Add User to All SharePoint Online Sites using PowerShell
Requirement: Add user to all sites in SharePoint Online using PowerShell.
PowerShell to Add User to All Sites in SharePoint Online
Have you ever wanted to add a user to all SharePoint Online sites of your tenant with Read/Edit/Full Control (Or Visitor/Member/Owner) Permissions? Adding the user to a SharePoint Group or Granting permissions to a user in SharePoint Online is pretty straightforward. But to grant permissions to all sites, You have to add the user to the respective user group on each site in the tenant. Wouldn’t it be nice if we automate this process with PowerShell?
Well, This PowerShell script grants permissions to all sites by adding the given user to the associated members group of the site: Make sure you have site collection administrator rights on all sites before running this script.
#Parameters
$TenantAdminURL="https://crescent-admin.sharepoint.com"
$UserAccount = "Steve@Crescent.com"
#Get Credentials to Connect
$Cred = Get-Credential
Try {
#Connect to Tenant Admin
Connect-PnPOnline -Url $TenantAdminURL -Credentials $Cred
#Get All Site collections - Exclude: Seach Center, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites
$Sites = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0","SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")
#Loop through each Site Collection
ForEach ($Site in $Sites)
{
Try {
#Connect to the Site
Connect-PnPOnline -Url $Site.Url -Credentials $Cred
#Get the associated Members Group of the site
$MembersGroup = Get-PnPGroup -AssociatedMemberGroup
#sharepoint online pnp powershell to add user to group
Add-PnPGroupMember -LoginName $UserAccount -Identity $MembersGroup
Write-host "Added User to the site:"$Site.URL -f Green
}
Catch {
write-host -f Red "Error Adding User to the Site: $($Site.URL)" $_.Exception.Message
}
}
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
I’ve used the “-AssociatedMemberGroup” switch to get the default Member group of the site to grant the user “Edit” permissions. In case you want to grant the user Read permissions, use “AssociatedVisitorGroup” and for “Full Control” or “Owner” permissions, use: “AssociatedOwnerGroup” as the parameter.
How about granting a Direct Permission Level?
Instead of adding the user to the associated SharePoint group, You can directly grant the permission level as:
#Permission Level to Grant
$PermissionLevel = "Contribute"
#grant permission Level to the user
Set-PnPWebPermission -User $UserAccount -AddRole $PermissionLevel
How about granting admin access to all sites? How to add admin access to all SharePoint Online sites?
HI Salaudeen, How would you modify the script to work on a tenant that has MFA turned on?
Thank you
Use: Connect-PnPOnline cmdlet with “Interactive” switch!
Hi. how do I set permissions for a group for all sites? I want to give full control access for all sites. Thank you
You mean: AD Group? Use the AD Group ID as the parameter for LoginName. E.g.
$AdGroupID = “c:0t.c|tenant|798cb3d4-7ca8-4567-adb5-916bc496d7cd”
#Get the Owners group
OwnersGroup = Get-PnPGroup -AssociatedOwnersGroup
#Add AD Group to SharePoint Group
Add-PnPGroupMember -LoginName $UserAccount -Identity $OwnersGroup