Add User to All SharePoint Online Sites using PowerShell

Requirement: Add user to all sites in SharePoint Online using PowerShell

PowerShell to Add User to All Sites in SharePoint Online

Have you ever wanted to add a user to all SharePoint Online sites of your tenant with Read/Edit/Full Control (Or Visitor/Member/Owner) Permissions? Adding the user to a SharePoint Group or Granting permissions to a user in SharePoint Online is pretty straightforward. But to grant permissions to all sites, You have to add the user to the respective user group on each site in the tenant. Wouldn’t it be nice if we automate this process with PowerShell?

Well, This PowerShell script grants permissions to all sites by adding the given user to the associated group of the site: Make sure you have site collection administrator rights on all sites before running this script.

#Parameters
$TenantAdminURL="https://crescent-admin.sharepoint.com"
$UserAccount = "[email protected]"

#Get Credentials to Connect
$Cred = Get-Credential

Try {
    #Connect to Tenant Admin
    Connect-PnPOnline -Url $TenantAdminURL -Credentials $Cred

    #Get All Site collections - Exclude: Seach Center, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites
    $Sites = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")
        
    #Loop through each Site Collection
    ForEach ($Site in $Sites)
    {
        Try {
            #Connect to the Site
            Connect-PnPOnline -Url $Site.Url -Credentials $Cred

            #Get the associated Members Group of the site
            $MembersGroup = Get-PnPGroup -AssociatedMemberGroup
 
            #sharepoint online pnp powershell to add user to group
            Add-PnPGroupMember -LoginName $UserAccount -Identity $MembersGroup

            Disconnect-PnPOnline
            Write-host "Added User to the site:"$Site.URL -f Green
        }
        Catch {
            write-host -f Red "Error Adding User to the Site: $($Site.URL)" $_.Exception.Message
        }
    }
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

I’ve used “-AssociatedMemberGroup” switch to get the default Member group of the site to grant the user “Edit” permissions. In case you want to grant the user with Read permissions, use “AssociatedVisitorGroup” and for “Full Control” or “Owner” permissions, use: “AssociatedOwnerGroup”.

How about granting a Direct Permission Level?

Instead of adding the user to the associated SharePoint group, You can directly grant the permission level as:

#Permission Level to Grant
$PermissionLevel = "Contribute"

#grant permission Level to the user
Set-PnPWebPermission -User $UserAccount -AddRole $PermissionLevel

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

Leave a Reply