joerodgers/Get-PrincipalLocations.ps1

## Get-PrincipalLocations.ps1
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking -ErrorAction Stop

# tenant name
$tenant = $env:O365_TENANT

# define a list of users or groups to report. Use UPN for user objects and ObjectId for group objects
$identities = "jane.doe@contoso.com", "john.doe@contoso.com", "986b904f-0de9-416d-9fd9-7e5d8402e7c0"

if( -not $credential )
{
    $credential = Get-Credential

    # $secret = ConvertTo-SecureString -AsPlainText 'pass@word1' -Force
    # $credential = New-Object System.Management.Automation.PSCredential( "john.doe@contoso.com", $secret)
}

# connect to admin center
Connect-SPOService -Url "https://$tenant-admin.sharepoint.com" -Credential $credential -ErrorAction Stop

# pull list of all drive sites
$siteUrls = Get-SPOSite -IncludePersonalSite $true -Filter { Url -like '-my.sharepoint.com/personal/' } | Select-Object -ExpandProperty Url

# pull current user UPN from spo connection context
$pi = [Microsoft.Online.SharePoint.PowerShell.SPOService].GetProperty( "CurrentService", ("NonPublic","Static"))
$currentUser = $pi.GetValue($null).context.Credentials.UserName

# enumerate drives
$results = foreach( $siteUrl in $siteUrls )
{
    Start-Sleep -Seconds 2

    Write-Host "[$(Get-Date)] - Processing site: $siteUrl"

    try
    {
        Write-Host "[$(Get-Date)] - `tAdding $currentUser as site collection admin"

        # promote current user to site collection admin
        $null = Set-SPOUser -Site $siteUrl -LoginName $currentUser -IsSiteCollectionAdmin $true
    }
    catch
    {
        Write-Host "Failed to add $currentUser as site collection admin to '$siteUrl'. Error: $_" -ForegroundColor Red
        continue
    }

    try
    {
        Write-Host "[$(Get-Date)] - `tChecking users"

        $sitesUsers = Get-SPOUser $siteUrl -ErrorAction Stop

        foreach( $identity in $identities )
        {
            if( $principal = $sitesUsers | Where-Object -Property LoginName -eq $identity )
            {
                [PSCustomObject] @{
                    Site        = $siteUrl
                    Login       = $principal.LoginName
                    DisplayName = $principal.DisplayName
                    IsSiteAdmin = $principal.IsSiteAdmin
                    IsGroup     = $principal.IsGroup
                    UserType    = $principal.UserType
                }
            }
        }
    }
    catch
    {
        Write-Host "Failed to process site: $($_). Error: $_" -ForegroundColor Red
    }


    Write-Host "[$(Get-Date)] - `tRemoving $currentUser from site collection administrators"

    # demote current user from site collection admin
    $null = Set-SPOUser -Site $siteUrl -LoginName $currentUser -IsSiteCollectionAdmin $false -ErrorAction Stop
}

$results | Export-Csv -Path "PrincipalReferences.csv" -NoTypeInformation

## Remove-Principal.ps1
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking -ErrorAction Stop

# tenant name
$tenant = $env:O365_TENANT

# csv file path
$csvPath = "C:\_temp\PrincipalReferences.csv"

if( -not $credential )
{
    $credential = Get-Credential

    # $secret = ConvertTo-SecureString -AsPlainText 'pass@word1' -Force
    # $credential = New-Object System.Management.Automation.PSCredential( "john.doe@contoso.com", $secret)
}

# connect to admin center
Connect-SPOService -Url "https://$tenant-admin.sharepoint.com" -Credential $credential -ErrorAction Stop

# read in csv rows
$rows = Import-Csv -Path $csvPath -ErrorAction Stop

# pull current user UPN from spo connection context
$pi = [Microsoft.Online.SharePoint.PowerShell.SPOService].GetProperty( "CurrentService", ("NonPublic","Static"))
$currentUser = $pi.GetValue($null).context.Credentials.UserName

# enumerate rows
foreach( $row in $rows )
{
    Start-Sleep -Seconds 2

    $siteUrl = $row.Site

    Write-Host "[$(Get-Date)] - Processing site: $siteUrl"

    try
    {
        Write-Host "[$(Get-Date)] - `tAdding $currentUser as site collection admin"

