Add User to All SharePoint Online Sites using PowerShell

Requirement: Add user to all sites in SharePoint Online using PowerShell.

PowerShell to Add User to All Sites in SharePoint Online

Have you ever wanted to add a user to all SharePoint Online sites of your tenant with Read/Edit/Full Control (Or Visitor/Member/Owner) Permissions? Adding the user to a SharePoint Group or Granting permissions to a user in SharePoint Online is pretty straightforward. But to grant permissions to all sites, You have to add the user to the respective user group on each site in the tenant. Wouldn’t it be nice if we automate this process with PowerShell?

Well, This PowerShell script grants permissions to all sites by adding the given user to the associated members group of the site: Make sure you have site collection administrator rights on all sites before running this script.

#Parameters
$TenantAdminURL="https://crescent-admin.sharepoint.com"
$UserAccount = "Steve@Crescent.com"

#Get Credentials to Connect
$Cred = Get-Credential

Try {
    #Connect to Tenant Admin
    Connect-PnPOnline -Url $TenantAdminURL -Credentials $Cred

    #Get All Site collections - Exclude: Seach Center, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites
    $Sites = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0","SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")
        
    #Loop through each Site Collection
    ForEach ($Site in $Sites)
    {
        Try {
            #Connect to the Site
            Connect-PnPOnline -Url $Site.Url -Credentials $Cred

            #Get the associated Members Group of the site
            $MembersGroup = Get-PnPGroup -AssociatedMemberGroup
 
            #sharepoint online pnp powershell to add user to group
            Add-PnPGroupMember -LoginName $UserAccount -Identity $MembersGroup
            Write-host "Added User to the site:"$Site.URL -f Green
        }
        Catch {
            write-host -f Red "Error Adding User to the Site: $($Site.URL)" $_.Exception.Message
        }
    }
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

I’ve used the “-AssociatedMemberGroup” switch to get the default Member group of the site to grant the user “Edit” permissions. In case you want to grant the user Read permissions, use “AssociatedVisitorGroup” and for “Full Control” or “Owner” permissions, use: “AssociatedOwnerGroup” as the parameter.

How about granting a Direct Permission Level?

Instead of adding the user to the associated SharePoint group, You can directly grant the permission level as:

#Permission Level to Grant
$PermissionLevel = "Contribute"

#grant permission Level to the user
Set-PnPWebPermission -User $UserAccount -AddRole $PermissionLevel

How about granting admin access to all sites? How to add admin access to all SharePoint Online sites?

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

4 thoughts on “Add User to All SharePoint Online Sites using PowerShell

  • HI Salaudeen, How would you modify the script to work on a tenant that has MFA turned on?

    Thank you

    Reply
  • Hi. how do I set permissions for a group for all sites? I want to give full control access for all sites. Thank you

    Reply
    • You mean: AD Group? Use the AD Group ID as the parameter for LoginName. E.g.
      $AdGroupID = “c:0t.c|tenant|798cb3d4-7ca8-4567-adb5-916bc496d7cd”
      #Get the Owners group
      OwnersGroup = Get-PnPGroup -AssociatedOwnersGroup

      #Add AD Group to SharePoint Group
      Add-PnPGroupMember -LoginName $UserAccount -Identity $OwnersGroup

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *