Microsoft 365 : SharePoint Online – PowerShell script to add / remove given user as Site Collection Administrators

Hi All,

Greetings for the day !!!

Today sharing one more PowerShell script – script to update user permissions on SharePoint online site collection using PowerShell

Background / Use Case

• In our tenant for certain site collections we need to perform some tasks / activity
• To perform respective activity / tasks we need use our SharePoint admin account
• So we need to give temporary permissions to our SharePoint admin account
• Then perform the respective task / activity
• Remove the permission again
• So we are here using SharePoint Online PowerShell to give the permission to our account and remove again

Takeaway

• How to connect to SharePoint online using PowerShell
• At the end of this article we got to know how to grant / revoke permissions to given user to site collection using PowerShell

Prerequisites

• Account at least SharePoint admin or Global admin role

Details / Steps

• Connect to SharePoint Online admin center – using Connect-SPOService

#connect to SharePoint online admin center
#User which executes these CMDLETs must be either SharePoint admin or Global admin
Connect-SPOService -Url https://knowledgejunction1-admin.sharepoint.com/

• Syntax

Connect-SPOService
       -AuthenticationUrl <String>
       [-ClientTag <String>]
       [-Credential <CredentialCmdletPipeBind>]
       -Url <UrlCmdletPipeBind>
       -ModernAuth <Boolean>
       [<CommonParameters>]
       [-Region <AADCrossTenantAuthenticationLocation>]

• Add the respective given user to respective site collection as site collection administrator using – Set-SPOUser
• Here, we are adding user – KnowledgeJunction@knowledgejunction1.onmicrosoft.com to the site collection – https://knowledgejunction1.sharepoint.com/sites/Demo
• IsSiteCollectionAdmin –
  • parameter determines the addition and removal of site collection administrator to the given site collection.
  • Specifies whether user is site collection administrator or not
  • If you want to remove the site collection administrator from the site collection, just set the value of this parameter to – FALSE

#add the respective user as site collection administrator to the respective given site
Set-SPOUser -Site https://knowledgejunction1.sharepoint.com/sites/Demo -LoginName KnowledgeJunction@knowledgejunction1.onmicrosoft.com -IsSiteCollectionAdmin $true

• Syntax

Set-SPOUser
   -IsSiteCollectionAdmin <Boolean>
   -LoginName <String>
   -Site <SpoSitePipeBind>
   [<CommonParameters>]

• Site collection administrators to the site collection before executing the script – https://knowledgejunction1.sharepoint.com/sites/Demo

Complete Script :

try{
     #connect to SharePoint online admin center
     #User which executes these CMDLETs must be either SharePoint admin or Global admin
     Connect-SPOService -Url https://knowledgejunction1-admin.sharepoint.com/

     #add respective user as site collection administrator to the respective given site
     Set-SPOUser -Site https://knowledgejunction1.sharepoint.com/sites/Demo -LoginName 
     KnowledgeJunction@knowledgejunction1.onmicrosoft.com -IsSiteCollectionAdmin $true
  }#try
  catch{
        Write-Host "Exception occurred : $($_.Exception.Message)" -ForegroundColor Red
  }#catch

• Site collection administrators to the site collection after executing the script – https://knowledgejunction1.sharepoint.com/sites/Demo

Thanks for reading !!! HAVE A FANTASTIC TIME AHEAD 🙂