SharePoint Online: PowerShell to Get Site Collection Administrators

Requirement:  SharePoint Online PowerShell to List All Site Collection Administrators.

SharePoint Online site collection administrators possess full control of the entire site collection – including top-level site, subsites, all lists, and libraries in the site collection. Each SharePoint site collection can have its own Site Collection Administrators, Typically assigned during the time of site collection created by SharePoint Online administrators through the SharePoint Online Admin Center site, as Primary Site Owner and site collection Administrators. Any additional site collection administrators can be added/removed through the site settings page.

How to Get All Site Collection Administrators from the SharePoint Admin Center?

How do I find the collection administrator in SharePoint Online? To get all site collection administrators, log in to SharePoint Admin Center from your favorite browsers like Microsoft Edge or Google Chrome >> Expand “Sites” >> Active Sites >> Select the site from the list >> Click on “Permissions” and then choose “Manage Admins.”

sharepoint online get site collection administrators

Site collection administrators have the same access rights as primary SharePoint site owners, but the only difference is E-mail notifications! Primary site collection administrators will get email notifications such as site collection storage limit warning Emails.

How to get site collection administrators in SharePoint Online from Site Settings?

If you want to get all site collection administrators of a SharePoint Online site, do the following:

  1. Click on the Settings Gear icon and select Site Settings.
  2. On the Site Settings page, click on the “Site Collection Administrators” link under the “Users and Permission” group (Hit this URL shortcut in the browser: /_layouts/15/mngsiteadmin.aspx).
  3. This page gives you the list of site collection administrators on the particular site collection.
    sharepoint online get site collection admin powershell

On modern group-connected sites, site collection administrators are under Settings >> Site Permissions >> Advanced Permissions Settings.

We don’t have Secondary Site Collection Administrators in SharePoint Online. A Site Collection can have one Primary Site owner and additional site collection Administrators!

Now, Let’s use the PowerShell script to get site collection administrators in SharePoint Online.

Get Primary Site Collection Administrator – Owner using PowerShell

Here is how to use the PowerShell script to get site collection administrators in SharePoint Online:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
#Get Primary Owners of All Site collections from the Tenant
Function Get-SPOPrimarySiteOwners($AdminSiteURL, $Cred)
{
    #Setup credentials to connect
    $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
   
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($AdminSiteURL)
    $Ctx.Credentials = $Credentials
  
    #Get the tenant object 
    $Tenant = New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($ctx)
  
    #Get All Site Collections
    $SiteCollections=$Tenant.GetSitePropertiesFromSharePoint(0,$true)
    $Ctx.Load($SiteCollections)
    $Ctx.ExecuteQuery()
 
    #Iterate through Each site collection
    ForEach($Site in $SiteCollections)
    {
        #Get the Site Collection and Audit Objects
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($Site.URL)
        $Ctx.Credentials = $Credentials
        
        #Get the Site collection
        $SiteCollection = $Ctx.Site
        $Ctx.Load($SiteCollection)
        $Ctx.ExecuteQuery()
 
        #Get Site Owner
        $Owner = $SiteCollection.Owner
        $Ctx.Load($Owner)
        $Ctx.ExecuteQuery()
        
        #Output Primary Site owner Details
        $SiteCollection | Select URL, @{Name="Owner Name";Expression={$_.Owner.Title}}, @{Name="Owner Email";Expression={$_.Owner.Email}}
    }
}
  
#Set Parameters
$AdminSiteUrl = "https://Crescent-admin.sharepoint.com/"
$Cred= Get-Credential
 
Get-SPOPrimarySiteOwners -AdminSiteURL $AdminSiteUrl -Cred $Cred

Make sure you have CSOM SDK or SharePoint Online PowerShell Module installed in your local machine prior to executing this script. You can use Windows PowerShell ISE to run the script. It gets the primary site collection administrator using PowerShell in SharePoint Online.

SharePoint Online: PowerShell to Get Site Collection Administrators

You can use the PowerShell cmdlet Get-SPOUser along with the filter IsSiteAdmin property to get the list of Site collection administrators of the given site collection. This gets you both primary site owners and site collection administrators.

#Variables for processing
$AdminURL = "https://Crescent-admin.sharepoint.com/"
$AdminName = "SPAdmin@Crescent.com"
$SiteCollURL="https://Crescent.sharepoint.com/sites/sales"
 
#User Names Password to connect 
$Password = Read-host -assecurestring "Enter Password for $AdminName" 
$Credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName, $Password

#Connect to SharePoint Online
Connect-SPOService -url $AdminURL -credential $Credential

#Get the Site colection
$SiteColl = Get-SPOSite $SiteCollURL
    
#sharepoint online powershell get all site collection admins
$SiteAdmins = Get-SPOUser -Site $SiteCollURL -Limit ALL | Where { $_.IsSiteAdmin -eq $True}
foreach($Admin in $SiteAdmins)
{
    Write-host $Admin.LoginName        
}

PowerShell to Get Site Collection Administrators of All Site Collections in SharePoint Online

Let’s add some error handling and get the site collection administrators from all site collections.

