SharePoint Online: Set Active Directory Security Group as Site Collection Administrator using PowerShell

Requirement: Add active directory security group to SharePoint online site collection administrator group.

PowerShell to Add AD Security group as Site Collection Administrator:

Step 1: Get AD Security Group’s ID

We need the ID of the AD group first. Use the PowerShell script to retrieve the ID, make sure you have Azure AD module installed.

$GroupName = "Opera"

#Connect to Azure AD
Connect-AzureAD -Credential (Get-Credential)

#Get Security Group's SID
Get-AzureADGroup -SearchString $GroupName | Select DisplayName, ObjectId | Format-table

This script gets IDs of all AD security groups with the given name. Copy the ID for the group.

get ad security group ids

Step 2: Add Active Directory Group to SharePoint Online Site Collection Administrator’s Group

Now, Use this PowerShell script to add the AD group as site collection administrator

#Variables
$AdminURL = "https://crescent-admin.sharepoint.com/"
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ADGroupID = "3645e787-4f3e-44da-8b60-4fe9e32c5a24"

$LoginName = "c:0t`.c`|tenant`|$ADGroupID"

Try {
    #Connect to SharePoint Online
    Connect-SPOService -url $AdminURL -Credential (Get-Credential)
 
    $Site = Get-SPOSite $SiteURL
 
    Write-host -f Yellow "Adding AD Group as Site Collection Administrator..."
    Set-SPOUser -site $Site -LoginName $LoginName -IsSiteCollectionAdmin $True
    Write-host -f Green "Done!"
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

Similarly, You can add AD group to all site collections in the tenant as:

#Import-Module Microsoft.Online.SharePoint.PowerShell

#Variables
$AdminURL = "https://crescent-admin.sharepoint.com/"
$ADGroupID = "3645e787-4f3e-44da-8b60-4fe9e32c5a24"

$LoginName = "c:0t`.c`|tenant`|$ADGroupID"

Try {
    #Connect to SharePoint Online
     Connect-SPOService -url $AdminURL -Credential (Get-Credential)
 
     #Get All Site Collections
     $Sites = Get-SPOSite -Limit ALL -IncludePersonalSite:$False
 
    Foreach ($Site in $Sites)
    {
        Write-host "Adding Site Collection Admin for:"$Site.URL
        Set-SPOUser -site $Site -LoginName $LoginName -IsSiteCollectionAdmin $True | Out-Null
    }
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}
add security group to sharepoint online

You can also use PowerShell CSOM script to add site collection administrators SharePoint Online: Add Site Collection Administrator using PowerShell

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

One thought on “SharePoint Online: Set Active Directory Security Group as Site Collection Administrator using PowerShell

  • May 27, 2021 at 6:21 PM

    I noticed that you didn’t include a PnP version of these commands. I found a PnP solution here that I adapted: https://sharepoint.stackexchange.com/a/268257.

    ——————————————————————-
    # Set mode
    $mode = ‘test’ # ‘execute’ #

    # Sites with permissions being changed
    $sitescsvfilepath = ‘fullpath1’
    $sites = Import-Csv -Path $sitescsvfilepath

    # Groups to be added with permissions to each site
    $groupscsvfilepath = ‘fullpath2’
    $groups = Import-Csv -Path $groupscsvfilepath

    foreach($site in $sites.siteurls){
    Write-host “Connecting to $site…”
    Connect-PNPOnline -Url $site -UseWebLogin
    Get-PnPSiteCollectionAdmin
    $web = Get-PnPWeb

    foreach ($group in $groups.groupids) {
    Try {
    $azureADGroup = “c:0t.c|tenant|$group”
    $user = Get-PnPUser -Identity $azureADGroup
    If ($mode -eq ‘test’)
    {
    Write-host -f Yellow “Would add $($user.title) as site collection admin”
    }
    Elseif ($mode -eq ‘execute’)
    {
    Add-PnPSiteCollectionAdmin -Owners $user.LoginName
    Write-host -f Green “Added $($user.title) as site collection admin successfully”
    }
    }
    Catch {
    write-host -f Red “Error… $($_.Exception.Message)”
    }
    }
    }
    Write-Host ‘Done !’

    Reply

Leave a Reply