Add a person as a site collection administrator to every Office 365 Site / SharePoint Online Site Collection

The Problem:

In SharePoint online (at least as of early 2015) site collection administrators have to be granted on a site by site basis.

When you create a new site collection using, you are only allowed to pick ONE administrator for the Site collection (In on premise, you used to pick two)


Now a little trick you can use is, after the site collection is created, you can check the site collection then click the “owners” tab:


and from that screen you can add as many site collection administrators as you’d like:



But there is a downside, you can’t “select all” on all your site collections and add a user to all site collections at once.

Now, I hear you saying “Jack: What if I have 500 site collections and we add a new member to our team?” There’s got to be a better way, right? And it turns out, there is.

The Solution: PowerShell…

A Quick note before we get to the script: You’ll need the SharePoint Online Management Shell installed on your PC before this will work.
Here’s a quick overview of how to use the script:

Update all the relevant variables:

  1. Admin site URL ($adminurl), and the $username that has permissions to log into the admin site url to make the change.
  2. put in your $tenantURL
  3. Update the list of $SiteCollectionAdmins with the list of users you want to make site collection admins

Run the script.

When you run the script it will try to logon to your SPO account and will prompt you for your SPO password, then you should see some slow and steady progress as it runs through each site collection. Finally, at the end you can review the log file to see if there were any issues.

The Script:

# Jack Fruh -
# add a user or users to the site collection admin role on every site collection in Office 365 sites (SharePoint Online)

#setup a log path
$path = "$($(get-location).path)\LogFile.txt"
#note we're using start-transcript, this does not work from inside the powershell ISE, only the command prompt

start-transcript -path $Path
write-host "This will connect to SharePoint Online"

#Admin Variables:
$Adminurl = ""
$username = ""

#Tenant Variables:
$TenantURL = ""

$SiteCollectionAdmins = @("", "", "")

#Connect to SPO
$SecurePWD = read-host -assecurestring "Enter Password for $username"
$credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $SecurePWD

Connect-SPOService -url $Adminurl -credential $credential
write-host "Connected" -foregroundcolor green

$sites = get-sposite
Foreach ($site in $sites)
    Write-host "Adding users to $($site.URL)" -foregroundcolor yellow
	#get the owner group name
	$ownerGroup = get-spoSitegroup -site $site.url | where {$_.title -like "*Owners"}
	$ownertitle = $ownerGroup.title
	Write-host "Owner Group is named > $ownertitle > " -foregroundcolor cyan
	#add the Site Collection Admin to the site in the owners group
	foreach ($user in $SiteCollectionAdmins)
		Write-host "Adding $user to $($site.URL) as a user..."
		add-SPOuser  -site $site.url -LoginName $user -group $ownerTitle
		write-host "Done"
		#Set the site collection admin flag for the Site collection admin
		write-host "Setting up $user as a site collection admin on $($site.url)..."
		set-spouser -site $site.url -loginname $user -IsSiteCollectionAdmin $true
		write-host "Done"	-foregroundcolor green
Write-host "Done with everything" -foregroundcolor green 


10 thoughts on “Add a person as a site collection administrator to every Office 365 Site / SharePoint Online Site Collection

  1. Nice script. Is it possible to add a AD security group into the site collection owners not just a person(s)?

  2. Thanks for the script, but have some questions in regards to it.
    Is it possible to apply this to a security group instead of individuals.
    Giving the ability to add / remove users when needed (We use AD sync with onprem AD)

    If not, is there a way to also removed users when needed.
    I tried with changin the script with chaning the line:
    remove-SPOuser -site $site.url -LoginName $user -group $ownerTitle

    But seemed not to work.

  3. Oh and I’ve just discovered this script wont work for sites created by O365 Groups, Planner and Teams.
    Looks like we’ll need to use search to bring them back – assuming we have permission to see them in the first place…

    Seems like a catch-22 for those of us wanting to use service accounts for accessing SPO

Leave a Reply