Backup permissions for Sharepoint Online

So you have started down the road of creating your Sharepoint site in Office 365 but you do not have permissions permissions as these require to be manually added.

We are a little lazier than that, this will be the basis of a scheduled job.

Please use the script below along with my small recommendations:

#one-time generation of an a file to hold password so that we may schedule the job. 
#read-Host “Enter Password” -AsSecureString |  ConvertFrom-SecureString | Out-File “C:\Scripts\o365_spo.txt”

Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

#Setup our variables
$date = (get-date -format "dd-MM-yy")
$contents = $null
$emailbody = $null
$AdminURL = ""
$AdminName = ""
#admin account we will be adding
$AdminNames = "",""
$TenantPass = cat “C:\Scripts\o365_spo.txt” | ConvertTo-SecureString
$TenantCredentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $adminname, $TenantPass
$cred = [System.Net.CredentialCache]::DefaultCredentials
[System.Net.WebRequest]::DefaultWebProxy.Credentials = $TenantCredentials

Connect-SPOService -Url $adminurl -credential $TenantCredentials

#Build site list
$Sites = Get-SPOSite -Limit ALL

$emailbody = "<HTML><HEAD><META http-equiv=""Content-Type"" content=""text/html; charset=iso-8859-1"" /><TITLE></TITLE></HEAD>"
$emailbody = "<BODY bgcolor=""#FFFFFF"" style=""font-size: Small; font-family: Arial; color: #000000""><P>"
$emailbody += "<p>Please be aware that the following permissions have been added to sharepoint sites by $AdminName :</p>"
$emailbody += "<p>Tenancy: $AdminURL</p>"

Foreach ($admin in $adminnames){

    Foreach ($Site in $Sites){
        Set-SPOUser -site $Site.Url -LoginName $Admin -IsSiteCollectionAdmin $True
        $displayname = Get-SPOUser -site $Site.Url -LoginName $admin
        $displayname = $displayname.displayname | out-string
        $url = $site.url | Out-String
        $isadmin = get-spouser $site.url -loginname $Admin | select issiteadmin
        $emailbody += "$displayname confirmed as $isadmin for: $url</br>"
        write-host $emailbody
$emailbody += "<p>Regards,</p>"
$emailbody += "<p>Your friendly Office 365 team</p>"
$successMessageParameters = @{
Subject = "Site Collection Admin Added to SharePoint Sites - $((Get-Date).ToShortDateString())"
Body = $emailbody
From = ""
To = "",""
#To = ""
SmtpServer = "x.x.x.x"
BodyAsHTML = $true
Send-MailMessage @successMessageParameters

2 Replies to “Backup permissions for Sharepoint Online”

  1. Hi George,

    Does this script include sites where inheritance has been broken on a library and folders within the library have broken inheritance as well?

    I am looking for a good backup for SPO permissions.


    1. Hi Andee,
      Seeing as it iterates through all sites, it would also take care of inheritance too, so yes. The two lines of interest are the following:
      $Sites = Get-SPOSite -Limit ALL
      Set-SPOUser -site $Site.Url -LoginName $Admin -IsSiteCollectionAdmin
      Thanks, George

Leave a Reply

Your email address will not be published. Required fields are marked *