So you have started down the road of creating your Sharepoint site in Office 365 but you do not have permissions permissions as these require to be manually added.
We are a little lazier than that, this will be the basis of a scheduled job.
Please use the script below along with my small recommendations:
#one-time generation of an a file to hold password so that we may schedule the job.
#read-Host “Enter Password” -AsSecureString | ConvertFrom-SecureString | Out-File “C:\Scripts\o365_spo.txt”
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
#Setup our variables
$date = (get-date -format "dd-MM-yy")
$contents = $null
$emailbody = $null
$AdminURL = "https://tenancy-admin.sharepoint.com"
$AdminName = "O365Backup@domain.com"
#admin account we will be adding
$AdminNames = "backup.account@domain.com","sharepoint.admin@domain.com"
$TenantPass = cat “C:\Scripts\o365_spo.txt” | ConvertTo-SecureString
$TenantCredentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $adminname, $TenantPass
$cred = [System.Net.CredentialCache]::DefaultCredentials
[System.Net.WebRequest]::DefaultWebProxy.Credentials = $TenantCredentials
Connect-SPOService -Url $adminurl -credential $TenantCredentials
#Build site list
$Sites = Get-SPOSite -Limit ALL
$emailbody = "<HTML><HEAD><META http-equiv=""Content-Type"" content=""text/html; charset=iso-8859-1"" /><TITLE></TITLE></HEAD>"
$emailbody = "<BODY bgcolor=""#FFFFFF"" style=""font-size: Small; font-family: Arial; color: #000000""><P>"
$emailbody += "<p>Please be aware that the following permissions have been added to sharepoint sites by $AdminName :</p>"
$emailbody += "<p>Tenancy: $AdminURL</p>"
Foreach ($admin in $adminnames){
Foreach ($Site in $Sites){
Set-SPOUser -site $Site.Url -LoginName $Admin -IsSiteCollectionAdmin $True
$displayname = Get-SPOUser -site $Site.Url -LoginName $admin
$displayname = $displayname.displayname | out-string
$url = $site.url | Out-String
$isadmin = get-spouser $site.url -loginname $Admin | select issiteadmin
$emailbody += "$displayname confirmed as $isadmin for: $url</br>"
write-host $emailbody
}
}
$emailbody += "<p>Regards,</p>"
$emailbody += "<p>Your friendly Office 365 team</p>"
$successMessageParameters = @{
Subject = "Site Collection Admin Added to SharePoint Sites - $((Get-Date).ToShortDateString())"
Body = $emailbody
From = "servername@domain.com"
To = "backupadmins@domain.com","digitalplatformteam@domain.com"
#To = "testing.user@domain.com"
SmtpServer = "x.x.x.x"
BodyAsHTML = $true
}
Send-MailMessage @successMessageParameters
Hi George,
Does this script include sites where inheritance has been broken on a library and folders within the library have broken inheritance as well?
I am looking for a good backup for SPO permissions.
Thanks,
Andee
Hi Andee,
Seeing as it iterates through all sites, it would also take care of inheritance too, so yes. The two lines of interest are the following:
$Sites = Get-SPOSite -Limit ALL
Set-SPOUser -site $Site.Url -LoginName $Admin -IsSiteCollectionAdmin
Thanks, George