SharePoint Security Group Owner

%3CLINGO-SUB%20id%3D%22lingo-sub-677307%22%20slang%3D%22en-US%22%3ESharePoint%20Security%20Group%20Owner%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-677307%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20Day%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20going%20through%20clean%20up%20efforts%20against%20our%20SharePoint%202013%20and%20SharePoint%202016%20on%20premise%20environments.%20We%20have%20found%20users%20who%20left%20the%20firm%20(their%20AD%20accounts%20disabled)%20to%20be%20listed%20as%20owners%20of%20SharePoint%20Security%20Groups.%26nbsp%3B%20We%20are%20then%20looking%20at%20programmatically%20removing%20those%20user%20accounts%20from%20being%20the%20owners%20of%20SharePoint%20security%20groups%20and%20this%20is%20we%20have%20some%20questions.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENormally%20as%20we%20manually%20update%20the%20ownership%20of%20a%20SharePoint%20Security%20Group%20we%20cannot%20leave%20empty%20the%20owners%20field.%26nbsp%3B%20As%20we%20look%20to%20run%20PowerShell%20operations%20to%20remove%20users%20accounts%20as%20owners%20for%20several%20SharePoint%20Security%20Groups%2C%20what%20would%20happen%20if%20we%20do%20not%20have%20a%20replacement%20account%20to%20become%20the%20new%20SharePoint%20Security%20Group%20Owner%2C%20will%20the%20PowerShell%20operation%20throw%20some%20sort%20of%20error%20that%20the%20existing%20account%20cannot%20be%20removed%20as%20since%20group%20ownership%20cannot%20be%20left%20unpopulated%3F%20Thank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-677307%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-677654%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20Security%20Group%20Owner%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-677654%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F18815%22%20target%3D%22_blank%22%3E%40Juan%20M%20Baena%3C%2FA%3E%26nbsp%3BAFAIK%2C%20using%20Powershell%20you%20can%20only%20change%20a%20Group%20owner%20but%20I%20am%20not%20sure%20if%20Powershell%20has%20any%20option%20to%20remove%20a%20Group%20owner%20without%20providing%20a%20replacement%20owner.%20Below%20is%20what%20happens%20if%20you%20do%20it%20through%20UI.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20a%20user%20is%20owner%20of%202%20groups%20(Let's%20say%20Group%20A%20%26amp%3B%20B).%20Now%20if%20you%20remove%20that%20user%20from%20the%20Site%20collection%20user%20info%20list%20(%3CA%20href%3D%22https%3A%2F%2Fextranet.opcw.org%2F_layouts%2F15%2Fpeople.aspx%3FMembershipGroupId%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsitecollectionurl%2F_layouts%2F15%2Fpeople.aspx%3FMembershipGroupId%3D0%3C%2FA%3E)%2C%20then%20SharePoint%20will%20add%20you%20as%20the%20owner%20of%20the%20Group%20A%20%26amp%3B%20B.%20You%20need%20to%20be%20Site%20collection%20admin%20to%20try%20this%20out.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETry%20to%20configure%20Site%20collection%20Owner%20group%20as%20the%20group%20owner%20for%20all%20the%20groups%20instead%20of%20keeping%20a%20persons%20name%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-677765%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20Security%20Group%20Owner%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-677765%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F29544%22%20target%3D%22_blank%22%3E%40unnie%20ayilliath%3C%2FA%3E%26nbsp%3Bthank%20you%20we%20need%20to%20do%20some%20testing%20on%20this%20scenario%20just%20thought%20to%20ask%20beforehand%20to%20get%20a%20better%20idea%20of%20what%20to%20expect.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor

Good Day

 

We are going through clean up efforts against our SharePoint 2013 and SharePoint 2016 on premise environments. We have found users who left the firm (their AD accounts disabled) to be listed as owners of SharePoint Security Groups.  We are then looking at programmatically removing those user accounts from being the owners of SharePoint security groups and this is we have some questions.

 

Normally as we manually update the ownership of a SharePoint Security Group we cannot leave empty the owners field.  As we look to run PowerShell operations to remove users accounts as owners for several SharePoint Security Groups, what would happen if we do not have a replacement account to become the new SharePoint Security Group Owner, will the PowerShell operation throw some sort of error that the existing account cannot be removed as since group ownership cannot be left unpopulated? Thank you!

2 Replies
Highlighted

@Juan M Baena AFAIK, using Powershell you can only change a Group owner but I am not sure if Powershell has any option to remove a Group owner without providing a replacement owner. Below is what happens if you do it through UI.

 

If a user is owner of 2 groups (Let's say Group A & B). Now if you remove that user from the Site collection user info list (https://sitecollectionurl/_layouts/15/people.aspx?MembershipGroupId=0), then SharePoint will add you as the owner of the Group A & B. You need to be Site collection admin to try this out.

 

Try to configure Site collection Owner group as the group owner for all the groups instead of keeping a persons name?

 

Highlighted

@unnie ayilliath thank you we need to do some testing on this scenario just thought to ask beforehand to get a better idea of what to expect.