Ever tried to modify permissions to a SharePoint site with a huge number of files in it?
You might experience something like this:
Managing permissions to a site in SharePoint Online is of course doable with PowerShell! I thought I’d quickly go through the basics.
First of all we need to download the SharePoint Online Management Shell. This can be done by following this link:
But what’s the fun in that when we can use PowerShell?
Disclaimer: This code uses a permanent link to the msi file, this might break in the future!
Invoke-WebRequest -Uri 'https://download.microsoft.com/download/0/2/E/02E7E5BA-2190-44A8-B407-BC73CA0D6B87/SharePointOnlineManagementShell_6802-1200_x64_en-us.msi' -OutFile .\SPOShell.msi
$MSI = Get-Item -Path .\SPOShell.msi
msiexec /i $MSI.FullName /qb
$env:PSModulePath = [System.Environment]::GetEnvironmentVariable("PSModulePath","Machine")
Import-Module -Name Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
Connecting to SharePoint Online
Once the module is installed and imported we need to connect to SharePoint Online. This requires us to supply an organization name and the name of our site. If uncertain, log in to office.com, click on SharePoint and navigate to your site. Now look at the URL, it should say something like https://simonw.sharepoint.com/sites/ProjectX. In this case, simonw is my organization name and ProjectX is the name of my site. Lets store these in two variables and combine them in to an admin-url that we can connect to.
$OrganisationName = 'simonw'
$SiteName = 'ProjectX'
$AdminUrl = "https://$OrganisationName-admin.sharepoint.com"
Connect-SPOService -Url $AdminSite
This should give you a log in prompt where you can log in even with multifactor authentication.
Now we can get a reference to our site and list the current groups:
$Site = Get-SPOSite -Identity "https://$OrganisationName.sharepoint.com/sites/$SiteName"
Get-SPOSiteGroup -Site $Site
Adding members to any of these groups is simply done with Add-SPOUser. Add-SPOUser will also allow you to add a security group. In my case I have a security group named ProjectX-Members that I want to give permission to edit my site. Note that LoginName takes the name of a user or group that will be added to the SiteGroup set by the parameter Group.
Add-SPOUser -Site $Site -LoginName 'ProjectX-Members' -Group 'ProjectX Members'
To verify membership we can use Get-SPOSiteGroup like this:
Get-SPOSiteGroup -Site $Site -Group 'ProjectX Members' | Select-Object -ExpandProperty Users