List all Site Collection Admins Powershell

%3CLINGO-SUB%20id%3D%22lingo-sub-264135%22%20slang%3D%22en-US%22%3EList%20all%20Site%20Collection%20Admins%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-264135%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20get%20all%20site%20collection%20admin%20for%20the%20sites%20in%20the%20tenant%20using%20Powershell.%20However%2C%20the%20cmdlet%26nbsp%3BGet-SPOSite%20fetches%20only%20the%20primary%20site%20collection%20admins.%20The%20only%20way%20to%20get%20all%20is%20if%20I%20grant%20my%20admin%20account%20access%20to%20the%20site%20collections.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20the%20site%20collection%20admins%20can%20be%20viewed%20from%20the%20admin%20console%2C%20there%20should%20be%20a%20way%20to%20get%20them.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20cmdlet%20or%20api%20that%20I%20can%20add%20to%20my%20script%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3CP%3EBhavpreet%20Bains%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-264135%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-264975%22%20slang%3D%22en-US%22%3ERe%3A%20List%20all%20Site%20Collection%20Admins%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-264975%22%20slang%3D%22en-US%22%3EHello%2C%3CBR%20%2F%3E%3CBR%20%2F%3ETo%20run%20cmdlet%20Get-SPOUser%2C%20you%20must%20be%20a%20SharePoint%20Online%20global%20administrator%20and%20a%20site%20collection%20administrator.%20I%20am%20looking%20for%20something%20for%20which%20I%20don't%20have%20to%20grant%20site%20collection%20admin%20access%20to%20my%20account.%3CBR%20%2F%3ESince%20the%20secondary%20admins%20are%20available%20from%20SharePoint%20Admin%20console%2C%20the%20admin%20account%20should%20atleast%20be%20able%20to%20get%20them.%3CBR%20%2F%3EAlso%2C%20we%20can%20grant%20a%20user%20site%20collection%20admin%20(using%20powershell)%20without%20granting%20site%20collection%20admin%20access%20to%20the%20admin%20account.%20So%2C%20I%20think%20there%20should%20be%20a%20way%20to%20fetch%20them%20without%20granting%20site%20collection%20admin%20access%20to%20the%20admin%20account.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-264257%22%20slang%3D%22en-US%22%3ERe%3A%20List%20all%20Site%20Collection%20Admins%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-264257%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20you%20try%20this%20script%20and%20let%20me%20know.%3C%2FP%3E%3CPRE%3E%24Creds%20%3D%20Get-Credential%0A%0A%20%20%24site%20%3D%20%E2%80%98https%3A%2F%2Ftenant-admin.sharepoint.com%E2%80%99%0A%0AConnect-SPOService%20-Url%20%24site%20-Credential%20%24Creds%0A%0A%24AllSites%3D%20Get-SPOSite%20-Limit%20All%0A%0A%24users%20%3D%20%40()%3B%0Aforeach%20(%24Allsite%20in%20%24AllSites)%0A%7B%0A%0A%24AllUsers%20%3D%20Get-SPOUser%20-Site%20%24AllSite.Url%20-Limit%20all%20%7C%20select%20DisplayName%2C%20LoginName%2CIsSiteAdmin%0A%24users%2B%3D%24AllUsers%0A%24AllUsers%20%3D%20%24null%0A%23Write-Host%20%24AllSite.Url%22%20completed%22%0A%0A%7D%0A%24users%20%7C%20Export-Csv%20-Path%20%22C%3A%5CUsers%5CDesktop%5Callusers.csv%22%20-NoTypeInformation%20-Force%0A%0A%24Data%20%3D%20Import-Csv%20%22C%3A%5CUsers%5CDesktop%5Callusers.csv%22%0A%0Aforeach(%24aUser%20in%20%24Data)%0A%0A%7B%0A%0A%20%20if(%24aUser.IsSiteAdmin%20-eq%20%E2%80%9CTrue%E2%80%9D)%0A%0A%20%20%7B%0A%0A%20%20%20%20Write-Host%20%24aUser.DisplayName%20%24aUser.LoginName%0A%0A%20%20%7D%0A%20%20%7D%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-680717%22%20slang%3D%22en-US%22%3ERe%3A%20List%20all%20Site%20Collection%20Admins%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-680717%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F45180%22%20target%3D%22_blank%22%3E%40Bhavpreet%20Bains%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThese%20commands%20can%20be%20run%20with%20Sharepoint%20Administrator%20rights%20and%20do%20not%20require%20SiteCollectionAdmin%20permissions%20to%20the%20site%20you're%20modifying.