Home > > SharePoint Online: Add Site Collection Administrator using PowerShell

SharePoint Online: Add Site Collection Administrator using PowerShell

, , , , , , Last updated: 2020-11-16T09:04:05Z
Requirement: Add Site Collection Administrator in SharePoint Online.

Site Collection Administrator in SharePoint Online
SharePoint site collection administrators have Full access rights to manage all sites under a site collection. When creating a site collection, a Global Administrator or SharePoint Online Administrator will automatically become the primary site collection admin. A SharePoint online site collection can have several administrators, but only one primary administrator, unlike SharePoint on-premises.

It is possible to add multiple site collection admins for any SharePoint site collection. To add additional site collection administrator in SharePoint online, you must be either Global Administrator or SharePoint online Site Collection Administrator of the particular site collection.

How to add site collection administrator in SharePoint Online? 
To add a user to site collection administrator in SharePoint Online, do the following:
  • Navigate to your SharePoint Online administration center >> Click on Active Sites (E.g. https://crescentintranet-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx)
  • Select the site collection, click on the "Permissions" button from the ribbon, and then click on the "Manage Admins" menu item.
    sharepoint online powershell add site collection administrator
  • This brings the "Manage admins" page where you can add multiple site collection administrators. Also, it provides the option to change the primary site collection administrator.
    sharepoint online powershell set site collection administrator
  • Once you have added the new user press OK to save the changes and any new Site Collection Administrator will have full rights to every site and sub-site within that Site Collection.
Alternatively, Once the site collection is created, You can also navigate to Site Settings >> Site collection administrators link to add additional site collection administrators. Direct link: https://tenant.sharepoint.com/sites/siteurl/_layouts/15/mngsiteadmin.aspx
sharepoint online add site collection administrator powershell


Quite easy, isn't it? Well, It's easy for one single site collection. However, there is a problem when you have a large number of site collections. Say, you have 100s of SharePoint Online site collections, You can't simply select all of your site collections and add a site collection administrator to all of them at one shot! So, let's see how to add a site collection administrator in SharePoint Online using PowerShell.

Add Site Collection Administrator in Modern / Group Connected SharePoint Online Sites:
In group connected modern team sites, "Site collection Administrators" link in site settings page is hidden. The Office 365 Group Owner is configured as the site collection administrator, by default. So you can add any user to owners group of the Office 365 group in order to make them site collection administrator or use the below steps to add additional site collection admins.

  • Click on Settings gear >> Site Permissions >> Click on "Advanced permissions settings"
  • Click on ""Site Collection Administrators" button in the ribbon.
    sharepoint online powershell add group site collection administrator

Anyway, In SharePoint Online, site collection administrators to be added on a site collection by site collection basis, as there are no web application level users policies can be set from Central Administration as we do in SharePoint on-premises. So, the solution is: Using PowerShell to add a site collection administrator in SharePoint online!

PowerShell Script to Add Site Collection Administrator in SharePoint Online:
Here is the PowerShell for SharePoint online to add site collection administrator 

#Variables for processing
$AdminURL = "https://crescent-admin.sharepoint.com/"
$AdminName = "[email protected]"
$SiteCollURL = "https://crescent.sharepoint.com/sites/Sales/"
$SiteCollectionAdmin = "[email protected]"

#User Names Password to connect 
#$SecurePWD = read-host -assecurestring "Enter Password for $AdminName" 
$SecurePWD = ConvertTo-SecureString "Password1" –asplaintext –force  
$Credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName, $SecurePWD
 
#Connect to SharePoint Online
Connect-SPOService -url $AdminURL -credential $Credential

#Add Site collection Admin
Set-SPOUser -site $SiteCollURL -LoginName $SiteCollectionAdmin -IsSiteCollectionAdmin $True
This PowerShell also works when you want to add a group as a site collection administrator in SharePoint Online.

Add Site Collection Admin to All SharePoint Online Sites using PowerShell:
SharePoint Online PowerShell to add a site collection administrator for all site collections.
#Variables for processing
$AdminURL = "https://Crescent-admin.sharepoint.com/"
$AdminName = "[email protected]"
 
#User Names Password to connect 
$Password = Read-host -assecurestring "Enter Password for $AdminName" 
$Credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName, $Password

#Connect to SharePoint Online
Connect-SPOService -url $AdminURL -credential $Credential

$Sites = Get-SPOSite -Limit ALL

Foreach ($Site in $Sites)
{
    Write-host "Adding Site Collection Admin for:"$Site.URL
    Set-SPOUser -site $Site -LoginName $AdminName -IsSiteCollectionAdmin $True
}
To Remove a Site Collection Admin, use Set-SPOUser cmdlet with -IsSiteCollectionAdmin $false parameter! Here is how: Remove Site Collection Administrator in SharePoint Online with PowerShell

Change Primary Site Collection Administrator using PowerShell:
SharePoint Online PowerShell to set site collection administrator 
#Variables for processing
$AdminURL = "https://crescent-admin.sharepoint.com/"
$AdminName = "[email protected]"
$SiteCollURL = "https://crescent.sharepoint.com/sites/Sales"
$NewSiteAdmin = "[email protected]"

