OneDrive for Business: How to Remove Site Collection Administrator?
Requirement: Remove user from OneDrive for Business Administrator.
How to Remove User from OneDrive for Business Site Collection?
Site collection administrators have the ability to manage and administer the OneDrive sites within their organization. However, there may be instances where a site collection administrator needs to be removed from their role. This can be done using the Site settings page of the OneDrive or PowerShell script! In this guide, we will provide instructions on how to use PowerShell to remove a site collection administrator from OneDrive for Business.
If you are a site collection admin to a OneDrive site, You can do the following to remove a user from the site collection admin list.
- Login to the target OneDrive for business site >> Click on “Settings” gear >> Choose “OneDrive Settings” from the menu.
- Click on “More Settings” and then click on “Site collection Administrator” under “Manage Access”.
- In the site collection Administrators list, You can add/remove users.
- Click on “OK” to save your changes.
What if you are not a Site Collection Administrator of OneDrive already?
If you don’t have site collection admin rights on a OneDrive for Business site collection, you can’t perform the above steps. So, here is how you can remove a site collection admin using the SharePoint admin center.
- Login to SharePoint Online Admin Center at https://<tenant>-admin.sharepoint.com
- Click on “More features” and then click on the “Open” button under “User Profiles”
- In the User Profiles service application, click on the “Manage User Profiles” link under the “People” group
- Search and find the user whom you want to remove site collection administrators. From the search result, click on the menu item “Manage site collection owners” from the context menu.
- You can remove additional administrators from the site collection in the “Site Collection Administrators” field. You can also change the primary site collection administrator if you want to remove the owner from OneDrive for Business site.
- Click on “OK” to save your changes.
PowerShell to remove OneDrive for Business Administrator
To remove a site collection administrator, who is not an owner of the OneDrive site, use this PowerShell script: First, you need to connect to your SharePoint Online tenant using the Connect-SPOService
cmdlet and providing your tenant admin credentials. Once connected, you can use the Set-SPOUser
cmdlet in the SharePoint Online PowerShell module to remove a site collection administrator for OneDrive for Business.
#Parameters
$AdminCenterURL = "https://Crescent-Admin.SharePoint.com"
$OneDriveSiteURL = "https://crescent-my.sharepoint.com/personal/salaudeen_crescent_com"
$UserAccount = "Steve@Crescent.com"
#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)
#Get the OneDrive for Business Site
$Site = Get-SPOSite $OneDriveSiteURL
#Remove site collection admin
Set-SPOUser -Site $Site -LoginName $UserAccount -IsSiteCollectionAdmin $False
How about removing a user from all OneDrive sites in the tenant where he is added as a site collection admin?
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
#Parameters
$AdminCenterURL = "https://crescent-admin.sharepoint.com"
$AdminAccount = "Steve@crescent.com"
Try {
#Connect to SharePoint Online Admin Center
Connect-SPOService -Url $AdminCenterURL -Credential (Get-Credential)
#Get All OneDrive for Business Sites in the Tenant
$OneDriveSites = Get-SPOSite -Limit ALL -includepersonalsite $True -Filter "Url -like '-my.sharepoint.com/personal/'"
#Loop through each OneDrive Site
Foreach($Site in $OneDriveSites)
{
Write-host "Scanning site:"$Site.Url -f Yellow
#Get All Site Collection Administrators
$SiteAdmins = Get-SPOUser -Site $Site.Url | Where {$_.IsSiteAdmin -eq $true}
#Iterate through each admin
Foreach($Admin in $SiteAdmins)
{
#Check if the Admin Name matches
If($Admin.LoginName -eq $AdminAccount)
{
#Remove Site collection Administrator
Set-SPOUser -site $Site -LoginName $AdminAccount -IsSiteCollectionAdmin $False | Out-Null
Write-host "`tRemoved Site Collection Admin from:"$Site.URL -f Green
}
}
}
}
Catch {
write-host -f Red "Error Removing Site Collection Admin:" $_.Exception.Message
}
To add a site collection administrator to OneDrive for Business sites, How to Add Site collection administrator to OneDrive for Business using PowerShell?
Conclusion
In conclusion, it’s important to manage site collection administrators in OneDrive for Business to ensure that the right people have the necessary access and permissions to manage the sites and files within your organization. By using the methods and PowerShell script explained above, you can easily remove site collection administrators from OneDrive for Business. Overall, PowerShell is a quick and effective way to manage OneDrive for Business site collection administrators, keeping your organization’s data secure and well-maintained.
Is there a way to skip the users that doesn’t have more than 1 administrator? I used yours script to add me as administrator to all users, and theres like 1900 users here, but now that I’m trying to remove me, it keeps getting the error of (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), sometimes it starts removing from 2 – 5 users, then it gets the error because it tried on a different user.
This might help with any users getting errors due to access denied.
Note this code doesn’t actually remove the user but identifies accounts that have more than the owner as a site collection administrator.
I keep getting the same error; Error Removing Site Collection Admin: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)). Are we missing something????
Before removing site collection Admins, You must add yourself to the Site collection Administrators list! How to Add Site collection administrator to OneDrive for Business using PowerShell?
I got the same error message, any suggestion?
Im trying to run this but I get Error Error Removing Site Collection Admin: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) This is using the same account that I used to add the permissions
This was exactly what I was looking for / tested and works a treat. Many thanks for sharing!