%20Do%20not%20run%20this%20as%20a%20script%20--%20this%20is%20a%20reference%20document%20for%20you%20to%20be%20able%20to%20implement%20functionality%20into%20your%20application.%20Use%20at%20your%20own%20risk%20and%20use%20context%20to%20understand%20what%20the%20commands%20do%20before%20you%20run%20them.%3C%2FP%3E%3CDIV%3E%3CPRE%3E%3CSPAN%3E%23%20ONEDRIVE%20SITE%20MANAGEMENT%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20Assuming%20you%20have%20the%20SPO%2FPnP%20modules%20installed%20from%20MS%20already%2C%20found%20here%3A%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fsharepoint%2Fsharepoint-online%2Fconnect-sharepoint-online%3Fview%3Dsharepoint-ps%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D35588%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20Uncomment%20the%20%22Install-Module%22s%20if%20you%20haven't%20already%20installed%20the%20modules%20in%20PS%20after%20installing%20them%20to%20your%20machine%20using%20the%20links%20above.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20Install-Module%20-Name%20Microsoft.Online.SharePoint.PowerShell%20-ErrorAction%20Stop%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EImport-Module%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EName%20Microsoft.Online.SharePoint.PowerShell%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20Install-Module%20SharePointPnPPowerShellOnline%20-ErrorAction%20Stop%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EImport-Module%3C%2FSPAN%3E%3CSPAN%3E%20SharePointPnPPowerShellOnline%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3E%24365cred%3C%2FSPAN%3E%20%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%20(%3C%2FSPAN%3E%3CSPAN%3EGet-Credential%3C%2FSPAN%3E%3CSPAN%3E)%3CBR%20%2F%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20Get%20PersonalUrl%20of%20a%20OneDrive%20site%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%24upn%3C%2FSPAN%3E%20%3CSPAN%3E%3D%3C%2FSPAN%3E%20%3CSPAN%3E'john.doe%40domain.com'%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%24tenantName%3C%2FSPAN%3E%20%3CSPAN%3E%3D%3C%2FSPAN%3E%20%3CSPAN%3E'domain-admin'%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EConnect-PnPOnline%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EUrl%20%3C%2FSPAN%3E%3CSPAN%3E%22https%3A%2F%2F%24(%3C%2FSPAN%3E%3CSPAN%3E%24tenantname%3C%2FSPAN%3E%3CSPAN%3E).sharepoint.com%22%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3ECredentials%20%3C%2FSPAN%3E%3CSPAN%3E%24365Cred%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%24url%3C%2FSPAN%3E%20%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%20(%3C%2FSPAN%3E%3CSPAN%3EGet-PnPUserProfileProperty%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EAccount%20%3C%2FSPAN%3E%3CSPAN%3E%24upn%3C%2FSPAN%3E%3CSPAN%3E).PersonalUrl%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EDisconnect-PnPOnline%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20or%20%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20Manual%20override%20if%20siteUrl%20known%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20%24url%20%3D%20%22https%3A%2F%2F%24(%24tenantname).sharepoint.com%2Fpersonal%2Fjohn_doe_domain_com%22%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20Get%20information%20about%20a%20OneDrive%20site%20incl.