OneDrive for Business: How to Remove Site Collection Administrator?

Requirement: Remove user from OneDrive for Business Administrator.

How to Remove User from OneDrive for Business Site Collection?

Site collection administrators have the ability to manage and administer the OneDrive sites within their organization. However, there may be instances where a site collection administrator needs to be removed from their role. This can be done using the Site settings page of the OneDrive or PowerShell script! In this guide, we will provide instructions on how to use PowerShell to remove a site collection administrator from OneDrive for Business.

If you are a site collection admin to a OneDrive site, You can do the following to remove a user from the site collection admin list.

  1. Log in to the target OneDrive for business site >> Click on “Settings” gear >> Choose “OneDrive Settings” from the menu.
  2. Click on “More Settings” and then click on “Site Collection Administrator” under “Manage Access”.
    remove onedrive for business site collection administrators
  3. In the site collection Administrators list, You can add/remove users.
    OneDrive for business remove site collection administrator
  4. Click on “OK” to save your changes.
Please note, You can not remove “Owner” from site collection. By default, site owners are added to the site collection administrators list!

What if you are not a Site Collection Administrator of OneDrive already?

If you don’t have site collection admin rights on a OneDrive for Business site collection, you can’t perform the above steps. So, here is how you can remove a site collection admin using the SharePoint admin center.

  1. Login to SharePoint Online Admin Center at https://<tenant>-admin.sharepoint.com
  2. Click on “More features” and then click on the “Open” button under “User Profiles”
  3. In the User Profiles service application, click on the “Manage User Profiles” link under the “People” group
  4. Search and find the user whom you want to remove site collection administrators. From the search result, click on the menu item “Manage site collection owners” from the context menu.
  5. You can remove additional administrators from the site collection in the “Site Collection Administrators” field. You can also change the primary site collection administrator if you want to remove the owner from OneDrive for Business site. remove site collection admin from onedrive
  6. Click on “OK” to save your changes.

PowerShell to remove OneDrive for Business Administrator

To remove a site collection administrator who is not an owner of the OneDrive site, use this PowerShell script: First, you need to connect to your SharePoint Online tenant using the Connect-SPOService cmdlet and provide your tenant admin credentials. Once connected, you can use the Set-SPOUser cmdlet in the SharePoint Online PowerShell module to remove a site collection administrator for OneDrive for Business.

#Parameters
$AdminCenterURL = "https://Crescent-Admin.SharePoint.com"
$OneDriveSiteURL = "https://crescent-my.sharepoint.com/personal/salaudeen_crescent_com"
$UserAccount = "Steve@Crescent.com"

#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)

#Get the OneDrive for Business Site
$Site = Get-SPOSite $OneDriveSiteURL

#Remove site collection admin
Set-SPOUser -Site $Site -LoginName $UserAccount -IsSiteCollectionAdmin $False

How about removing a user from all OneDrive sites in the tenant where he is added as a site collection admin?

Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

#Parameters
$AdminCenterURL = "https://crescent-admin.sharepoint.com"
$AdminAccount = "Steve@crescent.com"

Try {
    #Connect to SharePoint Online Admin Center
    Connect-SPOService -Url $AdminCenterURL -Credential (Get-Credential)

    #Get All OneDrive for Business Sites in the Tenant
    $OneDriveSites = Get-SPOSite -Limit ALL -includepersonalsite $True -Filter "Url -like '-my.sharepoint.com/personal/'"
     
    #Loop through each OneDrive Site
    Foreach($Site in $OneDriveSites)
    {
        Write-host "Scanning site:"$Site.Url -f Yellow

        #Get All Site Collection Administrators
        $SiteAdmins = Get-SPOUser -Site $Site.Url | Where {$_.IsSiteAdmin -eq $true}

        #Iterate through each admin
        Foreach($Admin in $SiteAdmins)
        {
            #Check if the Admin Name matches
            If($Admin.LoginName -eq $AdminAccount)
            {
                #Remove Site collection Administrator            
                Set-SPOUser -site $Site -LoginName $AdminAccount -IsSiteCollectionAdmin $False | Out-Null
                Write-host "`tRemoved Site Collection Admin from:"$Site.URL -f Green
            }
        }
    }
}
Catch {
    write-host -f Red "Error Removing Site Collection Admin:" $_.Exception.Message
}

To add a site collection administrator to OneDrive for Business sites, How to Add Site collection administrator to OneDrive for Business using PowerShell?

