Sep 28 2018 05:37 AM
Hello,
I am trying to get all site collection admin for the sites in the tenant using Powershell. However, the cmdlet Get-SPOSite fetches only the primary site collection admins. The only way to get all is if I grant my admin account access to the site collections.
Since the site collection admins can be viewed from the admin console, there should be a way to get them.
Is there any cmdlet or api that I can add to my script?
Thank you.
Bhavpreet Bains
Sep 28 2018 08:06 AM
Can you try this script and let me know.
$Creds = Get-Credential $site = ‘https://tenant-admin.sharepoint.com’ Connect-SPOService -Url $site -Credential $Creds $AllSites= Get-SPOSite -Limit All $users = @(); foreach ($Allsite in $AllSites) { $AllUsers = Get-SPOUser -Site $AllSite.Url -Limit all | select DisplayName, LoginName,IsSiteAdmin $users+=$AllUsers $AllUsers = $null #Write-Host $AllSite.Url" completed" } $users | Export-Csv -Path "C:\Users\Desktop\allusers.csv" -NoTypeInformation -Force $Data = Import-Csv "C:\Users\Desktop\allusers.csv" foreach($aUser in $Data) { if($aUser.IsSiteAdmin -eq “True”) { Write-Host $aUser.DisplayName $aUser.LoginName } }
Oct 01 2018 06:50 AM
Jun 10 2019 08:26 AM
These commands can be run with Sharepoint Administrator rights and do not require SiteCollectionAdmin permissions to the site you're modifying. Do not run this as a script -- this is a reference document for you to be able to implement functionality into your application. Use at your own risk and use context to understand what the commands do before you run them.
# ONEDRIVE SITE MANAGEMENT
# Assuming you have the SPO/PnP modules installed from MS already, found here:
# https://docs.microsoft.com/en-us/powershell/sharepoint/sharepoint-online/connect-sharepoint-online?view=sharepoint-ps
# https://www.microsoft.com/en-us/download/details.aspx?id=35588
# Uncomment the "Install-Module"s if you haven't already installed the modules in PS after installing them to your machine using the links above.
# Install-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction Stop
Import-Module -Name Microsoft.Online.SharePoint.PowerShell
# Install-Module SharePointPnPPowerShellOnline -ErrorAction Stop
Import-Module SharePointPnPPowerShellOnline
$365cred = (Get-Credential)
# Get PersonalUrl of a OneDrive site
$upn = 'john.doe@domain.com'
$tenantName = 'domain-admin'
Connect-PnPOnline -Url "https://$($tenantname).sharepoint.com" -Credentials $365Cred
$url = (Get-PnPUserProfileProperty -Account $upn).PersonalUrl
Disconnect-PnPOnline
# or
# Manual override if siteUrl known
# $url = "https://$($tenantname).sharepoint.com/personal/john_doe_domain_com"
# Get information about a OneDrive site incl. SiteCollectionAdmins
# (requires personalUrl)
Connect-SPOService -URL "https://$($tenantname).sharepoint.com" -Credential $365Cred
Get-SPOSite -Identity $url -Detailed | Format-List
Get-SPOUser -Site $url -Limit all | Select-Object DisplayName, LoginName, IsSiteAdmin | Sort-Object IsSiteAdmin, DisplayName | Format-Table -GroupBy IsSiteAdmin -AutoSize
# Add a user to site owner access
Set-SPOUser -Site $url -LoginName "upnOfUserToAdd" -IsSiteCollectionAdmin $true
# Remove a user from site owner access
Set-SPOUser -Site $url -LoginName "upnOfUserToRemove" -IsSiteCollectionAdmin $false
Jan 30 2020 11:21 AM
@bmartin921, Thanks for the details and the thoughts. Unfortunately, I'm in the same boat as @Bhavpreet Bains. The commands work to add and remove Site Collection Admins even if you're not a site collection admin, but they cannot VIEW the existing site collection admins unless you are also a site collection admin.
I'm surprised Microsoft hasn't updated the commands to allow that functionality for Office 365 Global Admins and SharePoint Admins. Another option is for MSFT to build in such an audit report into the Office 365 or SharePoint admin sites.
My next option is to write a script that does the following:
It's messy, but it should do the trick.
Jun 27 2020 06:01 AM
@Alex Carlock did you manage to get it work the way you wanted? I'm struggling with the same thing now and **bleep**, this is such a simple and basic thing that it must be somehow available...
Jun 27 2020 12:37 PM
@Malgorzata_SITS, I ended up doing what I suggested above. That was the only workaround I could come up with.
Here's the last powershell script I ended up with (It was quick and dirty, so no warranties, use at your own risk, etc.) You'll need to update "domain" to be your own.
$username = "$env:username@domain.com"
$Sites = Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like 'domain-my.sharepoint.com/personal/'"
foreach ($Site in $sites) {
$URL = $Site.URL
$Admins = Get-SPOUser -Site $URL -Limit all | Where IsSiteAdmin -eq $True | Select-Object @{Label="Site";Expression={"$URL"}},@{Label="AdminName";Expression={$_.DisplayName}}, @{Label="AdminLogin";Expression={$_.LoginName}}, @{Label="RemoveNonOwnerAdmin";Expression={If ($URL.replace("https://domain-my.sharepoint.com/personal/","") -ne $_.LoginName.replace("@","_").replace(".","_")) {"Set-SPOUser -Site $URL -LoginName $($_.LoginName) -IsSiteCollectionAdmin `$False"} else {""}}}
if ($Admins) {
$Admins | export-csv c:\temp\OneDriveAdmins.csv -NoTypeInformation -append -encoding ASCII
} else {
Set-SPOUser -Site $URL -LoginName $username -IsSiteCollectionAdmin $true
Get-SPOUser -Site $URL -Limit all | Where {$_.IsSiteAdmin -eq $True -and $_.LoginName -ne $username} | Select-Object @{Label="Site";Expression={"$URL"}},@{Label="AdminName";Expression={$_.DisplayName}}, @{Label="AdminLogin";Expression={$_.LoginName}}, @{Label="RemoveNonOwnerAdmin";Expression={If ($URL.replace("https://domain-my.sharepoint.com/personal/","") -ne $_.LoginName.replace("@","_").replace(".","_")) {"Set-SPOUser -Site $URL -LoginName $($_.LoginName) -IsSiteCollectionAdmin `$False"} else {""}}} | export-csv c:\temp\OneDriveAdmins.csv -NoTypeInformation -append -encoding ASCII
Set-SPOUser -Site $URL -LoginName $username -IsSiteCollectionAdmin $false
}
}
Dec 10 2021 08:38 AM
Hello @Alex Carlock were you able to get a script to get all the sites with site admins
Dec 10 2021 08:55 AM