Tuesday, 27 March 2018

Add Secondary Site Administrator to OneDrive for Business Users using PowerShell

As an Office 365 Admin, in some situations you might need to gain access to users' OneDrive for Business site when some users are terminated and if they are marked for deletion . By default, each user is added as primary & secondary site collection administrators to their personal OneDrive site, so you have to add your account as secondary admin in the requiresd user's OneDrive site to gain full access.

In this post, I am going to explain how to add secondary admin for single OneDrive user's site and for all users OneDrive for Business (ODFB) sites using PowerShell. Before proceed install SharePoint Online Management Shell.

Summary:


Add Site Administrator for single user's OneDrive site:

Run the below powershell commands after replacing the variable <tenant name> with your Office 365 tenant name in all the occurrences, set the required user's OneDrive site url (you can copy your own OneDrive Site url and just replace your name with the required username) and provide global admin credentials.
# Specify your organization admin central url 
$AdminURI = "https://<tenant name>-admin.sharepoint.com"
 
# Specify Office 365 global admin in your organization
$AdminAccount = "admin@<tenant name>.onmicrosoft.com"
$AdminPass = "admin_password"

# Specify the secondary admin account 
$secondaryAdmin = "username@<tenant name>.onmicrosoft.com"
# Specify the target user's OneDrive Url. You can copy your OneDrive Site url and just replace your name with the required username.
$oneDriveSiteUrl = "https://<tenant name>-my.sharepoint.com/personal/<username>_<tenant name>_onmicrosoft_com/" 
 
$sstr = ConvertTo-SecureString -string $AdminPass -AsPlainText -Force
$AdminPass = ""
$UserCredential = New-Object System.Management.Automation.PSCredential -argumentlist $AdminAccount, $sstr
 
Connect-SPOService -Url $AdminURI -Credential $UserCredential
Set-SPOUser -Site $oneDriveSiteUrl -LoginName $secondaryAdmin -IsSiteCollectionAdmin $true -ErrorAction SilentlyContinue
Write-Host "Secondary site admin added successfully"

Set Secondary Site Collection Admin for all OneDrive for Business sites

To give admin access for all OneDrive profiles, first we need to find list of users with OneDrive feature provisioned by using SharePoint Online UserProfileService and we can grant administrator access for all OneDrive sites by using the Set-SPOUser cmdlet.
# Specify your organization admin central url 
$AdminURI = "https://<tenant name>-admin.sharepoint.com"

# Specify the secondary admin account 
$secondaryAdmin = "username@<tenant name>.onmicrosoft.com"
 
# Specify the User account for an Office 365 global admin in your organization
$AdminAccount = "admin@<tenant name>.onmicrosoft.com"
$AdminPass = "admin_password"
 
$loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
$loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
$loadInfo3 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.UserProfiles")
 
$sstr = ConvertTo-SecureString -string $AdminPass -AsPlainText -Force
$AdminPass = ""
$creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($AdminAccount, $sstr)
$UserCredential = New-Object System.Management.Automation.PSCredential -argumentlist $AdminAccount, $sstr
 
# Add the path of the User Profile Service to the SPO admin URL, then create a new webservice proxy to access it
$proxyaddr = "$AdminURI/_vti_bin/UserProfileService.asmx?wsdl"
$UserProfileService= New-WebServiceProxy -Uri $proxyaddr -UseDefaultCredential False
$UserProfileService.Credentials = $creds
 
# Set variables for authentication cookies
$strAuthCookie = $creds.GetAuthenticationCookie($AdminURI)
$uri = New-Object System.Uri($AdminURI)
$container = New-Object System.Net.CookieContainer
$container.SetCookies($uri, $strAuthCookie)
$UserProfileService.CookieContainer = $container
 
# Sets the first User profile, at index -1
$UserProfileResult = $UserProfileService.GetUserProfileByIndex(-1)
Write-Host "Starting- This could take a while."
$NumProfiles = $UserProfileService.GetUserProfileCount()
$i = 1
 
Connect-SPOService -Url $AdminURI -Credential $UserCredential
 
# As long as the next User profile is NOT the one we started with (at -1)...
While ($UserProfileResult.NextValue -ne -1) 
{
Write-Host "Checking profile $i of $NumProfiles"
# Look for the Personal Space object in the User Profile and retrieve it
# (PersonalSpace is the name of the path to a user's OneDrive for Business site. 
# Users who have not yet created a  OneDrive for Business site might not have this property)
$Prop = $UserProfileResult.UserProfile | Where-Object { $_.Name -eq "PersonalSpace" } 
$Url= $Prop.Values[0].Value
  
# If "PersonalSpace" exists, then OneDrive Profile provisioned for the user...
if ($Url) {
$oneDriveSiteUrl = "https://<tenant name>-my.sharepoint.com"+ $Url.Substring(0,$Url.Length-1)
 
# Set the secondary admin
Set-SPOUser -Site $oneDriveSiteUrl -LoginName $secondaryAdmin -IsSiteCollectionAdmin $true -ErrorAction SilentlyContinue
Write-Host "Site admin added successfully: "$oneDriveSiteUrl 
}
# And now we check the next profile the same way...
$UserProfileResult = $UserProfileService.GetUserProfileByIndex($UserProfileResult.NextValue)
$i++
}

Advertisements
Advertisements

No comments:

Post a Comment