Aug 21 2019 11:47 AM
Is there a way to add a security group as Primary or secondary site collection administrator to all the sites in the tenant via PowerShell?
I know this works for adding a user account to all the sites as SC Admin
$Sites = Get-SPOSite -Limit ALL Foreach ($Site in $Sites) { Set-SPOUser -site $Site.Url -LoginName $AdminName -IsSiteCollectionAdmin $True
The same command with Set-SPOSiteGroup does not work Set-SPOSiteGroup : A parameter cannot be found that matches parameter name 'IsSiteCollectionAdmin'
Since 'IsSiteCollectionAdmin' is not accepted with Set-SPOSiteGroup
Any suggestions on how to set security group as site collection administrator via PS script/ cmdlets
Thanks in advance.
Aug 21 2019 12:46 PM - edited Aug 21 2019 02:37 PM
Currently, there is no way to have the Office 365 nested group as site collection admin, I know Microsoft working on nested AAD Group but there is no timeline for that.
But as Juan said you can have your current security group as site collection primary admin.
Aug 21 2019 02:22 PM
SolutionAug 21 2019 02:34 PM
Aug 22 2019 08:45 AM
@Juan Carlos González Martín Thank you so much, this is exactly what i was looking for.
Aug 27 2021 12:51 PM
@jean090681 - you can also use PNP as suggested by Murilo Santana on StackExchange:
I modified the original script to the one below. You must be a Site Collection Admin to run the Add-PnPSiteCollectionAdmin command. Use Set-PnPTenantSite -Owners if you are not an Admin for the site but have the SharePoint admin role.
Connect-PnPOnline -url "https://tenant.sharepoint.com/sites/SiteCollection"
$web = Get-PnPWeb
$admins = Get-PnPSiteCollectionAdmin
write-host "Original Site Colletion Admins: " $admins
$azureADGroup = "c:0t.c|tenant|AzureAD-SecurityGroup-ID"
$ensureUser = $web.EnsureUser($azureADGroup)
$user = Get-PnPUser -Identity $azureADGroup
Add-PnPSiteCollectionAdmin -Owners $user.LoginName
Start-Sleep -s 5
$admins = Get-PnPSiteCollectionAdmin
write-host "New Site Collection Admins: " $admins
(
Oct 05 2021 11:05 PM
Hi, there is the possibility to do it with the object ID of the security group:
Set-SPOUser -Site $SiteUrl -LoginName $Group -IsSiteCollectionAdmin $true
I have described it in detail here:
Aug 21 2019 02:22 PM
Solution