#User Names Password to connect 
$SecurePWD = ConvertTo-SecureString "Password1" –asplaintext –force  
$Credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName, $SecurePWD
 
#Connect to SharePoint Online
Connect-SPOService -url $AdminURL -credential $Credential

#Change Site Collection Primary Admin
Set-SPOSite -Identity $SiteCollURL -Owner $NewSiteAdmin -NoWait

Add Site Collection Administrator to Group/Modern Sites
Here is the script to use in "SharePoint Online Management Shell" to add site collection admins to all sites including Modern Team sites.
#Variables for processing
$AdminURL = "https://crescent-admin.sharepoint.com/" 
$AdminName="[email protected]"

#Connect to SharePoint Online
Connect-SPOService -url $AdminURL -credential (Get-Credential)

#Get All Site Collections
$Sites = Get-SPOSite -Limit ALL

#Loop through each site and add site collection admin
Foreach ($Site in $Sites)
{
    Write-host "Adding Site Collection Admin for:"$Site.URL
    Set-SPOUser -site $Site.Url -LoginName $AdminName -IsSiteCollectionAdmin $True
}
You can apply a filter to site collections to get all site collections of a specific type. E.g. To get all communication sites, use:
Get-SPOSite -Template SITEPAGEPUBLISHING#0
Similarly, you can filter site collections and add site collection admins as:
$Sites = Get-SPOSite -Limit All | Where {$_.Url -like 'https://crescent.sharepoint.com/sites/Project*'}

Add Site Collection Administrator using PowerShell CSOM:
Other than SharePoint Online Management Shell, we can also use the PowerShell CSOM method to add a user to the site collection administrator group. Here is how:
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Variables for Processing
$SiteURL = "https://crescent.sharepoint.com/Sites/marketing"
$UserAccount="i:0#.f|membership|[email protected]"

#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $Cred

$User = $Ctx.Web.EnsureUser($UserAccount)
$User.IsSiteAdmin = $True
$User.Update()
$Ctx.ExecuteQuery()

PnP PowerShell to Add Site Collection Administrator in SharePoint Online
You need to give yourself access to every site collection individually in order to access it. If there are hundreds of them, rather than adding to each site, you can use the PowerShell script to do that. Here is how to add a user as a site collection administrator using PnP PowerShell:
#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"

#Connect to PNP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#add user as site collection administrator powershell sharepoint online
Add-PnPSiteCollectionAdmin -Owners "[email protected]"
Existing site collection admins stay as is! To add more than one site collection admin, use: 
Add-PnPSiteCollectionAdmin -Owners "[email protected]", "[email protected]"

You can also add site collection admin using PnP PowerShell Set-PnPTenantSite as:
#Set Runtime Parameters
$AdminSiteURL="https://crescent-admin.sharepoint.com"
$SiteUrl="https://crescent.sharepoint.com/sites/jackson"
$SiteCollAdmin="[email protected]"
 
#Connect to PnP Online
Connect-PnPOnline -Url $AdminSiteURL -UseWebLogin

#Add Site collection Admin
Set-PnPTenantSite -Url $SiteUrl -Owners $SiteCollAdmin

Add Site Collection Administrator to All Sites in the Tenant:
To Add Site Collection Administrator to All Site Collections in the tenant, use
#Parameters
$TenantAdminURL = "https://crescent-admin.sharepoint.com"
$SiteCollAdmin="[email protected]"
  
#Connect to Admin Center
Connect-PnPOnline -Url $TenantAdminURL -UseWebLogin

#Get All Site collections and Iterate through
$SiteCollections = Get-PnPTenantSite
ForEach($Site in $SiteCollections)
{ 
    #Add Site collection Admin
    Set-PnPTenantSite -Url $Site.Url -Owners $SiteCollAdmin
    Write-host "Added Site Collection Administrator to $($Site.URL)"
}

Related Articles:


Related Posts:

8 comments:

  1. Craig HumphreyNovember 16, 2016 at 6:25 AM

    Note: Get-SPOSite does not return sites created by O365 Groups (& Planner) or Teams, unless you specifically specify the URL of the site... so no enumeration of those sites :(

    ReplyDelete
    Replies
    1. Bastiaan KortenboutJanuary 23, 2018 at 5:20 PM

      Not true. Get-SPOSite does get me SP Sites that belong to an Office Group

      Delete
    2. AnonymousFebruary 2, 2019 at 2:17 AM

      A lot can change in a year and two months.

      Delete
  2. AnonymousSeptember 21, 2017 at 10:54 PM

    How to remove site collection administrators in sharepoint online using powershell.

    ReplyDelete
  3. AnonymousAugust 31, 2018 at 6:28 AM

    Thank you!!
    Very happy!!! :D

    ReplyDelete
  4. VersalOctober 15, 2020 at 11:20 PM

    <3

    ReplyDelete
  5. Jonathan SNovember 23, 2020 at 8:09 PM

    You just saved me hours of manual administrator entry, thank you so much!

    ReplyDelete

Please Login and comment to get your questions answered!

Subscribe to: Post Comments ( Atom )
Powered by Blogger.