#Variables for processing
$AdminURL = "https://Crescent-admin.sharepoint.com"
$AdminName = "spadmin@Crescent.com"
 
#User Names Password to connect 
$Password = Read-host -assecurestring "Enter Password for $AdminName" 
$Credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName, $Password

Try {
    #Connect to SharePoint Online
    Connect-SPOService -url $AdminURL -credential $Credential

    #Get all Site colections
    $Sites = Get-SPOSite -Limit ALL

    Foreach ($Site in $Sites)
    {
        Write-host $Site.URL
    
        #Get all Site Collection Administrators
        $SiteAdmins = Get-SPOUser -Site $Site.Url -Limit ALL | Where { $_.IsSiteAdmin -eq $True}
        foreach($Admin in $SiteAdmins)
        {
            Write-host $Admin.LoginName        
        }
    }
}
catch {
    write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}

Get All Site Collection Administrators using PnP PowerShell in SharePoint Online

With PnP PowerShell, site collection administrators can be retrieved with the Get-PnPSiteCollectionAdmin cmdlet. Here is the SharePoint Online PowerShell to get all site collection admins:

You must have site collection Admin rights, in order to get existing site collection administrators of a SharePoint Online site through PowerShell! You may get error “Get-PnPSiteCollectionAdmin : The remote server returned an error: (403) Forbidden.” if you are not!
#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get Site Collection Administrators
Get-PnPSiteCollectionAdmin

This PnP PowerShell script gets all site collection administrators of a given site collection. To obtain site collection administrators of all sites in the tenant, use the following:

#Set Variables
$SiteURL = "https://crescent.sharepoint.com"

#Get Credentials to connect
$Cred = Get-Credential

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials $Cred

#Get All Site collections  
$SitesCollection = Get-PnPTenantSite

#Loop through each site collection
ForEach($Site in $SitesCollection)  
{  
    Write-host -F Green "Site Collection Administrators of site: " $Site.Url  
    Connect-PnPOnline -Url $Site.Url -Credentials $Cred
  
    #Get Site Collection administrators of the site
    Get-PnPSiteCollectionAdmin
}

Get Site Collection Administrators from Group Connected Sites

If a site is group-connected, You’ll see just the “Group Owners” in the above script outputs. Here is how to expand and get owners from the group:

#Set Variables
$AdminSiteURL = "https://crescent-admin.sharepoint.com"
 
#Connect to Admin Center
Connect-PnPOnline -Url $AdminSiteURL -Interactive
  
#Get All Site collections - Exclude: Seach Center, Mysite Host, App Catalog, Redirect, Content Type Hub, eDiscovery and Bot Sites
$SiteCollections = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")
 
#Loop through each site collection
ForEach($Site in $SiteCollections) 
{ 
    Write-host -F Yellow "Getting Site Collection Administrators of the site: " $Site.Url 
    Connect-PnPOnline -Url $Site.Url -Interactive
    
    #Get Site Collection Administrators
    $SiteAdminstrators = @()
    Get-PnPSiteCollectionAdmin -PipelineVariable Admin | ForEach-Object {
        If($_.PrincipalType -eq "SecurityGroup")
        {
            #Get Members of the Group
            $Group = Get-PnPMicrosoft365Group -IncludeOwners | Where {$_.Mail -eq $Admin.Email}
            $Group.Owners | Select Email | ForEach-Object {
                $SiteAdminstrators += $_.Email
            }
        }
        Else
        {
            $SiteAdminstrators += $Admin.Email
        }
    }
    #Get Site Collection Administrators of the Site
    $SiteAdminstrators | select -Unique
}

If you need to export all site collection administrators to a CSV file, refer: Export SharePoint Online Site Collection Administrators to CSV

How do I add a site collection administration in SharePoint online using PowerShell?

To add a SharePoint site collection administrator, use: E.g., “Set-SPOUser -site $SiteURL -LoginName ‘UPN of the user’ -IsSiteCollectionAdmin $True” in SharePoint Online Management Shell or Add-PnPSiteCollectionAdmin / Set-PnPTenantSite cmdlets using PnP PowerShell. You can also use the Client-side object model to set the “IsSiteAdmin” property of the user to set a site collection Administrator.
More info: SharePoint Online PowerShell to add site collection administrator

How do I delete a collection admin in SharePoint Online?

You can use the SharePoint Online admin center, site settings page, or PowerShell scripts to remove a site collection administrator from the SharePoint Online site.
More info: Remove site collection administrator in SharePoint Online

How do I change the primary admin in SharePoint Online?

You can change the site owner through the SharePoint Admin center by selecting the site collection, clicking on “Permissions” and then “Manage Admins”. On the “Manage Administrators” panel, You can change the primary site collection administrator – Site owner by setting them as “Primary Admin”.
More Info: How to Change Site Owner (Primary Admin) in SharePoint Online?

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

One thought on “SharePoint Online: PowerShell to Get Site Collection Administrators

  • Consider the scenario where a site collection membership is based on a M365 group that’s been deleted. Reporting site administrators here will not work as the group will no longer resolve. In these cases, you may want to instead report the owner as the person who’s created the site as an alternative.

    A check for whether or not the $SiteAdminstrators variable is empty could be followed up with a query for the root web’s author as shown below:

    $spSite = Get-PnPSite -Includes RootWeb.Author
    $SiteAdminstrators += $spSite.RootWeb.Author.Email

    It’s not perfect but presumably to be better than blank in these fringe cases.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *