a woman, who is thinking about tech stuff

SharePoint PowerShell add site collection administrator

  • Reading time:4 mins read
  • Post author:
  • Post category:SharePoint
  • Post comments:1 Comment

In this article, I am describing how to add site collection administrator to your SharePoint sites. I use this script, when I need to supply an application service for a new customer. I recommend running this script periodically (every day), so it is ensured, that you have access to new sites later also.

You will learn how to add a user and an AD group to the site collection administrators.

Prerequisites

Before you can add a site collection administrator to a site collection, you need to ensure the following:

Scheduled runs

When you run the scripts below, it is only for the current existing sites, but since the departments won’t stop create sites, e.g. by creating a new team in Microsoft Teams, it makes sense to schedule the scripts. If you want to schedule the scripts, ensure that the connection to the tenant is not interactive, by exporting the credentials locally with the service user, which you will run to schedule the script and import the credential in your script. Only the user who exported the credentials object, can read the credential object on the same machine.

Before you schedule the script, export your service user credential with this cmdlets (change the path before running):

Get-Credential |Export-Clixml "C:\Users\Serkar\Desktop\devmod.key"

You will be prompted for credentials and after this, a file will be created.

Use this credential object before you connect to SharePoint like this:

$Credential = Import-Clixml "C:\Users\Serkar\Desktop\devmod.key"

And connect to SharePoint Online like this:

Connect-SPOService -Url  $TenantUrl -Credential $Credential

I wrote a detailed article about this. If you want to deepen your knowledge, check it out: Use credentials in PowerShell | SPO Scripts

In the end of this article, I have also provided a script, which shows you how the script has to look, if you want to schedule it periodically.

Add a user as a site colllection adminstrator

If you want to add a user as a site collection administrator, you can do it like this:

Please change the values of the variables.

Connect-SPOService -Url  "https://devmodernworkplace-admin.sharepoint.com/"
$User = "Serkar@devmodernworkplace.onmicrosoft.com"
$SiteUrl = "https://devmodernworkplace.sharepoint.com/sites/Sales"

Set-SPOUser -Site $SiteUrl -LoginName $User -IsSiteCollectionAdmin $true

Add an AD group as a site collection administrators

If you want to add the AD group to the site collection adminstrators, you need the Object ID of the group. You can look it up like this:

Visit https://portal.azure.com

Azure Portal home
Azure active directory groups

For this purpose I want to add the IT AD security group to the site collection administrators.

Screenshot of an ad group, which I want to add as a site collection administrator

Take a note of the Object Id

Object ID of the ad group, which will be added as site collection administrator

With the Object ID, we can add a group as a site collection administrator:

Connect-SPOService -Url  "https://devmodernworkplace-admin.sharepoint.com/"
$Group = "C:0t.c|tenant|df8e0958-7882-4835-b6a4-cc877922a1f8"
$SiteUrl = "https://devmodernworkplace.sharepoint.com/sites/Sales"

Set-SPOUser -Site $SiteUrl -LoginName $Group -IsSiteCollectionAdmin $true

Add a user as a site collection administrator to all site collections

If you want to add a single user as a site collection administrator, you can use this script:

$TenantUrl = "https://devmodernworkplace-admin.sharepoint.com/"
$User = "Serkar@devmodernworkplace.onmicrosoft.com"

Connect-SPOService -Url  $TenantUrl 

$SPOSites = Get-SPOSite 

foreach ($SPOSite in $SPOSites)
{
    Set-SPOUser -Site $SPOSite.Url -LoginName $User -IsSiteCollectionAdmin $true
}

Add an AD group as a site collection administrator to all site collections

$TenantUrl = "https://devmodernworkplace-admin.sharepoint.com/"
$Group = "C:0t.c|tenant|df8e0958-7882-4835-b6a4-cc877922a1f8"

Connect-SPOService -Url  $TenantUrl 

$SPOSites = Get-SPOSite 

foreach ($SPOSite in $SPOSites)
{
    Set-SPOUser -Site $SPOSite.Url -LoginName $Group -IsSiteCollectionAdmin $true
}

Scheduled runs: Add an AD group as a site collection administrator to all site collections

If you run this script, you won’t get any prompt from PowerShell, but you have to ensure, that you have exported the credential object before, otherwise the script will not work.

$TenantUrl = "https://devmodernworkplace-admin.sharepoint.com/"
$Group = "C:0t.c|tenant|df8e0958-7882-4835-b6a4-cc877922a1f8"

$Credential = Import-Clixml -Path "C:\Users\Serkar\Desktop\devmod.key"

Connect-SPOService -Url  $TenantUrl -Credential $Credential

$SPOSites = Get-SPOSite 

foreach ($SPOSite in $SPOSites)
{
    Set-SPOUser -Site $SPOSite.Url -LoginName $Group -IsSiteCollectionAdmin $true
}

Website vector created by stories – www.freepik.com

This Post Has One Comment

Leave a Reply