SharePoint Online: Remove Site Collection Administrator using PowerShell

Requirement: Remove Site collection Administrator using PowerShell in SharePoint Online.

How to remove site collection administrator(s) in SharePoint Online?
Site collection administrators in SharePoint Online have full control for the entire site collection, including the root site and all the sub-sites, lists and libraries in the site collection. To remove a site collection admin, follow these steps:
  • Login to SharePoint Online site as a SharePoint Online Administrator or Site collection Administrator
  • Click on Settings gear and then Site Settings
  • On the site settings page, click on "Site Collection Administrators" link
    SharePoint Online PowerShell to Remove Site Collection Administrator
  • Remove unwanted users from the site collection administrators and click on "OK" to save your changes.

Remove a site owner from SharePoint Online Admin Center
You can also remove a site collection administrator from SharePoint admin center.
  • Login to SharePoint admin Center at https://<yourtenant>-admin.sharepoint.com
  • Expand Sites >> Active Sites >> Select the site from which you want to remove site collection administrators from.
  • In the site properties panel, click on the "Permissions" tab >> Click on "Site admins" and click on Manage.
    remove site collection administrator powershell sharepoint online
  • Now, you can remove any site collection administrator by clicking on little x icon. Please note, you can't remove the primary admin of the site ( and you have to make someone else as primary admin first to remove existing site admin from SharePoint Online site).
    PnP PowerShell to remove site collection administrator in sharepoint online
This is how we can remove the site collection admin from a SharePoint Online site.

SharePoint Online: PowerShell to Remove Site Collection Administrator
To remove a user from site collection administrators rights for a particular SharePoint Online site collection, use this PowerShell script in SharePoint Online Management Shell:
#Variables for processing
$AdminURL = "https://crescent-admin.sharepoint.com/"
$AdminAccount="[email protected]"

#Connect to SharePoint Online
Connect-SPOService -url $AdminURL -credential (Get-Credential)

#Get the Site Collection
$Site = Get-SPOSite "https://crescent.sharepoint.com/sites/marketing"

#Remove user from site collection admin
Set-SPOUser -site $Site -LoginName $AdminAccount -IsSiteCollectionAdmin $False 

Remove Site Collection Admin from All Site Collections:
Lets scan all site collections and remove a particular user from site collection admin.
Import-Module Microsoft.Online.Sharepoint.PowerShell -DisableNameChecking

#Variables for processing
$AdminURL = "https://crescent-admin.sharepoint.com/" 
$AdminAccount="[email protected]"

#Connect to SharePoint Online
Connect-SPOService -url $AdminURL -credential (Get-Credential)

#Get All Site Collections
$Sites = Get-SPOSite -Limit ALL

#Loop through each site and add site collection admin
Foreach ($Site in $Sites)
{
    Write-host "Scanning site:"$Site.Url -f Yellow
    #Get All Site Collection Administrators
    $Admins = Get-SPOUser -Site $site.Url | Where {$_.IsSiteAdmin -eq $true}

    #Iterate through each admin
    Foreach($Admin in $Admins)
    {
        #Check if the Admin Name matches
        If($Admin.LoginName -eq $AdminAccount)
        {
            #Remove Site collection Administrator
            Write-host "Removing Site Collection Admin from:"$Site.URL -f Green
            Set-SPOUser -site $Site -LoginName $AdminAccount -IsSiteCollectionAdmin $False
        }
    }
}

Remove user from Site Collection Administrator group using PowerShell - CSOM:
Other than SharePoint Online management shell, we can also use CSOM code in PowerShell to remove a site collection administrator.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Variables for Processing
$SiteURL = "https://crescent.sharepoint.com/Sites/marketing"
$UserAccount="i:0#.f|membership|[email protected]"

#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $Cred

$User = $Ctx.Web.EnsureUser($UserAccount)
$User.IsSiteAdmin = $False
$User.Update()
$Ctx.ExecuteQuery()

Site Collection Administrator in SharePoint Online Modern Team sites and Groups
In SharePoint Online Modern team sites & Groups Sites, "Site collection Administrators" link in hidden from UI, However you can access it by URL: https://tenant.sharepoint.com/sites/sitename/_layouts/15/mngsiteadmin.aspx and remove site collection admin or use PowerShell as given above!

PnP PowerShell to Remove Site Collection Admin
To remove a user from site collection administrators permissions, use:
#Connect to PNP Online
Connect-PnPOnline -Url "https://crescent.sharepoint.com/sites/marketing" -Credentials (Get-Credential)

#Remove Site Collection Administrator
Remove-PnPSiteCollectionAdmin -Owners "[email protected]"
You can remove multiple Administrators from the site collection as:
Remove-PnPSiteCollectionAdmin -Owners @("[email protected]", "[email protected]")
How about removing a user from the site collection admins group of all sites in the tenant?
#Parameters
$TenantAdminURL = "https://Crescent-Admin.SharePoint.com"
$LoginID = "i:0#.f|membership|[email protected]"

#Get Credentials to Connect
$Cred = Get-Credential

#Connect to Tenant Admin
Connect-PnPOnline $TenantAdminURL -Credentials $Cred

#Loop through All Site Collections
Get-PnPTenantSite | ForEach-Object {
    Write-Host "Processing Site $($_.Url)..."
    Connect-PnPOnline $_.Url -Credentials $Cred
    $User = Get-PnPUser | Where { $_.LoginName -like $LoginID}
    If($User -ne $Null)
    {
        Remove-PnPSiteCollectionAdmin -Owners $LoginID
        Write-Host "`tRemoved user from Site Collection Administrator Group!" -f Green
    }
}

To add a new site collection administrator in SharePoint Online, use this article: SharePoint Online: Add Site Collection Administrator using PowerShell

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.