Conclusion

In conclusion, it’s important to manage site collection administrators in OneDrive for Business to ensure that the right people have the necessary access and permissions to manage the sites and files within your organization. By using the methods and PowerShell script explained above, you can easily remove site collection administrators from OneDrive for Business. Overall, PowerShell is a quick and effective way to manage OneDrive for Business site collection administrators, keeping your organization’s data secure and well-maintained.

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

9 thoughts on “OneDrive for Business: How to Remove Site Collection Administrator?

  • Legend – This worked perfectly for me, thanks!

    Reply
  • Is there a way to skip the users that doesn’t have more than 1 administrator? I used yours script to add me as administrator to all users, and theres like 1900 users here, but now that I’m trying to remove me, it keeps getting the error of (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), sometimes it starts removing from 2 – 5 users, then it gets the error because it tried on a different user.

    Reply
    • To add/remove a site collection admin, You must be an existing site collection Administrator. In other words, As soon as you remove your account from the site collection Administrator group, You’ll lose the ability to further add or remove any site collection admins.

      Reply
  • This might help with any users getting errors due to access denied.
    Note this code doesn’t actually remove the user but identifies accounts that have more than the owner as a site collection administrator.

    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
    
    $AdminAccount = "administrator@company.com"
    $AdminCenterURL = "https://company-admin.sharepoint.com/"
    
    #Connect to SharePoint Online Admin Center
    Connect-SPOService -Url $AdminCenterURL
    
    #Get All OneDrive for Business Sites in the Tenant
    $OneDriveSites = Get-SPOSite -Limit ALL -includepersonalsite $True -Filter "Url -like '-my.sharepoint.com/personal/'"
          
    #Loop through each OneDrive Site
    Foreach($Site in $OneDriveSites)
    {
        Write-host "Scanning site:"$Site.Url -f Yellow
        try{
            $checkadmin = Get-SPOUser -Site $Site.Url | Where {$_.IsSiteAdmin -eq $true -and $_.LoginName -eq $AdminAccount}
            $setAdmin = $false;
    
            #Add Temp Site Admin
            if($checkadmin.Count -eq 0){
                #Write-host "Add Temp Admin:"$Site.URL -f Gray
                Set-SPOUser -Site $Site -LoginName $AdminAccount -IsSiteCollectionAdmin $True | Out-Null            
                $setAdmin = $true
            }
        }catch{
            #Write-Host "Error:" $_.Exception.Message
            if($_.Exception.Message -like "Access is denied*"){
                #Write-host "Add Temp Admin:"$Site.URL -f Gray
                Set-SPOUser -Site $Site -LoginName $AdminAccount -IsSiteCollectionAdmin $True | Out-Null            
                $setAdmin = $true
            }
        }
     
        #Get All Site Collection Administrators
        $SiteAdmins = Get-SPOUser -Site $Site.Url | Where {$_.IsSiteAdmin -eq $true -and $_.LoginName -ne $AdminAccount -and $_.LoginName -ne $Site.Owner}
    
        if($SiteAdmins.Count -gt 0){ 
            #Iterate through each admin
            Foreach($Admin in $SiteAdmins)
            {
                Write-host "Found other Admin:"$Admin.LoginName -f Blue
            }
        }
    
        #Remove Temp Site Administrator if added
        if($setAdmin -eq $true){        
            #Write-host "Remove Temp Admin:"$Site.URL -f Gray    
            Set-SPOUser -site $Site -LoginName $AdminAccount -IsSiteCollectionAdmin $False | Out-Null
        }
    }
    
    Reply
  • I keep getting the same error; Error Removing Site Collection Admin: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)). Are we missing something????

    Reply
  • I got the same error message, any suggestion?

    Reply
  • Im trying to run this but I get Error Error Removing Site Collection Admin: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) This is using the same account that I used to add the permissions

    Reply
  • This was exactly what I was looking for / tested and works a treat. Many thanks for sharing!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *