PowerShell for SharePoint User Administration

This guide provides a comprehensive overview of using PowerShell for SharePoint user administration. It covers various aspects, from basic commands to advanced scripts and best practices, enabling you to automate tasks and manage users efficiently.

Introduction to SharePoint PowerShell

PowerShell is a powerful command-line tool that allows administrators to automate tasks and manage SharePoint Online more efficiently than with the graphical user interface. According to Microsoft documentation, it offers a wide range of cmdlets specifically designed for SharePoint, enabling you to perform actions such as adding, modifying, and removing user accounts and permissions1. PowerShell also allows for the configuration of SharePoint site settings, including sharing and access, and the automation of repetitive tasks, saving time and effort.

For example, instead of manually adding users to SharePoint groups one by one through the user interface, you can use PowerShell to add multiple users to a group with a single command. This is particularly useful when dealing with large numbers of users or when onboarding new employees2.

Furthermore, PowerShell enables you to automate complex tasks, such as creating new site collections with specific configurations or applying custom permission levels to users and groups. These tasks can be time-consuming and prone to errors when performed manually through the GUI, but PowerShell streamlines the process and ensures consistency3.

Before you can start using PowerShell for SharePoint Online, you need to install the SharePoint Online Management Shell and connect to your SharePoint tenant2. You'll also need to get a list of your sites, groups, and users. You can use the following commands to retrieve this information:

• Get a list of the sites in your tenant: Get-SPOSite

• Get a list of the groups in your tenant: Get-SPOSite | ForEach {Get-SPOSiteGroup -Site $_.Url} | Format-Table

• Get a list of the users in your tenant: Get-SPOSite | ForEach {Get-SPOUser -Site $_.Url} 4

Installing the SharePoint Online Management Shell

Before you begin, check if the SharePoint Online Management Shell is already installed by running the following command in PowerShell as an administrator:

PowerShell

Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version

If it's not installed and your operating system uses PowerShell 5 or newer, you can install it by running this command as an administrator:

PowerShell

Install-Module -Name Microsoft.Online.SharePoint.PowerShell

For older PowerShell versions, you can download and install the SharePoint Online Management Shell installation package2.

Connecting to SharePoint Online

To connect to SharePoint Online, make sure you have an account with global administrator permissions and know the URL of your SharePoint Online Admin center. Open the SharePoint Online Management Shell and establish a connection to the administration site within your tenant using the following command:

PowerShell

Connect-SPOService -URL https://yourtenant-admin.sharepoint.com

Remember to replace yourtenant-admin.sharepoint.com with the actual URL of your SharePoint Online Admin center2.

If your account requires multifactor authentication (MFA), omit the -Credential parameter and its value from the Connect-SPOService cmdlet. This will prompt you to enter your credentials on a web login page for MFA verification2.

Common PowerShell Scripts for SharePoint User Administration

Here are some examples of common PowerShell scripts used for SharePoint user administration:

Reporting on Storage Usage for Each SharePoint Site

This script retrieves all SharePoint Online sites and displays their storage usage, quota, and the percentage of the quota used. It then sorts the sites by storage usage in descending order.

PowerShell

Get-SPOSite -Limit All | Select Url, StorageUsageCurrent, StorageQuota, @{ Name = '% Used'; Expression = {'{0:P2}' -f ($_.StorageUsageCurrent / $_.StorageQuota) }} | Sort-Object StorageUsageCurrent -Descending

5

Setting the Default Sharing Link Type to "Existing People"

This script sets the default sharing link type for all sites in your SharePoint Online tenant to "Existing People." This enhances security by restricting sharing to only users within your organization.

PowerShell

$sites = Get-SPOSite -Limit ALL | Where {$_.Template -ne "REDIRECTSITE#0" -and $_.Template -ne "SPSMSITEHOST#0" -and $_.Template -ne "POINTPUBLISHINGPERSONAL#0" -and $_.Template -ne "POINTPUBLISHINGHUB#0"}foreach ($site in $sites) {  Write-Host -NoNewline "Changing settings for " $site.url  Try {    Set-SPOSite -Identity $site.url -DefaultSharingLinkType "ExistingExternalUser"    Write-Host " - Done!"  }  Catch {    Write-Host " - Error!"    $_.Exception.Message  }}

5

Listing Sites About to Be Permanently Deleted

This script displays all the sites in the SharePoint Online recycle bin and the number of days they have left before being permanently deleted.

PowerShell

Get-SPODeletedSite | Select Url, DaysRemaining | Sort-Object DaysRemaining

5

Generating a Report of SharePoint Online External Users

This script retrieves all external users in your SharePoint Online tenant and displays their display name, login name, and the site where they were found.

PowerShell

$sites = Get-SPOSite -Limit ALL | Where {$_.Template -ne "REDIRECTSITE#0" -and $_.Template -ne "SPSMSITEHOST#0" -and $_.Template -ne "POINTPUBLISHINGPERSONAL#0" -and $_.Template -ne "POINTPUBLISHINGHUB#0"}foreach ($site in $sites) {  Try {    Write-Host -NoNewline "Checking for guests on " $site.url    $Guests = Get-SPOUser -Site $site.Url -Limit ALL | Where-Object {$_.LoginName -like "*#ext#*" -or $_.LoginName -like "urn:spo:guest:*"}    if ($Guests -ne $null) {      $Guests | ForEach-Object {        $ExtUser = @{          DisplayName = $_.DisplayName          LoginName   = $_.LoginName          Site        = $site.Url        }        $ExternalUsers += $ExtUser      }      Write-Host " - Done!"    } else {      Write-Host " - No external users found!"    }  }  Catch {    Write-Host " - Error!"    $_.Exception.Message  }}$ExternalUsers | ft

5

Identifying Redirect Sites in Your Tenant

This script retrieves all redirect sites in your SharePoint Online tenant. Redirect sites are used to redirect users from an old site URL to a new one.

