Managing Site Collection Administrators in SharePoint Online is crucial for ensuring proper access control, delegation, and security. SharePoint administrators can add, remove, or list site collection administrators using PnP PowerShell.
This guide covers the step-by-step process for:
Adding a Site Collection Administrator
Removing a Site Collection Administrator
Listing Site Collection Administrators
Prerequisites
Before running any commands, ensure you have:
SharePoint Admin or Global Admin privileges
PnP PowerShell installed
Connected to SharePoint Online Admin Center
Step 1: Install and Import PnP PowerShell Module
If you havenโt installed PnP PowerShell, install it using:
Install-Module -Name PnP.PowerShell -Scope CurrentUser -AllowClobber -Force
Then, import the module:
Import-Module PnP.PowerShell
Step 2: Connect to SharePoint Online
To manage administrators, connect to SharePoint Online using:
Connect-PnPOnline -Url "https://yourtenant-admin.sharepoint.com" -Interactive
๐น Replace yourtenant with your actual SharePoint tenant name.
๐น The -Interactive flag prompts for authentication.
For App-based authentication, use:
Connect-PnPOnline -Url "https://yourtenant-admin.sharepoint.com" -ClientId "Your-App-Client-ID" -Tenant "yourtenant.onmicrosoft.com" -CertificatePath "Path\To\Certificate.pfx"
Step 3: List Site Collection Administrators
To view all site collection administrators of a specific site:
Get-PnPSiteCollectionAdmin -Url "https://yourtenant.sharepoint.com/sites/YourSite"
๐น Replace "YourSite" with your actual site name.
๐น This command retrieves a list of all site collection administrators.
Step 4: Add a Site Collection Administrator
To add a new administrator to a site collection:
Set-PnPSiteCollectionAdmin -Url "https://yourtenant.sharepoint.com/sites/YourSite" -Owners "user@yourtenant.com"
๐น Replace "user@yourtenant.com" with the email of the new administrator.
๐น You can add multiple administrators by separating emails with commas:
Set-PnPSiteCollectionAdmin -Url "https://yourtenant.sharepoint.com/sites/YourSite" -Owners "user1@yourtenant.com","user2@yourtenant.com"
The specified user(s) will now have Site Collection Admin rights.
Step 5: Remove a Site Collection Administrator
To remove a user from the Site Collection Administrators group:
Remove-PnPSiteCollectionAdmin -Url "https://yourtenant.sharepoint.com/sites/YourSite" -Owners "user@yourtenant.com"
๐น Replace "user@yourtenant.com" with the email of the administrator to be removed.
๐น You can remove multiple admins by adding more emails:
Remove-PnPSiteCollectionAdmin -Url "https://yourtenant.sharepoint.com/sites/YourSite" -Owners "user1@yourtenant.com","user2@yourtenant.com"
Note: Ensure that at least one valid Global Admin or Site Admin remains before removing all administrators.
Step 6: Verify Changes
To verify that the user has been added or removed, run:
Get-PnPSiteCollectionAdmin -Url "https://yourtenant.sharepoint.com/sites/YourSite"
This will display the updated list of Site Collection Administrators.
Step 7: Disconnect PowerShell Session
After completing the tasks, disconnect the session:
Disconnect-PnPOnline
This prevents unauthorized access and ensures security.
Common Errors & Troubleshooting
| Error | Possible Cause | Solution |
|---|---|---|
Access Denied | Insufficient permissions | Ensure you are a SharePoint Admin or Global Admin |
Cannot connect to SharePoint Online | Authentication issues | Use -Interactive login mode |
User not found | Email format incorrect | Verify the email address is correct and exists in Microsoft 365 |
Command not recognized | PnP PowerShell module missing | Run Install-Module -Name PnP.PowerShell |