In this article, I am describing how to add site collection administrator to your SharePoint sites. I use this script, when I need to supply an application service for a new customer. I recommend running this script periodically (every day), so it is ensured, that you have access to new sites later also.
You will learn how to add a user and an AD group to the site collection administrators.
Table of Contents
Prerequisites
Before you can add a site collection administrator to a site collection, you need to ensure the following:
- PowerShell Module Microsoft.Online.SharePoint.PowerShell has to be installed — You can read how to install it here: SharePointOnlinePowerShell: How to connect to SharePoint (sposcripts.com)
- SharePoint Administrator Role
Scheduled runs
When you run the scripts below, it is only for the current existing sites, but since the departments won’t stop create sites, e.g. by creating a new team in Microsoft Teams, it makes sense to schedule the scripts. If you want to schedule the scripts, ensure that the connection to the tenant is not interactive, by exporting the credentials locally with the service user, which you will run to schedule the script and import the credential in your script. Only the user who exported the credentials object, can read the credential object on the same machine.
Before you schedule the script, export your service user credential with this cmdlets (change the path before running):
Get-Credential |Export-Clixml "C:\Users\Serkar\Desktop\devmod.key"You will be prompted for credentials and after this, a file will be created.
Use this credential object before you connect to SharePoint like this:
$Credential = Import-Clixml "C:\Users\Serkar\Desktop\devmod.key"
And connect to SharePoint Online like this:
Connect-SPOService -Url $TenantUrl -Credential $CredentialI wrote a detailed article about this. If you want to deepen your knowledge, check it out: Use credentials in PowerShell | SPO Scripts
In the end of this article, I have also provided a script, which shows you how the script has to look, if you want to schedule it periodically.
Add a user as a site colllection adminstrator
If you want to add a user as a site collection administrator, you can do it like this:
Please change the values of the variables.
Connect-SPOService -Url "https://devmodernworkplace-admin.sharepoint.com/" $User = "[email protected]" $SiteUrl = "https://devmodernworkplace.sharepoint.com/sites/Sales" Set-SPOUser -Site $SiteUrl -LoginName $User -IsSiteCollectionAdmin $true
Add an AD group as a site collection administrators
If you want to add the AD group to the site collection adminstrators, you need the Object ID of the group. You can look it up like this:
Visit https://portal.azure.com
For this purpose I want to add the IT AD security group to the site collection administrators.
Take a note of the Object Id
With the Object ID, we can add a group as a site collection administrator:
Connect-SPOService -Url "https://devmodernworkplace-admin.sharepoint.com/" $Group = "C:0t.c|tenant|df8e0958-7882-4835-b6a4-cc877922a1f8" $SiteUrl = "https://devmodernworkplace.sharepoint.com/sites/Sales" Set-SPOUser -Site $SiteUrl -LoginName $Group -IsSiteCollectionAdmin $true
Add a user as a site collection administrator to all site collections
If you want to add a single user as a site collection administrator, you can use this script:
$TenantUrl = "https://devmodernworkplace-admin.sharepoint.com/" $User = "[email protected]" Connect-SPOService -Url $TenantUrl $SPOSites = Get-SPOSite foreach ($SPOSite in $SPOSites) { Set-SPOUser -Site $SPOSite.Url -LoginName $User -IsSiteCollectionAdmin $true }
Add an AD group as a site collection administrator to all site collections
$TenantUrl = "https://devmodernworkplace-admin.sharepoint.com/"
$Group = "C:0t.c|tenant|df8e0958-7882-4835-b6a4-cc877922a1f8"
Connect-SPOService -Url $TenantUrl
$SPOSites = Get-SPOSite
foreach ($SPOSite in $SPOSites)
{
Set-SPOUser -Site $SPOSite.Url -LoginName $Group -IsSiteCollectionAdmin $true
}
Scheduled runs: Add an AD group as a site collection administrator to all site collections
If you run this script, you won’t get any prompt from PowerShell, but you have to ensure, that you have exported the credential object before, otherwise the script will not work.
$TenantUrl = "https://devmodernworkplace-admin.sharepoint.com/"
$Group = "C:0t.c|tenant|df8e0958-7882-4835-b6a4-cc877922a1f8"
$Credential = Import-Clixml -Path "C:\Users\Serkar\Desktop\devmod.key"
Connect-SPOService -Url $TenantUrl -Credential $Credential
$SPOSites = Get-SPOSite
foreach ($SPOSite in $SPOSites)
{
Set-SPOUser -Site $SPOSite.Url -LoginName $Group -IsSiteCollectionAdmin $true
}
Pingback: Get all sites and subsites in SharePoint: 2 PowerShell scripts