%20SiteCollectionAdmins%20%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20(requires%20personalUrl)%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EConnect-SPOService%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EURL%20%3C%2FSPAN%3E%3CSPAN%3E%22https%3A%2F%2F%24(%3C%2FSPAN%3E%3CSPAN%3E%24tenantname%3C%2FSPAN%3E%3CSPAN%3E).sharepoint.com%22%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3ECredential%20%3C%2FSPAN%3E%3CSPAN%3E%24365Cred%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EGet-SPOSite%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EIdentity%20%3C%2FSPAN%3E%3CSPAN%3E%24url%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EDetailed%20%3C%2FSPAN%3E%3CSPAN%3E%7C%3C%2FSPAN%3E%20%3CSPAN%3EFormat-List%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EGet-SPOUser%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3ESite%20%3C%2FSPAN%3E%3CSPAN%3E%24url%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3ELimit%20all%20%3C%2FSPAN%3E%3CSPAN%3E%7C%3C%2FSPAN%3E%20%3CSPAN%3ESelect-Object%3C%2FSPAN%3E%3CSPAN%3E%20DisplayName%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20LoginName%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20IsSiteAdmin%20%3C%2FSPAN%3E%3CSPAN%3E%7C%3C%2FSPAN%3E%20%3CSPAN%3ESort-Object%3C%2FSPAN%3E%3CSPAN%3E%20IsSiteAdmin%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20DisplayName%20%3C%2FSPAN%3E%3CSPAN%3E%7C%3C%2FSPAN%3E%20%3CSPAN%3EFormat-Table%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EGroupBy%20IsSiteAdmin%20%3C%2FSPAN%3E%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EAutoSize%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20Add%20a%20user%20to%20site%20owner%20access%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3ESet-SPOUser%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3ESite%20%3C%2FSPAN%3E%3CSPAN%3E%24url%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3ELoginName%20%3C%2FSPAN%3E%3CSPAN%3E%22upnOfUserToAdd%22%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EIsSiteCollectionAdmin%20%3C%2FSPAN%3E%3CSPAN%3E%24true%3CBR%20%2F%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%23%20Remove%20a%20user%20from%20site%20owner%20access%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3ESet-SPOUser%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3ESite%20%3C%2FSPAN%3E%3CSPAN%3E%24url%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3ELoginName%20%3C%2FSPAN%3E%3CSPAN%3E%22upnOfUserToRemove%22%3C%2FSPAN%3E%20%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3EIsSiteCollectionAdmin%20%3C%2FSPAN%3E%3CSPAN%3E%24false%3C%2FSPAN%3E%3C%2FPRE%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1141349%22%20slang%3D%22en-US%22%3ERe%3A%20List%20all%20Site%20Collection%20Admins%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1141349%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F357578%22%20target%3D%22_blank%22%3E%40bmartin921%3C%2FA%3E%2C%26nbsp%3BThanks%20for%20the%20details%20and%20the%20thoughts.%26nbsp%3B%20Unfortunately%2C%20I'm%20in%20the%20same%20boat%20as%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F45180%22%20target%3D%22_blank%22%3E%40Bhavpreet%20Bains.%3C%2FA%3E%26nbsp%3B%20The%20commands%20work%20to%20add%20and%20remove%20Site%20Collection%20Admins%20even%20if%20you're%20not%20a%20site%20collection%20admin%2C%20but%20they%20cannot%20VIEW%20the%20existing%20site%20collection%20admins%20unless%20you%20are%20also%20a%20site%20collection%20admin.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20surprised%20Microsoft%20hasn't%20updated%20the%20commands%20to%20allow%20that%20functionality%20for%20Office%20365%20Global%20Admins%20and%20SharePoint%20Admins.%26nbsp%3B%20Another%20option%20is%20for%20MSFT%20to%20build%20in%20such%20an%20audit%20report%20into%20the%20Office%20365%20or%20SharePoint%20admin%20sites.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20next%20option%20is%20to%20write%20a%20script%20that%20does%20the%20following%3A%3C%2FP%3E%3COL%3E%3CLI%3EPull%20the%20list%20of%20admins%3C%2FLI%3E%3CLI%3EIf%20I%20get%20results%2C%20great%3C%2FLI%3E%3CLI%3EIf%20I%20get%20no%20results%20add%20myself%20as%20an%20admin%3C%2FLI%3E%3CLI%3EPull%20the%20list%20of%20admins%3C%2FLI%3E%3CLI%3ERemove%20my%20admin%20access%3C%2FLI%3E%3C%2FOL%3E%3CP%3EIt's%20messy%2C%20but%20it%20should%20do%20the%20trick.