I have been asked to get list of all explicit user accounts and group with site owner permissions for all sites. I wrote a script using Get-SPOSite, Get-SPOUsers and Get-SPOGroup commands.
To make it easier I wrote the script requires the mandatory parameter of Office 365 Tenant name. The script will create a CSV file on the script working (current) directory.
Instructions:
- Install SharePoint Online Management Shell (Download it from https://www.microsoft.com/en-us/download/details.aspx?id=35588)
- Copy or Create the script to the desired location (e.g., C:\Scripts).
- Open PowerShell and change the working directory to the location where script is located
- Run the script with parameter TenantName
- When asked provide the SharePoint Administrator credentials
e.g., if the sharepoint admin URL is https://contoso-admin.sharepoint.com, then the tenant name is contoso.
.\SiteOwnersList.ps1 -TenantName contoso
Download the script from HERE.
You may also copy/paste the script in PowerShell ISE and save as SiteOwnersList.ps1.
<#
*** Script Name: SiteOwnersList.ps1
*** Purpose: List all SharePoint Online sites and it’s Owners from the site permissions list (Users and Groups) and create the report to a CSV file.
*** The generated CSV file stored at PowerShell script running location (local directory)
*** Parameters: <TenantName> – provide your SharePoint Online (Office 365) Tenant Name (usually your domain name)
***
*** Written By: Anand, the awesome, Venkatachalapathy
***
#>
param ( [Parameter(Mandatory=$True)]
[string]$TenantName )
#Form a SharePoint Admin URl
$AdminURL = “https://$tenantName” + “-admin.sharepoint.com”
#Add SharePoint PowerShell Snap-in and Importing the SharePoint Online module
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue
Import-Module ‘C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell’ -DisableNameChecking
#Connect to SharePoint Online
Connect-SPOService -Url $AdminURL -Credential (Get-Credential)
#Headers for the data
“Site URL`tOwner`tUsers`tGroup`tGroup Members” | Out-File -FilePath .\SharePointSiteOwners.csv
#Get all Sites (Root sites only)
$sites = Get-SPOSite -Limit All
#Process all sites
foreach($site in $sites)
{
$siteURL = $site.Url
$siteOwner = $site.Owner
Write-Host $siteURL -ForegroundColor Cyan
Write-Host $siteOwner -ForegroundColor Cyan
#Get all users with Site Owner permissions
$siteAdmins = Get-SPOUser -Site $siteURL -Limit All | select LoginName,IsSiteAdmin | ? { $_.ISSiteAdmin }
#Collect all site owners (user accounts) to a variable $siteUsers
$siteUsers = “”
foreach($siteAdmin in $siteAdmins) { $siteUsers += $siteAdmin.LoginName + ” , ” }
Write-Host $siteUsers -ForegroundColor Cyan
#Get all Groups from the site permissions
$sitegroups = Get-SPOSiteGroup -Site $siteURL
#Get Group info and members that have site owners permissions
foreach ($sitegroup in $sitegroups)
{
$i = 0
foreach($role in $sitegroup.Roles)
{
if ( $role.Contains(“Site Owner”) -or $role.Contains(“Full Control”) )
{
$i = $i + 1
Write-Host $sitegroup.Title -ForegroundColor “Yellow”
Write-Host $sitegroup.Users -ForegroundColor “Blue”
if ($i -gt 1)
{
“`t`t`t” + $sitegroup.Title + “`t” + $sitegroup.Users | Out-File -FilePath .\SharePointSiteOwners.csv -Append
}
else
{
“$siteURL`t$siteOwner`t$siteUsers`t” + $sitegroup.Title + “`t” + $sitegroup.Users | Out-File -FilePath .\SharePointSiteOwners.csv -Append
}
}
}
}
}
<#
*** The END
#>
