In this post, I am going to explain how to add secondary admin for single OneDrive user's site and for all users OneDrive for Business (ODFB) sites using PowerShell. Before proceed install SharePoint Online Management Shell.
Summary:
- Add Administrator for single user OneDrive for Business site.
- Set Secondary Administrator for All OneDrive for Business sites
Add Site Administrator for single user's OneDrive site:
Run the below powershell commands after replacing the variable <tenant name> with your Office 365 tenant name in all the occurrences, set the required user's OneDrive site url (you can copy your own OneDrive Site url and just replace your name with the required username) and provide global admin credentials.# Specify your organization admin central url $AdminURI = "https://<tenant name>-admin.sharepoint.com" # Specify Office 365 global admin in your organization $AdminAccount = "admin@<tenant name>.onmicrosoft.com" $AdminPass = "admin_password" # Specify the secondary admin account $secondaryAdmin = "username@<tenant name>.onmicrosoft.com" # Specify the target user's OneDrive Url. You can copy your OneDrive Site url and just replace your name with the required username. $oneDriveSiteUrl = "https://<tenant name>-my.sharepoint.com/personal/<username>_<tenant name>_onmicrosoft_com/" $sstr = ConvertTo-SecureString -string $AdminPass -AsPlainText -Force $AdminPass = "" $UserCredential = New-Object System.Management.Automation.PSCredential -argumentlist $AdminAccount, $sstr Connect-SPOService -Url $AdminURI -Credential $UserCredential Set-SPOUser -Site $oneDriveSiteUrl -LoginName $secondaryAdmin -IsSiteCollectionAdmin $true -ErrorAction SilentlyContinue Write-Host "Secondary site admin added successfully"
Set Secondary Site Collection Admin for all OneDrive for Business sites
To give admin access for all OneDrive profiles, first we need to find list of users with OneDrive feature provisioned by using SharePoint Online UserProfileService and we can grant administrator access for all OneDrive sites by using the Set-SPOUser cmdlet.# Specify your organization admin central url $AdminURI = "https://<tenant name>-admin.sharepoint.com" # Specify the secondary admin account $secondaryAdmin = "username@<tenant name>.onmicrosoft.com" # Specify the User account for an Office 365 global admin in your organization $AdminAccount = "admin@<tenant name>.onmicrosoft.com" $AdminPass = "admin_password" $loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client") $loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime") $loadInfo3 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.UserProfiles") $sstr = ConvertTo-SecureString -string $AdminPass -AsPlainText -Force $AdminPass = "" $creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($AdminAccount, $sstr) $UserCredential = New-Object System.Management.Automation.PSCredential -argumentlist $AdminAccount, $sstr # Add the path of the User Profile Service to the SPO admin URL, then create a new webservice proxy to access it $proxyaddr = "$AdminURI/_vti_bin/UserProfileService.asmx?wsdl" $UserProfileService= New-WebServiceProxy -Uri $proxyaddr -UseDefaultCredential False $UserProfileService.Credentials = $creds # Set variables for authentication cookies $strAuthCookie = $creds.GetAuthenticationCookie($AdminURI) $uri = New-Object System.Uri($AdminURI) $container = New-Object System.Net.CookieContainer $container.SetCookies($uri, $strAuthCookie) $UserProfileService.CookieContainer = $container # Sets the first User profile, at index -1 $UserProfileResult = $UserProfileService.GetUserProfileByIndex(-1) Write-Host "Starting- This could take a while." $NumProfiles = $UserProfileService.GetUserProfileCount() $i = 1 Connect-SPOService -Url $AdminURI -Credential $UserCredential # As long as the next User profile is NOT the one we started with (at -1)... While ($UserProfileResult.NextValue -ne -1) { Write-Host "Checking profile $i of $NumProfiles" # Look for the Personal Space object in the User Profile and retrieve it # (PersonalSpace is the name of the path to a user's OneDrive for Business site. # Users who have not yet created a OneDrive for Business site might not have this property) $Prop = $UserProfileResult.UserProfile | Where-Object { $_.Name -eq "PersonalSpace" } $Url= $Prop.Values[0].Value # If "PersonalSpace" exists, then OneDrive Profile provisioned for the user... if ($Url) { $oneDriveSiteUrl = "https://<tenant name>-my.sharepoint.com"+ $Url.Substring(0,$Url.Length-1) # Set the secondary admin Set-SPOUser -Site $oneDriveSiteUrl -LoginName $secondaryAdmin -IsSiteCollectionAdmin $true -ErrorAction SilentlyContinue Write-Host "Site admin added successfully: "$oneDriveSiteUrl } # And now we check the next profile the same way... $UserProfileResult = $UserProfileService.GetUserProfileByIndex($UserProfileResult.NextValue) $i++ }