Last active
March 26, 2024 14:32
-
-
Save joerodgers/72d8ab0da0a8525e5e9e15a4a6e8a169 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking -ErrorAction Stop | |
# tenant name | |
$tenant = $env:O365_TENANT | |
# define a list of users or groups to report. Use UPN for user objects and ObjectId for group objects | |
$identities = "jane.doe@contoso.com", "john.doe@contoso.com", "986b904f-0de9-416d-9fd9-7e5d8402e7c0" | |
if( -not $credential ) | |
{ | |
$credential = Get-Credential | |
# $secret = ConvertTo-SecureString -AsPlainText 'pass@word1' -Force | |
# $credential = New-Object System.Management.Automation.PSCredential( "john.doe@contoso.com", $secret) | |
} | |
# connect to admin center | |
Connect-SPOService -Url "https://$tenant-admin.sharepoint.com" -Credential $credential -ErrorAction Stop | |
# pull list of all drive sites | |
$siteUrls = Get-SPOSite -IncludePersonalSite $true -Filter { Url -like '-my.sharepoint.com/personal/' } | Select-Object -ExpandProperty Url | |
# pull current user UPN from spo connection context | |
$pi = [Microsoft.Online.SharePoint.PowerShell.SPOService].GetProperty( "CurrentService", ("NonPublic","Static")) | |
$currentUser = $pi.GetValue($null).context.Credentials.UserName | |
# enumerate drives | |
$results = foreach( $siteUrl in $siteUrls ) | |
{ | |
Start-Sleep -Seconds 2 | |
Write-Host "[$(Get-Date)] - Processing site: $siteUrl" | |
try | |
{ | |
Write-Host "[$(Get-Date)] - `tAdding $currentUser as site collection admin" | |
# promote current user to site collection admin | |
$null = Set-SPOUser -Site $siteUrl -LoginName $currentUser -IsSiteCollectionAdmin $true | |
} | |
catch | |
{ | |
Write-Host "Failed to add $currentUser as site collection admin to '$siteUrl'. Error: $_" -ForegroundColor Red | |
continue | |
} | |
try | |
{ | |
Write-Host "[$(Get-Date)] - `tChecking users" | |
$sitesUsers = Get-SPOUser $siteUrl -ErrorAction Stop | |
foreach( $identity in $identities ) | |
{ | |
if( $principal = $sitesUsers | Where-Object -Property LoginName -eq $identity ) | |
{ | |
[PSCustomObject] @{ | |
Site = $siteUrl | |
Login = $principal.LoginName | |
DisplayName = $principal.DisplayName | |
IsSiteAdmin = $principal.IsSiteAdmin | |
IsGroup = $principal.IsGroup | |
UserType = $principal.UserType | |
} | |
} | |
} | |
} | |
catch | |
{ | |
Write-Host "Failed to process site: $($_). Error: $_" -ForegroundColor Red | |
} | |
Write-Host "[$(Get-Date)] - `tRemoving $currentUser from site collection administrators" | |
# demote current user from site collection admin | |
$null = Set-SPOUser -Site $siteUrl -LoginName $currentUser -IsSiteCollectionAdmin $false -ErrorAction Stop | |
} | |
$results | Export-Csv -Path "PrincipalReferences.csv" -NoTypeInformation |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking -ErrorAction Stop | |
# tenant name | |
$tenant = $env:O365_TENANT | |
# csv file path | |
$csvPath = "C:\_temp\PrincipalReferences.csv" | |
if( -not $credential ) | |
{ | |
$credential = Get-Credential | |
# $secret = ConvertTo-SecureString -AsPlainText 'pass@word1' -Force | |
# $credential = New-Object System.Management.Automation.PSCredential( "john.doe@contoso.com", $secret) | |
} | |
# connect to admin center | |
Connect-SPOService -Url "https://$tenant-admin.sharepoint.com" -Credential $credential -ErrorAction Stop | |
# read in csv rows | |
$rows = Import-Csv -Path $csvPath -ErrorAction Stop | |
# pull current user UPN from spo connection context | |
$pi = [Microsoft.Online.SharePoint.PowerShell.SPOService].GetProperty( "CurrentService", ("NonPublic","Static")) | |
$currentUser = $pi.GetValue($null).context.Credentials.UserName | |
# enumerate rows | |
foreach( $row in $rows ) | |
{ | |
Start-Sleep -Seconds 2 | |
$siteUrl = $row.Site | |
Write-Host "[$(Get-Date)] - Processing site: $siteUrl" | |
try | |
{ | |
Write-Host "[$(Get-Date)] - `tAdding $currentUser as site collection admin" | |
# promote current user to site collection admin | |
$null = Set-SPOUser -Site $siteUrl -LoginName $currentUser -IsSiteCollectionAdmin $true | |
} | |
catch | |
{ | |
Write-Host "Failed to add $currentUser as site collection admin to '$siteUrl'. Error: $_" -ForegroundColor Red | |
continue | |
} | |
# format the login with the right claim prefix | |
if( $row.IsGroup ) | |
{ | |
$claimPrefix = "c:0t.c|tenant|" | |
} | |
else | |
{ | |
$claimPrefix = "i:0#.f|membership|" | |
} | |
$claim = "$claimPrefix$($row.Login)" | |
try | |
{ | |
$principal = Get-SPOUser -Site $siteUrl -LoginName $claim -ErrorAction Stop | |
} | |
catch | |
{ | |
Write-Host "Failed to find $claim on site: '$siteUrl'. Error: $_" -ForegroundColor Red | |
} | |
if( $principal ) | |
{ | |
try | |
{ | |
Write-Host "[$(Get-Date)] - `tRemoving $claim from site" | |
$null = Remove-SPOUser -Site $siteUrl -LoginName $claim -ErrorAction Stop | |
} | |
catch | |
{ | |
Write-Host "Failed to remove $claim from site: '$siteUrl'. Error: $_" -ForegroundColor Red | |
} | |
} | |
Write-Host "[$(Get-Date)] - `tRemoving $currentUser from site collection administrators" | |
# demote current user from site collection admin | |
$null = Set-SPOUser -Site $siteUrl -LoginName $currentUser -IsSiteCollectionAdmin $false -ErrorAction Stop | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Joe. Thank you as always for all you do with your amazing PoSh skills!!!