If you have a requirement for a consistent account/group in all of your tenant’s SharePoint Online site collection admin groups then there’s a couple of options – all very dependent on how much manual effort you want to put, and how far into your SPO implementation you are.
- Manually do it via the SharePoint UI – fine if you have 5 sites, not so fun if you have 500
- Template the sites so that all future site creations have the same setup
- PowerShell
Adding accounts to all SharePoint Online site collections admin groups via PowerShell is a relatively simple process.
You’ll essentially need the following:
- The SharePoint Online module installed
- SharePoint Administrator tenant role
With that, here’s the code you need to run:
Import-Module -name Microsoft.Online.SharePoint.PowerShell
#Connect to SharePoint Admin
$adminURL = "https://yoururl-admin.sharepoint.com"
Connect-SPOService -Url $adminURL
#Get all site collections
$siteCollections = Get-SPOSite -Limit All
#Define the account to add to site collection admins group
$adminAccount = "test@test.com"
#Loop through each site collection and add the admin account
foreach($site in $siteCollections)
{
Set-SPOUser -Site $site.Url -LoginName $adminAccount -IsSiteCollectionAdmin $true
write-Output "Added $adminAccount to $($site.Url)"
}
#Disconnect from SharePoint Admin
Disconnect-SPOService
One important thing to note here is that this is not filtering out TEAMS sites. For those not aware, a Teams Team creates a SharePoint Online site behind the scenes, primarily for document storage. This script will add the users to these sites as well.
To exclude TEAMS sites, try this:
Get-SPOSite -Limit All | Where-Object {$_.Template -ne "GROUP#0"}
Whilst the GROUP#0 is the default template for Teams sites, this might exclude other site depending on yourself.
For me, this code successfully ran on PowerShell ISE, using PowerShell 5, without issue. Microsoft.Online.SharePoint.PowerShell (at time of writing) still has some compatibility issues with PowerShell 7. If you’re using PS7, expect to see this error:
Connect-SPOService: The remote server returned an error: (400) Bad Request.
