Share via

Is there any PowerShell script to list all OneDrive and SharePoint Online locations where a specific AD Group has permissions?

frob 4,261 Reputation points
2022-04-13T00:12:25.393+00:00

Hi there

Is there any PowerShell script to list all OneDrive and SharePoint Online locations where a specific AD Group has permissions?
I am a tenant admin.

Thank you.

Microsoft 365 and Office SharePoint For business Windows
Microsoft 365 and Office OneDrive For business Windows
Windows for business Windows Server User experience PowerShell
0 comments
Accepted answer
  1. Echo Du_MSFT 17,316 Reputation points
    2022-04-13T07:10:23.01+00:00

    Hi @frob ,

    It is important to note that user’s OneDrive account is private by default. Even Global Office 365 administrators do not have access to other users’ OneDrive. Files and folders can only be seen by other employees if they have been shared by the OneDrive owners themselves.

    Please follow the steps:

    1.Grant Admin Access to All OneDrive for Business Site Collections

    #Set Runtime Parameters  
$AdminSiteURL="https://tenant-admin.sharepoint.com"  
#Global Admin  
$SiteCollAdmin="******@tenant.onmicrosoft.com"  
#Connect to SharePoint Online Admin Center  
Connect-SPOService -Url $AdminSiteURL -credential (Get-Credential)  
 #Get all OneDrive for Business Site collections  
$OneDriveSites = Get-SPOSite -Template "SPSPERS" -Limit ALL -IncludePersonalSite $True  
Write-Host -f Yellow "Total Number of OneDrive Sites Found: "$OneDriveSites.count  
#Add Site Collection Admin to each OneDrive  
Foreach($Site in $OneDriveSites)  
{  
    Write-Host -f Yellow "Adding Site Collection Admin to: "$Site.URL  
    Set-SPOUser -Site $Site.Url -LoginName $SiteCollAdmin -IsSiteCollectionAdmin $True  
}  
Write-Host "Site Collection Admin Added to All OneDrive Sites Successfully!" -f Green

    192611-a.jpg

    2.Then, please run the below PowerShell script to get all OneDrive and SharePoint Online sites with a specific AD Group as an admin

    $AdminSiteURL="https://tenant-admin.sharepoint.com"  
#Connect to SharePoint Online Admin Center  
Connect-SPOService -Url $AdminSiteURL -credential (Get-Credential)  
#Get all SharePoint sites and OneDrive sites  
$AllSites = Get-SPOSite -IncludePersonalSite $true -Limit all  
Foreach($Site in $AllSites){  
    #Get All AD Security Groups from the site collection  
    $ADGroups = Get-SPOUser -Site $Site -Limit All | Where { $_.IsGroup -and $_.DisplayName -ne "Everyone" -and $_.DisplayName -ne "Everyone except external users" }     
    Foreach($Group in $ADGroups){  
        #Check if "GroupA" exist  
        if($Group.DisplayName -eq 'GroupA'){  
            Write-Host ""  
            Write-Host "Site Name:" $Site.Title  
            Write-Host "Site URL:" $Site.URL  
            Write-Host -f Yellow " ---------------------------------------------- "  
        }  
    }  
}

    192621-b.jpg

    192631-c.jpg

    Thanks,
    Echo Du

    =========================================

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.