors, these were to do with setting the Company Administrator, SharePoint Service Administrator and some AD Security Groups against sites.


It appears that the Login Name for items such as Company Administrator has recently changed, I was using the login name to add the user/group as site collection admin i.e.


Set-SPOUser -Site $siteUrl -LoginName $CompanyAdministrator -IsSiteCollectionAdmin $true

the above cmdlet now returns an error:


Set-SPOUser : The user does not exist or is not unique.


I'm not sure whether the login name for Company Administrator is standard within a tenant or across tenants, but I'm a bit peeved that it's been changed with no warning.


Anyone have any idea why this change has happened?


2 Replies

The login name changed from c:0-.f|rolemanager|<sid> to c:0t.c|tenant|<guid>

Go to a site where you have them added and get the GUID with Get-SPOUser

or to filter the big list use Get-SPOUser -site https://<tenant>.sharepoint.com |? {$_.DisplayName -eq "SharePoint Service Administrator"}

The login name will be the GUID and you can do a Set-SPOUser -LoginName "c:0t.c|tenant|<guid>" -Site https://<tenant>.sharepoint.com

I have an old blog post about this and updated the scripts in there https://worktogether.tech/2016/05/01/sharepoint-online-user-policy

Hi thanks, first reply in over a year since I posted this ;-)!
I sorted it out before I wrote the post and spoke to our TAM after, my complaint was that there was no communication before the change was made, again, not the first time and I'm sure it won't be the last.
Tthanks again!