2019-01-15

I was recently tasked with finding out every Site Collection Administrator for each site in my Tenant. This was an interesting task that turned out being more technically challenging than first thought. So now I am here to share my knowledge and hopefully help you along the way.

I am going to cover 2 Scenarios due to the fact we are going to use the cmdlet Get-SPOUser

The important thing to remember when using this cmdlet is you must be a SharePoint Online global administrator and a site collection administrator to run the Get-SPOUser cmdlet. you can find more information about that here

Scenarios

  1. Get all site collection administrators of every site when you are a SharePoint Online global administrator and a site collection administrator of each site in your tenant
  2. Get all site collection administrators of every site when you are not a SharePoint Online global administrator and a site collection administrator of each site in your tenant
  3. We will also cover when you want to get site collection administrators for a specific set of sites that you have stored in a CSV list

Let’s begin …

Get all site collection administrators of every site when you are a SharePoint Online global administrator and a site collection administrator of each site in your tenant

Once you connect to your tenant using Connect-SPOservice the following script will get all sites in your tenant and print out site collection administrators for each site in the tenant, the only variable you have to ensure you put your login name in between the quotes on line 1:

$loginname = "" # your login name that your going to run the script with


$AllSites = get-sposite -Limit all
$myArray = [System.Collections.ArrayList]@()

foreach ($url in $AllSites.url)
{

#Get all the site collection admins
$myarray = Get-SPOUser -Site $url | where {$_.IsSiteAdmin}

#print the results
$myarray |
select DisplayName ,LoginName, Groups, @{Name='URL';Expression={[string]$url}}
}

This will display the results in the console like this:

Get all site collection administrators of every site when you are not a SharePoint Online global administrator and a site collection administrator of each site in your tenant

In this example, let’s assume you don’t have the permissions to every Site Collection. There are a couple of things we need to consider for the script to run smoothly.

First, we need to give our account (that is running the script) Site Collection Administrator rights to each site. Then we need to remove the access once the script has collected the Site Collection Administrator for each site. it is best practice to run this script with an admin account, if you run this with your personal account you may remove Site Collection Administrator rights that your account legitimately have rights to.

The only time your account should remain as a Site Collection Administrator is when you are the only Site Collection Administrator on the site. A SharePoint site always needs to have a minimum of one Site Collection Administrator. This is why we add -ErrorAction Silentlycontinue when removing the Site Collection Administrator so the script will not output any errors and cause confusion.

$loginname = "" # your login name that your going to run the script with


$AllSites = get-sposite -limit all
$myArray = [System.Collections.ArrayList]@()


foreach ($url in $AllSites.url)
{
#Set the site collection admin
Set-SPOUser -Site $url -LoginName $loginname -IsSiteCollectionAdmin $true |out-null

#Get all the site collection admins in an array
$myarray = Get-SPOUser -Site $url | where {$_.IsSiteAdmin}

#Remove your account from the array
$data = $myarray | ? {$_.LoginName -ne $loginname}

#Remove yourself as site collection admin
Set-SPOUser -Site $url -LoginName $loginname -IsSiteCollectionAdmin $false |out-null -ErrorAction silentlycontinue


#print the results
$data |
select DisplayName ,LoginName, Groups, @{Name='URL';Expression={[string]$url}}
}

If you have a lot of results then looking through the console is not the best option. We can export the results by just amending the following on the last line of the script and specifying a path of where you want the CSV file to be saved to

select DisplayName ,LoginName, Groups, @{Name='URL';Expression={[string]$url}} | Export-Csv -path "C:folderfilename.csv" -append

How to get the site collection administrators for a specific set of sites that you have stored in a CSV list

Sometimes getting every Site in the Tenant is too much and we just want sites from a list that we have specified. We can do that by doing the following:

Step 1: Create a CSV file with a header of URL and a list of sites like so

Step 2: Save it somewhere on your machine and copy to the path to the CSV file.

Step 3: Update line 1 with your username

Step 4: Update line 2 with your path to the CSV file

Step 5: Update line 29 with where you want the results to be saved to

$loginname = ""
$AllSites = Import-Csv "C:folderfilename.csv" #grab the CSV


$myArray = [System.Collections.ArrayList]@()




foreach ($url in $AllSites.url)
{
#set the site collection admin
Set-SPOUser -Site $url -LoginName $loginname -IsSiteCollectionAdmin $true |out-null
#write-host "Getting site collection admins for"$v -ForegroundColor green

#get all the site collection admins
$myarray = Get-SPOUser -Site $url | where {$_.IsSiteAdmin}

#remove yourself from the array
$data = $myarray | ? {$_.LoginName -ne $loginname}

#remove yourself as site collection admin
Set-SPOUser -Site $url -LoginName $loginname -IsSiteCollectionAdmin $false |out-null -ErrorAction silentlycontinue


$data |
select DisplayName ,LoginName, Groups, @{Name='URL';Expression={[string]$url}} | Export-Csv -path "C:folderfilename.csv" -append
}

That is everything you’ll need to get site collection administrators in your Tenant if you have any questions leave a comment.

Thanks

Jamie

About the author 

Jamie Bray

Office 365 Collaboration Specialist at Parliamentary Digital Service