Modify access to site in SharePoint Online with PowerShell

Page content

Ever tried to modify permissions to a SharePoint site with a huge number of files in it?

You might experience something like this:

The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.

The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.

Managing permissions to a site in SharePoint Online is of course doable with PowerShell! I thought I’d quickly go through the basics.

Prereqs

First of all we need to download the SharePoint Online Management Shell. This can be done by following this link:

http://www.microsoft.com/en-us/download/details.aspx?id=35588

But what’s the fun in that when we can use PowerShell?

Disclaimer: This code uses a permanent link to the msi file, this might break in the future!

Invoke-WebRequest -Uri 'https://download.microsoft.com/download/0/2/E/02E7E5BA-2190-44A8-B407-BC73CA0D6B87/SharePointOnlineManagementShell_6802-1200_x64_en-us.msi' -OutFile .\SPOShell.msi
$MSI = Get-Item -Path .\SPOShell.msi
msiexec /i $MSI.FullName /qb
$env:PSModulePath = [System.Environment]::GetEnvironmentVariable("PSModulePath","Machine")
Import-Module -Name Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

Connecting to SharePoint Online

Once the module is installed and imported we need to connect to SharePoint Online. This requires us to supply an organization name and the name of our site. If uncertain, log in to office.com, click on SharePoint and navigate to your site. Now look at the URL, it should say something like https://simonw.sharepoint.com/sites/ProjectX. In this case, simonw is my organization name and ProjectX is the name of my site. Lets store these in two variables and combine them in to an admin-url that we can connect to.

$OrganisationName = 'simonw'
$SiteName = 'ProjectX'

$AdminUrl = "https://$OrganisationName-admin.sharepoint.com"
Connect-SPOService -Url $AdminSite

This should give you a log in prompt where you can log in even with multifactor authentication.

Now we can get a reference to our site and list the current groups:

$Site = Get-SPOSite -Identity "https://$OrganisationName.sharepoint.com/sites/$SiteName"
Get-SPOSiteGroup -Site $Site

Adding members to any of these groups is simply done with Add-SPOUser. Add-SPOUser will also allow you to add a security group. In my case I have a security group named ProjectX-Members that I want to give permission to edit my site. Note that LoginName takes the name of a user or group that will be added to the SiteGroup set by the parameter Group.

Add-SPOUser -Site $Site -LoginName 'ProjectX-Members' -Group 'ProjectX Members'

To verify membership we can use Get-SPOSiteGroup like this:

Get-SPOSiteGroup -Site $Site -Group 'ProjectX Members' | Select-Object -ExpandProperty Users