Forum Discussion
List all Site Collection Admins Powershell
Hello,
I am trying to get all site collection admin for the sites in the tenant using Powershell. However, the cmdlet Get-SPOSite fetches only the primary site collection admins. The only way to get all is if I grant my admin account access to the site collections.
Since the site collection admins can be viewed from the admin console, there should be a way to get them.
Is there any cmdlet or api that I can add to my script?
Thank you.
Bhavpreet Bains
8 Replies
Can you try this script and let me know.
$Creds = Get-Credential $site = ‘https://tenant-admin.sharepoint.com’ Connect-SPOService -Url $site -Credential $Creds $AllSites= Get-SPOSite -Limit All $users = @(); foreach ($Allsite in $AllSites) { $AllUsers = Get-SPOUser -Site $AllSite.Url -Limit all | select DisplayName, LoginName,IsSiteAdmin $users+=$AllUsers $AllUsers = $null #Write-Host $AllSite.Url" completed" } $users | Export-Csv -Path "C:\Users\Desktop\allusers.csv" -NoTypeInformation -Force $Data = Import-Csv "C:\Users\Desktop\allusers.csv" foreach($aUser in $Data) { if($aUser.IsSiteAdmin -eq “True”) { Write-Host $aUser.DisplayName $aUser.LoginName } }- Hello,
To run cmdlet Get-SPOUser, you must be a SharePoint Online global administrator and a site collection administrator. I am looking for something for which I don't have to grant site collection admin access to my account.
Since the secondary admins are available from SharePoint Admin console, the admin account should atleast be able to get them.
Also, we can grant a user site collection admin (using powershell) without granting site collection admin access to the admin account. So, I think there should be a way to fetch them without granting site collection admin access to the admin account.These commands can be run with Sharepoint Administrator rights and do not require SiteCollectionAdmin permissions to the site you're modifying. Do not run this as a script -- this is a reference document for you to be able to implement functionality into your application. Use at your own risk and use context to understand what the commands do before you run them.
# ONEDRIVE SITE MANAGEMENT
# Assuming you have the SPO/PnP modules installed from MS already, found here:
# https://docs.microsoft.com/en-us/powershell/sharepoint/sharepoint-online/connect-sharepoint-online?view=sharepoint-ps
# https://www.microsoft.com/en-us/download/details.aspx?id=35588
# Uncomment the "Install-Module"s if you haven't already installed the modules in PS after installing them to your machine using the links above.
# Install-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction Stop
Import-Module -Name Microsoft.Online.SharePoint.PowerShell
# Install-Module SharePointPnPPowerShellOnline -ErrorAction Stop
Import-Module SharePointPnPPowerShellOnline
$365cred = (Get-Credential)
# Get PersonalUrl of a OneDrive site
$upn = 'john.doe@domain.com'
$tenantName = 'domain-admin'
Connect-PnPOnline -Url "https://$($tenantname).sharepoint.com" -Credentials $365Cred
$url = (Get-PnPUserProfileProperty -Account $upn).PersonalUrl
Disconnect-PnPOnline
# or
# Manual override if siteUrl known
# $url = "https://$($tenantname).sharepoint.com/personal/john_doe_domain_com"
# Get information about a OneDrive site incl. SiteCollectionAdmins
# (requires personalUrl)
Connect-SPOService -URL "https://$($tenantname).sharepoint.com" -Credential $365Cred
Get-SPOSite -Identity $url -Detailed | Format-List
Get-SPOUser -Site $url -Limit all | Select-Object DisplayName, LoginName, IsSiteAdmin | Sort-Object IsSiteAdmin, DisplayName | Format-Table -GroupBy IsSiteAdmin -AutoSize
# Add a user to site owner access
Set-SPOUser -Site $url -LoginName "upnOfUserToAdd" -IsSiteCollectionAdmin $true
# Remove a user from site owner access
Set-SPOUser -Site $url -LoginName "upnOfUserToRemove" -IsSiteCollectionAdmin $false