PowerShell

Get-SPOSite -Template REDIRECTSITE#0 -Limit ALL -IncludePersonalSite $false

5

Automating Site Collection Administrator Assignment

You can automate the process of assigning site collection administrators in SharePoint Online using PowerShell. This script demonstrates how to add a user as a site collection administrator:

PowerShell

$AdminURL = "sharegate-admin.sharepoint.com/"$AdminName = "Jim@sharegate.onmicrosoft.com"$SiteCollectionURL = "https://ShareGate.sharepoint.com/sites/marketing/"$SiteCollectionAdmin = "Mark@sharegate.onmicrosoft.com"$SecurePWD = ConvertTo-SecureString "newpassword" -asplaintext -force$Credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName, $SecurePWDConnect-SPOService -url $AdminURL -credential $CredentialSet-SPOUser -site $SiteCollectionURL -LoginName $SiteCollectionAdmin -IsSiteCollectionAdmin $True

6

Creating New Site Collections Using PowerShell and a CSV File

You can create multiple SharePoint Online site collections using PowerShell and a CSV file. This allows for bulk site creation and simplifies the process of assigning properties to each site.

First, create a CSV file with the desired site properties, such as owner, storage quota, URL, template, and time zone ID. Then, use the following PowerShell command to create the sites:

PowerShell

Import-Csv C:\users\MyAlias\desktop\SiteCollections.csv | ForEach-Object {New-SPOSite -Owner $_.Owner -StorageQuota $_.StorageQuota -Url $_.Url -NoWait -ResourceQuota $_.ResourceQuota -Template $_.Template -TimeZoneID $_.TimeZoneID -Name $_.Name}

Replace C:\users\MyAlias\desktop\SiteCollections.csv with the actual path to your CSV file7.

Exporting User Information

PowerShell provides cmdlets for exporting SharePoint Online user details. This can be valuable for generating reports, analyzing user activity, and managing user information offline.

To export user details for all SharePoint sites to a TXT or CSV file, use the following cmdlet:

PowerShell

Get-SPOSite | ForEach {Get-SPOUser –Site $_.Url} | Out-File <FilePath> -Append

Replace <FilePath> with the desired file path and name8.

SharePoint Site Designs

SharePoint site designs allow administrators to define and apply customizations to new or existing sites, ensuring consistency and simplifying site creation. The Add-SPOSiteDesign cmdlet enables you to create new site designs using PowerShell9.

SharePoint User Roles and Permissions

SharePoint has various user roles and permissions that can be managed with PowerShell. Understanding these roles and permissions is crucial for effective user administration.

Default Permission Levels

SharePoint Online sites have default permission levels that can be assigned to users based on their roles10. These permission levels include:

| Permission Level | Common Use | Capabilities |

Works cited

1. Microsoft.Online.SharePoint.PowerShell Module, accessed on February 10, 2025, https://learn.microsoft.com/en-us/powershell/module/sharepoint-online/?view=sharepoint-ps

2. Managing SharePoint Online using PowerShell - Netwrix Blog, accessed on February 10, 2025, https://blog.netwrix.com/2020/05/06/powershell-for-sharepoint-online/

3. Automate a PowerShell script that updates information on all SharePoint sites., accessed on February 10, 2025, https://learn.microsoft.com/en-us/answers/questions/2143025/automate-a-powershell-script-that-updates-informat

4. Manage SharePoint users and groups with PowerShell - Microsoft 365 Enterprise, accessed on February 10, 2025, https://learn.microsoft.com/en-us/microsoft-365/enterprise/manage-sharepoint-users-and-groups-with-powershell?view=o365-worldwide

5. 5 Useful PowerShell Scripts Every SharePoint Admin Needs - Syskit Point, accessed on February 10, 2025, https://www.syskit.com/blog/5-useful-powershell-scripts/

6. Automate your Microsoft administration with these 5 PowerShell script examples, accessed on February 10, 2025, https://sharegate.com/blog/powershell-script-examples-automate-microsoft-administration-tasks

7. Create SharePoint sites and add users with PowerShell - Microsoft 365 Enterprise, accessed on February 10, 2025, https://learn.microsoft.com/en-us/microsoft-365/enterprise/create-sharepoint-sites-and-add-users-with-powershell?view=o365-worldwide

8. A Guide to Manage SharePoint Online Users and Groups with PowerShell, accessed on February 10, 2025, https://m365scripts.com/sharepoint-online/a-guide-to-manage-sharepoint-online-users-and-groups-with-powershell/

9. SharePoint site design - PowerShell cmdlets - Microsoft Learn, accessed on February 10, 2025, https://learn.microsoft.com/en-us/sharepoint/dev/declarative-customization/site-design-powershell

10. Manage Permission Levels in SharePoint Online Using PowerShell - Microsoft 365 Scripts, accessed on February 10, 2025, https://m365scripts.com/sharepoint-online/manage-permission-levels-in-sharepoint-online-using-powershell/