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1493776%22%20slang%3D%22en-US%22%3ERe%3A%20List%20all%20Site%20Collection%20Admins%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1493776%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F32161%22%20target%3D%22_blank%22%3E%40Alex%20Carlock%3C%2FA%3E%26nbsp%3Bdid%20you%20manage%20to%20get%20it%20work%20the%20way%20you%20wanted%3F%20I'm%20struggling%20with%20the%20same%20thing%20now%20and%20**bleep**%2C%20this%20is%20such%20a%20simple%20and%20basic%20thing%20that%20it%20must%20be%20somehow%20available...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1494110%22%20slang%3D%22en-US%22%3ERe%3A%20List%20all%20Site%20Collection%20Admins%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1494110%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F427931%22%20target%3D%22_blank%22%3E%40Malgorzata_SITS%3C%2FA%3E%2C%26nbsp%3BI%20ended%20up%20doing%20what%20I%20suggested%20above.%26nbsp%3B%20That%20was%20the%20only%20workaround%20I%20could%20come%20up%20with.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere's%20the%20last%20powershell%20script%20I%20ended%20up%20with%20(It%20was%20quick%20and%20dirty%2C%20so%20no%20warranties%2C%20use%20at%20your%20own%20risk%2C%20etc.)%26nbsp%3B%20You'll%20need%20to%20update%20%22domain%22%20to%20be%20your%20own.%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3E%24username%20%3D%20%22%24env%3Ausername%40domain.com%22%0A%24Sites%20%3D%20Get-SPOSite%20-IncludePersonalSite%20%24true%20-Limit%20all%20-Filter%20%22Url%20-like%20'domain-my.sharepoint.com%2Fpersonal%2F'%22%0Aforeach%20(%24Site%20in%20%24sites)%20%7B%0A%20%24URL%20%3D%20%24Site.URL%0A%20%24Admins%20%3D%20Get-SPOUser%20-Site%20%24URL%20-Limit%20all%20%7C%20Where%20IsSiteAdmin%20-eq%20%24True%20%7C%20Select-Object%20%40%7BLabel%3D%22Site%22%3BExpression%3D%7B%22%24URL%22%7D%7D%2C%40%7BLabel%3D%22AdminName%22%3BExpression%3D%7B%24_.DisplayName%7D%7D%2C%20%40%7BLabel%3D%22AdminLogin%22%3BExpression%3D%7B%24_.LoginName%7D%7D%2C%20%40%7BLabel%3D%22RemoveNonOwnerAdmin%22%3BExpression%3D%7BIf%20(%24URL.replace(%22https%3A%2F%2Fdomain-my.sharepoint.com%2Fpersonal%2F%22%2C%22%22)%20-ne%20%24_.LoginName.replace(%22%40%22%2C%22_%22).replace(%22.%22%2C%22_%22))%20%7B%22Set-SPOUser%20-Site%20%24URL%20-LoginName%20%24(%24_.LoginName)%20-IsSiteCollectionAdmin%20%60%24False%22%7D%20else%20%7B%22%22%7D%7D%7D%0A%20if%20(%24Admins)%20%7B%0A%20%20%24Admins%20%7C%20export-csv%20c%3A%5Ctemp%5COneDriveAdmins.csv%20-NoTypeInformation%20-append%20-encoding%20ASCII%0A%20%20%7D%20else%20%7B%0A%20%20Set-SPOUser%20-Site%20%24URL%20-LoginName%20%24username%20-IsSiteCollectionAdmin%20%24true%0A%20%20Get-SPOUser%20-Site%20%24URL%20-Limit%20all%20%7C%20Where%20%7B%24_.IsSiteAdmin%20-eq%20%24True%20-and%20%24_.LoginName%20-ne%20%24username%7D%20%7C%20Select-Object%20%40%7BLabel%3D%22Site%22%3BExpression%3D%7B%22%24URL%22%7D%7D%2C%40%7BLabel%3D%22AdminName%22%3BExpression%3D%7B%24_.DisplayName%7D%7D%2C%20%40%7BLabel%3D%22AdminLogin%22%3BExpression%3D%7B%24_.LoginName%7D%7D%2C%20%40%7BLabel%3D%22RemoveNonOwnerAdmin%22%3BExpression%3D%7BIf%20(%24URL.replace(%22https%3A%2F%2Fdomain-my.sharepoint.com%2Fpersonal%2F%22%2C%22%22)%20-ne%20%24_.LoginName.replace(%22%40%22%2C%22_%22).replace(%22.%22%2C%22_%22))%20%7B%22Set-SPOUser%20-Site%20%24URL%20-LoginName%20%24(%24_.LoginName)%20-IsSiteCollectionAdmin%20%60%24False%22%7D%20else%20%7B%22%22%7D%7D%7D%20%7C%20export-csv%20c%3A%5Ctemp%5COneDriveAdmins.csv%20-NoTypeInformation%20-append%20-encoding%20ASCII%0A%20%20Set-SPOUser%20-Site%20%24URL%20-LoginName%20%24username%20-IsSiteCollectionAdmin%20%24false%0A%20%20%7D%0A%7D%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Hello,