        # promote current user to site collection admin
        $null = Set-SPOUser -Site $siteUrl -LoginName $currentUser -IsSiteCollectionAdmin $true
    }
    catch
    {
        Write-Host "Failed to add $currentUser as site collection admin to '$siteUrl'. Error: $_" -ForegroundColor Red
        continue
    }

    # format the login with the right claim prefix
    if( $row.IsGroup )
    {
        $claimPrefix = "c:0t.c|tenant|"
    }
    else
    {
        $claimPrefix = "i:0#.f|membership|"
    }

    $claim = "$claimPrefix$($row.Login)"

    try
    {
        $principal = Get-SPOUser -Site $siteUrl -LoginName $claim -ErrorAction Stop
    }
    catch
    {
        Write-Host "Failed to find $claim on site: '$siteUrl'. Error: $_" -ForegroundColor Red
    }

    if( $principal )
    {
        try
        {
            Write-Host "[$(Get-Date)] - `tRemoving $claim from site"
            $null = Remove-SPOUser -Site $siteUrl -LoginName $claim -ErrorAction Stop
        }
        catch
        {
            Write-Host "Failed to remove $claim from site: '$siteUrl'. Error: $_" -ForegroundColor Red
        }
    }

    Write-Host "[$(Get-Date)] - `tRemoving $currentUser from site collection administrators"

    # demote current user from site collection admin
    $null = Set-SPOUser -Site $siteUrl -LoginName $currentUser -IsSiteCollectionAdmin $false -ErrorAction Stop
}
	Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking -ErrorAction Stop

	# tenant name
	$tenant = $env:O365_TENANT

	# define a list of users or groups to report. Use UPN for user objects and ObjectId for group objects
	$identities = "jane.doe@contoso.com", "john.doe@contoso.com", "986b904f-0de9-416d-9fd9-7e5d8402e7c0"

	if( -not $credential )
	{
	$credential = Get-Credential

	# $secret = ConvertTo-SecureString -AsPlainText 'pass@word1' -Force
	# $credential = New-Object System.Management.Automation.PSCredential( "john.doe@contoso.com", $secret)
	}

	# connect to admin center
	Connect-SPOService -Url "https://$tenant-admin.sharepoint.com" -Credential $credential -ErrorAction Stop

	# pull list of all drive sites
	$siteUrls = Get-SPOSite -IncludePersonalSite $true -Filter { Url -like '-my.sharepoint.com/personal/' } \| Select-Object -ExpandProperty Url

	# pull current user UPN from spo connection context
	$pi = [Microsoft.Online.SharePoint.PowerShell.SPOService].GetProperty( "CurrentService", ("NonPublic","Static"))
	$currentUser = $pi.GetValue($null).context.Credentials.UserName

	# enumerate drives
	$results = foreach( $siteUrl in $siteUrls )
	{
	Start-Sleep -Seconds 2

	Write-Host "[$(Get-Date)] - Processing site: $siteUrl"

	try
	{
	Write-Host "[$(Get-Date)] - `tAdding $currentUser as site collection admin"

	# promote current user to site collection admin
	$null = Set-SPOUser -Site $siteUrl -LoginName $currentUser -IsSiteCollectionAdmin $true
	}
	catch
	{
	Write-Host "Failed to add $currentUser as site collection admin to '$siteUrl'. Error: $_" -ForegroundColor Red
	continue
	}

	try
	{
	Write-Host "[$(Get-Date)] - `tChecking users"

	$sitesUsers = Get-SPOUser $siteUrl -ErrorAction Stop

	foreach( $identity in $identities )
	{
	if( $principal = $sitesUsers \| Where-Object -Property LoginName -eq $identity )
	{
	[PSCustomObject] @{
	Site = $siteUrl
	Login = $principal.LoginName
	DisplayName = $principal.DisplayName
	IsSiteAdmin = $principal.IsSiteAdmin
	IsGroup = $principal.IsGroup
	UserType = $principal.UserType
	}
	}
	}
	}
	catch
	{
	Write-Host "Failed to process site: $($_). Error: $_" -ForegroundColor Red
	}


	Write-Host "[$(Get-Date)] - `tRemoving $currentUser from site collection administrators"

	# demote current user from site collection admin
	$null = Set-SPOUser -Site $siteUrl -LoginName $currentUser -IsSiteCollectionAdmin $false -ErrorAction Stop
	}

	$results \| Export-Csv -Path "PrincipalReferences.csv" -NoTypeInformation