Add a person as a site collection administrator to every Office 365 Site / SharePoint Online Site Collection

The Problem:

In SharePoint online (at least as of early 2015) site collection administrators have to be granted on a site by site basis.

When you create a new site collection using  https://yoururl-admin.sharepoint.com, you are only allowed to pick ONE administrator for the Site collection (In on premise, you used to pick two)

NewSiteCollectionSPOdialog

Now a little trick you can use is, after the site collection is created, you can check the site collection then click the “owners” tab:

SPOadminBar

and from that screen you can add as many site collection administrators as you’d like:

AddSPOadminDialog

 

But there is a downside, you can’t “select all” on all your site collections and add a user to all site collections at once.

Now, I hear you saying “Jack: What if I have 500 site collections and we add a new member to our team?” There’s got to be a better way, right? And it turns out, there is.

The Solution: PowerShell…

A Quick note before we get to the script: You’ll need the SharePoint Online Management Shell installed on your PC before this will work.
Here’s a quick overview of how to use the script:

Update all the relevant variables:

  1. Admin site URL ($adminurl), and the $username that has permissions to log into the admin site url to make the change.
  2. put in your $tenantURL
  3. Update the list of $SiteCollectionAdmins with the list of users you want to make site collection admins

Run the script.

When you run the script it will try to logon to your SPO account and will prompt you for your SPO password, then you should see some slow and steady progress as it runs through each site collection. Finally, at the end you can review the log file to see if there were any issues.

The Script:

 

10 thoughts on “Add a person as a site collection administrator to every Office 365 Site / SharePoint Online Site Collection

  1. Thanks for the script, but have some questions in regards to it.
    Is it possible to apply this to a security group instead of individuals.
    Giving the ability to add / remove users when needed (We use AD sync with onprem AD)

    If not, is there a way to also removed users when needed.
    I tried with changin the script with chaning the line:
    remove-SPOuser -site $site.url -LoginName $user -group $ownerTitle

    But seemed not to work.
    Cheers

  2. Oh and I’ve just discovered this script wont work for sites created by O365 Groups, Planner and Teams.
    Looks like we’ll need to use search to bring them back – assuming we have permission to see them in the first place…

    Seems like a catch-22 for those of us wanting to use service accounts for accessing SPO

Leave a Reply