 

I am trying to get all site collection admin for the sites in the tenant using Powershell. However, the cmdlet Get-SPOSite fetches only the primary site collection admins. The only way to get all is if I grant my admin account access to the site collections. 

 

Since the site collection admins can be viewed from the admin console, there should be a way to get them.

 

Is there any cmdlet or api that I can add to my script?

 

Thank you.

Bhavpreet Bains

6 Replies

Can you try this script and let me know.

$Creds = Get-Credential

  $site = ‘https://tenant-admin.sharepoint.com’

Connect-SPOService -Url $site -Credential $Creds

$AllSites= Get-SPOSite -Limit All

$users = @();
foreach ($Allsite in $AllSites)
{

$AllUsers = Get-SPOUser -Site $AllSite.Url -Limit all | select DisplayName, LoginName,IsSiteAdmin
$users+=$AllUsers
$AllUsers = $null
#Write-Host $AllSite.Url" completed"

}
$users | Export-Csv -Path "C:\Users\Desktop\allusers.csv" -NoTypeInformation -Force

$Data = Import-Csv "C:\Users\Desktop\allusers.csv"

foreach($aUser in $Data)

{

  if($aUser.IsSiteAdmin -eq “True”)

  {

    Write-Host $aUser.DisplayName $aUser.LoginName

  }
  }

 

Hello,

To run cmdlet Get-SPOUser, you must be a SharePoint Online global administrator and a site collection administrator. I am looking for something for which I don't have to grant site collection admin access to my account.
Since the secondary admins are available from SharePoint Admin console, the admin account should atleast be able to get them.
Also, we can grant a user site collection admin (using powershell) without granting site collection admin access to the admin account. So, I think there should be a way to fetch them without granting site collection admin access to the admin account.

@Bhavpreet Bains 

 

These commands can be run with Sharepoint Administrator rights and do not require SiteCollectionAdmin permissions to the site you're modifying. Do not run this as a script -- this is a reference document for you to be able to implement functionality into your application. Use at your own risk and use context to understand what the commands do before you run them.

# ONEDRIVE SITE MANAGEMENT

# Assuming you have the SPO/PnP modules installed from MS already, found here:
# https://docs.microsoft.com/en-us/powershell/sharepoint/sharepoint-online/connect-sharepoint-online?view=sharepoint-ps
# https://www.microsoft.com/en-us/download/details.aspx?id=35588

# Uncomment the "Install-Module"s if you haven't already installed the modules in PS after installing them to your machine using the links above.
# Install-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction Stop
Import-Module -Name Microsoft.Online.SharePoint.PowerShell
# Install-Module SharePointPnPPowerShellOnline -ErrorAction Stop
Import-Module SharePointPnPPowerShellOnline

$365cred = (Get-Credential)

# Get PersonalUrl of a OneDrive site
$upn = 'john.doe@domain.com'
$tenantName = 'domain-admin'
Connect-PnPOnline -Url "https://$($tenantname).sharepoint.com" -Credentials $365Cred
$url = (Get-PnPUserProfileProperty -Account $upn).PersonalUrl
Disconnect-PnPOnline

