Forum Discussion
Getting the owners for all SharePoint sites in tenant using Powershell
I need to get the owners of all SharePoint sites (both classic, modern and SharePoint sites connected to Teams)
I have run the following but it only gives me limited owners and not all the owners, for some sites only listing the site admins as owners instead of the actual site owners. I know and have verified that through SharePoint Admin centre that every site has owners/has members in the site owners group.
I have also tried the following but I get errors when running
$AdminCenterURL = "https://xxx-admin.sharepoint.com%22/;
$CSVPath = "C:\Temp\SiteOwners.csv"
#Connect to SharePoint Online and Azure AD
Connect-SPOService -url $AdminCenterURL
Connect-AzureAD
#Get all Site Collections
$Sites = Get-SPOSite -Limit ALL
$SiteOwners = @()
#Get Site Owners for each site collection
$Sites | ForEach-Object {
If($_.Template -like 'GROUP*')
{
$Site = Get-SPOSite -Identity $_.URL
#Get Group Owners
$GroupOwners = (Get-AzureADGroupOwner -ObjectId $Site.GroupID | Select -ExpandProperty UserPrincipalName) -join "; "
}
Else
{
$GroupOwners = $_.Owner
}
#Collect Data
$SiteOwners += New-Object PSObject -Property @{
'Site Title' = $_.Title
'URL' = $_.Url
'Owner(s)' = $GroupOwners
}
}
#Get Site Owners
$SiteOwners
#Export Site Owners report to CSV
$SiteOwners | Export-Csv -path $CSVPath -NoTypeInformation
I need to get all the owners of all the SharePoint sites in the tenancy, there are over 1000 sites in the tenancy
11 Replies
- Hi everyone,
I'm trying to retrieve all SharePoint site groups along with their respective owners, members, visitors, and guests. While I can see visitors from the admin center and SharePoint admin center, my script encounters "access denied" errors when I run it. Interestingly, the script works perfectly on a test site where I've given our admin account site admin access.
Currently, I am trying to get owners, members, guests, channels, sharepoint site list from Teams and visitors from sharepoint using Get-SPOSiteGroup. I am getting every info instead of visitors if i run a loop. If i run a script for a particular site then it gives the visitors easily.
Is there a different parameter I should be using, or is my approach incorrect for retrieving visitors from Teams-enabled sites? Any guidance or suggestions would be greatly appreciated!
I've put my question on another discussion
https://techcommunity.microsoft.com/t5/microsoft-teams/retrieving-sharepoint-site-visitors-using-powershell-script/m-p/4198417/highlight/true#M134924
Thanks in advance!- Are you Site Collection Admin of the site where you get error? Being SharePoint Admin is not enough for running Get-SPOSiteGroup
Just for clarification - currently only 1 member of the "Site admins" are being listed for each site instead all the members of the "Site members" group which is what I need. There are the following groups for classic SharePoint sites - Site admin, Site owners, Site members and Site visitors - it is the Site owners members that I am interested in.
If I remember well, this script should give you all the users inside the SharePoint Groups "Site Owners" and "Site Members": https://github.com/Barbarur/NovaPointPowerShell/blob/main/Solutions/Report/Permissions%20report%20of%20a%20SharePoint%20Online%20Site.md#users-with-access-at-the-site-level
Also the app NovaPoint (https://github.com/Barbarur/NovaPoint) can help with it. Using this Solution https://github.com/Barbarur/NovaPoint/wiki/Solution-Report-SiteAllReport, it will give you the users inside the SharePoint Groups "Owners" and "Members" and if inside those groups you have a Security Group, it will give you also the users inside those Security Groups.
In practice you will get a report with all users inside all the SharePoint Groups and Security Groups with Access to the site. The report is structured to show which users are inside which SharePoint Group/Security Group, so you can easily filter out the "owners" and "members" from the final report.
Thank you Barbarur, I used the script you mention (https://github.com/Barbarur/NovaPointPowerShell/blob/main/Solutions/Report/Permissions%20report%20of%20a%20SharePoint%20Online%20Site.md#users-with-access-at-the-site-level)
Which worked to give me the site owners of standalone/classic sharepoint sites, but not the owners of associated SharePoint sites (linked) to a Team.
Do you know how I can get the list of owners of Teams (and the associated) SharePoint site?Thank you for your help
The term "Owners" is a bit misleading in SharePoint, what do you need?
#1 - Owners of the MS365 Group linked to the Teams Site? These users have Admin permissions on the Site.
#2 - Users in the SharePoint Group "Owners"? These users have only Full Control permissions.
For #1 you can run this script: https://github.com/Barbarur/NovaPointPowerShell/blob/main/Solutions/Report/Permissions%20report%20of%20a%20SharePoint%20Online%20Site.md#user-with-full-control-at-the-site-level
For #2 you can run this other script: https://github.com/Barbarur/NovaPointPowerShell/blob/main/Solutions/Report/Admins%20of%20all%20Sites%20Collections%20report.md
An easier approach would be using the free open-source app NovaPoint: https://github.com/Barbarur/NovaPoint
You can easily obtain these reports with few clicks. One of the report solutions on this app is "All Site Collections and Subsites" which includes the Admins and users with all type of Site access permissions, including users inside MS365/Security Groups.
Here is more information about how this Solution works: https://github.com/Barbarur/NovaPoint/wiki/Solution-Report-SiteAllReport
- None of the links are alive any more, except for NovaPoint
- The repository is still alive; https://github.com/Barbarur/NovaPointPowerShell
The ones I shared before are under "Solutions" > "Reports". I don't add the full link to avoid the same issue as above, as this repository is less static on the naming.
You can have a look also to NovaPoint: https://github.com/Barbarur/NovaPoint. I have it improve the permissions report solution.
Brandccc Not sure single script will help you for this .
The script using by you get sharepoint owners that are group connected. So using Sharepoint admin account you can get group owners but not 100% real owners who have conrol eplictly on sharepoint only .
To get owners on classic sites or sites that connected to groups Use below >
Use filter to get sites that are not group connected:$SiteCollections=Get-PnPTenantSite -Filter "Url -like $TenantURL -and Url -notlike '-my.sharepoint.com/' -and Url -notlike '/portals/' "
$Reports = $SiteCollections | Where {$_.GroupId -eq '00000000-0000-0000-0000-000000000000'}
Now use above url to save to csv file and read each site and get owners.foreach ($row in $csvFile)
{try {
Connect-PnPOnline $row.url -Interactive
$webdetails = Get-PnPWeb
try
{
$ownergroup = Get-PnPGroup -AssociatedOwnerGroup
}
catch
{
Write-Host $_.Exception.Message for site $row.URL
}
$groupmembers = $null
$groupmembersname=$nullForeach($member in $ownergroup.Users)
{
$groupmembers = $groupmembers+$member.Email+";"
}
Foreach($member in $ownergroup.Users)
{
$groupmembersname = $groupmembersname + $member.LoginName + ";"
}
# Update the values in the new columns based on existing columns
$row.'Owner group' = $ownergroup.Title
$row.'Owner group Members'=$groupmembers
$row.'Owner group MembersName'=$groupmembersname
}
catch
{
Write-Host "Error in getting site usage report:" $row.url $_.Exception.Message -ForegroundColor Red
$errorUrl = $row.url -join [Environment]::NewLine
}
}
