SharePoint Online: Set Active Directory Security Group as Site Collection Administrator using PowerShell
Requirement: Add active directory security group to SharePoint online site collection administrator group.
PowerShell to Add AD Security group as Site Collection Administrator:
Step 1: Get AD Security Group’s ID
We need the ID of the AD group first. Use the PowerShell script to retrieve the ID, make sure you have Azure AD module installed.
$GroupName = "Opera"
#Connect to Azure AD
Connect-AzureAD -Credential (Get-Credential)
#Get Security Group's SID
Get-AzureADGroup -SearchString $GroupName | Select DisplayName, ObjectId | Format-table
This script gets IDs of all AD security groups with the given name. Copy the ID for the group.
Step 2: Add Active Directory Group to SharePoint Online Site Collection Administrator’s Group
Now, Use this PowerShell script to add the AD group as site collection administrator
#Variables
$AdminURL = "https://crescent-admin.sharepoint.com/"
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ADGroupID = "3645e787-4f3e-44da-8b60-4fe9e32c5a24"
$LoginName = "c:0t`.c`|tenant`|$ADGroupID"
Try {
#Connect to SharePoint Online
Connect-SPOService -url $AdminURL -Credential (Get-Credential)
$Site = Get-SPOSite $SiteURL
Write-host -f Yellow "Adding AD Group as Site Collection Administrator..."
Set-SPOUser -site $Site -LoginName $LoginName -IsSiteCollectionAdmin $True
Write-host -f Green "Done!"
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
Similarly, You can add AD group to all site collections in the tenant as:
#Import-Module Microsoft.Online.SharePoint.PowerShell
#Variables
$AdminURL = "https://crescent-admin.sharepoint.com/"
$ADGroupID = "3645e787-4f3e-44da-8b60-4fe9e32c5a24"
$LoginName = "c:0t`.c`|tenant`|$ADGroupID"
Try {
#Connect to SharePoint Online
Connect-SPOService -url $AdminURL -Credential (Get-Credential)
#Get All Site Collections
$Sites = Get-SPOSite -Limit ALL -IncludePersonalSite:$False
Foreach ($Site in $Sites)
{
Write-host "Adding Site Collection Admin for:"$Site.URL
Set-SPOUser -site $Site -LoginName $LoginName -IsSiteCollectionAdmin $True | Out-Null
}
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
You can also use PowerShell CSOM script to add site collection administrators SharePoint Online: Add Site Collection Administrator using PowerShell
I noticed that you didn’t include a PnP version of these commands. I found a PnP solution here that I adapted: https://sharepoint.stackexchange.com/a/268257.
——————————————————————-
# Set mode
$mode = ‘test’ # ‘execute’ #
# Sites with permissions being changed
$sitescsvfilepath = ‘fullpath1’
$sites = Import-Csv -Path $sitescsvfilepath
# Groups to be added with permissions to each site
$groupscsvfilepath = ‘fullpath2’
$groups = Import-Csv -Path $groupscsvfilepath
foreach($site in $sites.siteurls){
Write-host “Connecting to $site…”
Connect-PNPOnline -Url $site -UseWebLogin
Get-PnPSiteCollectionAdmin
$web = Get-PnPWeb
foreach ($group in $groups.groupids) {
Try {
$azureADGroup = “c:0t.c|tenant|$group”
$user = Get-PnPUser -Identity $azureADGroup
If ($mode -eq ‘test’)
{
Write-host -f Yellow “Would add $($user.title) as site collection admin”
}
Elseif ($mode -eq ‘execute’)
{
Add-PnPSiteCollectionAdmin -Owners $user.LoginName
Write-host -f Green “Added $($user.title) as site collection admin successfully”
}
}
Catch {
write-host -f Red “Error… $($_.Exception.Message)”
}
}
}
Write-Host ‘Done !’