# or
# Manual override if siteUrl known
# $url = "https://$($tenantname).sharepoint.com/personal/john_doe_domain_com"


# Get information about a OneDrive site incl. SiteCollectionAdmins
# (requires personalUrl)
Connect-SPOService -URL "https://$($tenantname).sharepoint.com" -Credential $365Cred
Get-SPOSite -Identity $url -Detailed | Format-List
Get-SPOUser -Site $url -Limit all | Select-Object DisplayName, LoginName, IsSiteAdmin | Sort-Object IsSiteAdmin, DisplayName | Format-Table -GroupBy IsSiteAdmin -AutoSize

# Add a user to site owner access
Set-SPOUser -Site $url -LoginName "upnOfUserToAdd" -IsSiteCollectionAdmin $true

# Remove a user from site owner access
Set-SPOUser -Site $url -LoginName "upnOfUserToRemove" -IsSiteCollectionAdmin $false

@bmartin921, Thanks for the details and the thoughts.  Unfortunately, I'm in the same boat as @Bhavpreet Bains.  The commands work to add and remove Site Collection Admins even if you're not a site collection admin, but they cannot VIEW the existing site collection admins unless you are also a site collection admin.

 

I'm surprised Microsoft hasn't updated the commands to allow that functionality for Office 365 Global Admins and SharePoint Admins.  Another option is for MSFT to build in such an audit report into the Office 365 or SharePoint admin sites.

 

My next option is to write a script that does the following:

  1. Pull the list of admins
  2. If I get results, great
  3. If I get no results add myself as an admin
  4. Pull the list of admins
  5. Remove my admin access

It's messy, but it should do the trick.

@Alex Carlock did you manage to get it work the way you wanted? I'm struggling with the same thing now and **bleep**, this is such a simple and basic thing that it must be somehow available...

@Malgorzata_SITS, I ended up doing what I suggested above.  That was the only workaround I could come up with.

 

Here's the last powershell script I ended up with (It was quick and dirty, so no warranties, use at your own risk, etc.)  You'll need to update "domain" to be your own.

$username = "$env:username@domain.com"
$Sites = Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like 'domain-my.sharepoint.com/personal/'"
foreach ($Site in $sites) {
	$URL = $Site.URL
	$Admins = Get-SPOUser -Site $URL -Limit all | Where IsSiteAdmin -eq $True | Select-Object @{Label="Site";Expression={"$URL"}},@{Label="AdminName";Expression={$_.DisplayName}}, @{Label="AdminLogin";Expression={$_.LoginName}}, @{Label="RemoveNonOwnerAdmin";Expression={If ($URL.replace("https://domain-my.sharepoint.com/personal/","") -ne $_.LoginName.replace("@","_").replace(".","_")) {"Set-SPOUser -Site $URL -LoginName $($_.LoginName) -IsSiteCollectionAdmin `$False"} else {""}}}
	if ($Admins) {
		$Admins | export-csv c:\temp\OneDriveAdmins.csv -NoTypeInformation -append -encoding ASCII
		} else {
		Set-SPOUser -Site $URL -LoginName $username -IsSiteCollectionAdmin $true
		Get-SPOUser -Site $URL -Limit all | Where {$_.IsSiteAdmin -eq $True -and $_.LoginName -ne $username} | Select-Object @{Label="Site";Expression={"$URL"}},@{Label="AdminName";Expression={$_.DisplayName}}, @{Label="AdminLogin";Expression={$_.LoginName}}, @{Label="RemoveNonOwnerAdmin";Expression={If ($URL.replace("https://domain-my.sharepoint.com/personal/","") -ne $_.LoginName.replace("@","_").replace(".","_")) {"Set-SPOUser -Site $URL -LoginName $($_.LoginName) -IsSiteCollectionAdmin `$False"} else {""}}} | export-csv c:\temp\OneDriveAdmins.csv -NoTypeInformation -append -encoding ASCII
		Set-SPOUser -Site $URL -LoginName $username -IsSiteCollectionAdmin $false
		}
}