Replace Site Collection Administrator for All Sites in SharePoint Online
Requirement: Replace a SharePoint Online site collection administrator for all sites in the tenant.
How to change the site collection administrators in SharePoint Online?
Replacing site collection administrators in SharePoint Online is straightforward:
- Navigate to the SharePoint Online site
- Click on Settings gear >> Site Information >> View All Site Settings
- In the site settings page, click on the “Site collection administrators” link to change site collection administrators.
You can also set site collection administrators from the SharePoint Admin center by:
- Sites >> Active Sites >> Select the site collection
- Click on “Permissions” and then “Manage Admins”
- On the “Manage admins” page, you can add/remove and manage site collection administrators.
How about replacing an existing site collection administrator with a new one for all site collections in your tenant? When you have many site collections, changing site collection administrators through the web user interface would be a time-consuming and cumbersome task. So, let’s use PowerShell to replace site collection admins.
PowerShell to Replace Site Collection Admin on All SharePoint Online Sites
This PowerShell script removes the user, supplied in $RemoveAccount variable, and adds a new site collection admin given in $AddAccount, wherever the $RemoveAccount had site collection administrator rights. Please note that the primary site owner is also considered a site collection administrator.
Import-Module Microsoft.Online.Sharepoint.PowerShell -DisableNameChecking
#Variables for processing
$TenantAdminURL = "https://crescent-admin.sharepoint.com"
$RemoveAccount="[email protected]"
$AddAccount = "[email protected]"
Try {
#Connect to SharePoint Online
Connect-SPOService -url $TenantAdminURL -credential (Get-Credential)
#Get All Site Collections
$Sites = Get-SPOSite -Limit ALL
#Loop through each site and add site collection admin
Foreach ($Site in $Sites)
{
Write-host "Scanning site:"$Site.Url -f Cyan
Try {
#Check if the given user is a site collection administrator
$Admin = Get-SPOUser -Site $Site.Url -Limit All | Where {$_.IsSiteAdmin -eq $true} | Where {$_.LoginName -eq $RemoveAccount }
If($Admin -ne $Null)
{
#Add the new user as Site Collection Admin
Write-host "`tAdding Site Collection Admin to:"$Site.URL -f Yellow -NoNewline
Set-SPOUser -site $Site -LoginName $AddAccount -IsSiteCollectionAdmin $True| Out-Null
Write-host " - Done!" -f Green
#Remove the existing Site collection Administrator
Write-host "`tRemoving Site Collection Admin from:"$Site.URL -f Yellow -NoNewline
Set-SPOUser -site $Site -LoginName $RemoveAccount -IsSiteCollectionAdmin $False | Out-Null
Write-host " - Done!" -f Green
}
}
Catch {
write-host -f Red "`tError Replacing Site Collection Administrators!" $_.Exception.Message
}
}
}
Catch {
write-host -f Red "`tError:" $_.Exception.Message
}
Please note that this replacement should be done at the group level for Microsoft 365 group-connected sites and sites where an AD group is added as a site collection admin.
PnP PowerShell to Replace Site Collection Administrator in SharePoint Online
Similarly, The above script can be re-written in PnP PowerShell script to replace site collection admins:
#Parameters
$TenantAdminURL = "https://Crescent-admin.sharepoint.com"
$OldAdminAccount= "i:0#.f|membership|[email protected]"
$NewAdminAccount = "i:0#.f|membership|[email protected]"
Try {
#Connect to Admin Center
$Cred = Get-Credential
Connect-PnPOnline -Url $TenantAdminURL -Credentials $Cred
#Get All Site collections
$SiteCollections = Get-PnPTenantSite
#Loop through each site collection
ForEach($Site in $SiteCollections)
{
Try {
#Connect to site collection
Connect-PnPOnline -Url $Site.Url -Credentials $Cred
Write-host "Scanning site:"$Site.Url -f Cyan
#Get site collection admins
$SiteAdmin = Get-PnPSiteCollectionAdmin | Where {$_.LoginName -eq $OldAdminAccount}
If($SiteAdmin -ne $Null)
{
#Add the new user as Site Collection Admin
Write-host "`tAdding Site Collection Admin to:"$Site.URL -f Yellow -NoNewline
Add-PnPSiteCollectionAdmin -Owners $NewAdminAccount
Write-host " - Done!" -f Green
#Remove the existing Site collection Administrator
Write-host "`tRemoving Site Collection Admin from:"$Site.URL -f Yellow -NoNewline
Remove-PnPSiteCollectionAdmin -Owners $OldAdminAccount
Write-host " - Done!" -f Green
}
}
Catch {
write-host -f Red "`tError Replacing Site Collection Administrators!" $_.Exception.Message
}
}
}
Catch {
write-host -f Red "`tError:" $_.Exception.Message
}
Be sure the account which runs these PowerShell scripts has site collection admin rights to all site collections in the tenant. Otherwise, You may encounter an issue:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
This script checks if the given user is a site collection administrator for the site. If yes, it adds the new user and removes the old user from the site. However, suppose you don’t have site collection administrator rights to a site. In that case, you can’t get existing site collection administrators of the site through PowerShell (You can add/remove site collection admins, though!).
Here is how to add a site collection administrator to all sites in the tenant: Add Site Collection Administrator to All SharePoint Online Sites using PowerShell
