Office 365: Add or remove account fron SharePoint Site collection administrators
When you have to manage Office 365 tenant, it could be useful to set or remove user account (or group) as Site collection administrator. The basic case for that request is for Support delegation or Technical service account This small PowerShell script can be used and adapt if required to do that change in the 2 ways (add or remove): [string]$username = "YourAdminAccount@yourtenant.onmicrosoft.com" [string]$PwdTXTPath = "C:\SECUREDPWDFOLDER\ExportedPWD-$($username).txt" [string]$CompteouGroupeAADavecGUIDO365= "c:0-.f|rolemanager|s-1-5-21-1575671886-733387139-3803724931-1933543" [string]$CompteIdentifiantSP201X= "i:0#.f|membership|myUserLogin@mydomain.com" [string]$Compteavecsimplelogin= "loginAdmin@yourtenant.onmicrosoft.com" function Load-DLLandAssemblies { [string]$defaultDLLPath = "" # Load assemblies to PowerShell session $defaultDLLPath = "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll" [System.Reflection.Assembly]::LoadFile($defaultDLLPath) $defaultDLLPath = "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll" [System.Reflection.Assembly]::LoadFile($defaultDLLPath) $defaultDLLPath = "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" [System.Reflection.Assembly]::LoadFile($defaultDLLPath) } function ChangeUserStatusForSiteCollectionAdmin { Param( [string]$SiteCollURL, [string]$LoginToSet, [boolean]$ToSiteCollAdminorNot ) if ($ToSiteCollAdminorNot) { Set-SPOUser -Site $SiteCollURL -LoginName $LoginToSet -IsSiteCollectionAdmin $ToSiteCollAdminorNot; Write-Host " >>>>>>>>", $LoginToSet, " - is now part of Site Collection Collection admins" -foregroundcolor green; } else { try { $CheckUserList = $Null $CheckUserList = Get-SPOUser -Site $SiteCollURL -LoginName $LoginToSet Set-SPOUser -Site $SiteCollURL -LoginName $CheckUserList.LoginName -IsSiteCollectionAdmin $ToSiteCollAdminorNot; Write-Host " >>>>>>>>", $CheckUserList.LoginName, " - Set to Site Collection Collection admin: ", $ToSiteCollAdminorNot -foregroundcolor green; } catch { write-host " >>>> $LoginToSet ---Error info: $($_.Exception.Message)" -foregroundcolor red } } } cls Write-Host " ---------------------------------------------- " Load-DLLandAssemblies Write-Host " ---------------------------------------------- " $secureStringPwd = ConvertTo-SecureString -string (Get-Content $PwdTXTPath) $adminCreds = New-Object System.Management.Automation.PSCredential $username, $secureStringPwd Connect-SPOService –Url “https://yourtenant-admin.sharepoint.com” -credential $adminCreds -ErrorAction SilentlyContinue -ErrorVariable Err #Retrieve all site collection infos $sitesInfo = Get-SPOSite -Template "STS#0" -Limit ALL | Sort-Object -Property url | Select * [int]$i = 1; foreach ($site in $sitesInfo) { Write-Host "SiteColl Number:", $i, "- of:", $sitesInfo.Count; $i += 1; Write-Host "SPO Site collection:", $site.Url, "- Title:", $site.Title ChangeUserStatusForSiteCollectionAdmin $site.Url $Compteavecsimplelogin $false Remove-SPOUser -Site $site.Url -LoginName $Compteavecsimplelogin; #If you want to remove all reference to the account ChangeUserStatusForSiteCollectionAdmin $site.Url $CompteIdentifiantSP201X $false Remove-SPOUser -Site $site.Url -LoginName $CompteIdentifiantSP201X; #If you want to remove all reference to the account ChangeUserStatusForSiteCollectionAdmin $site.Url $CompteouGroupeAADavecGUIDO365 $true } You can use or adap it depending of your local need. Be careful with the "Group sites" which are not only SharePoint sites, but more a mix between many other components from Office 365 (SP, AAD, Exchange, ...), so that script is clearly not enough in that case. Fabrice Romelard [MVP] Reference source: https://techcommunity.microsoft.com/t5/SharePoint/Office-365-Add-accounts-into-the-Site-collection-administrators/m-p/58186#M5615 Original post in french: Office 365: Ajouter ou retirer des comptes utilisateurs des administrateurs de collections de site via PowerShell
