So since I just wasted more time than I want to admit getting this figured out, I’ going to share here how to add  Group permissions. Googeling, there is not a whole lot of info about it out there and most sites even say it is not supported. There is unfortunately no ‘Get-SPOGroup’ cmdlet, so PowerShell does not help in this case. Ugg, Microsoft, I thought that was the whole point of PowerShell!? Well, you can get the needed info via GUI.

The problem:

We need to be able to access and manage the SharePoint and mainly the OneDrive for Business content for users. We can do that easily via GUI, but going to the
Sharepoint Admincenter -> User Profiles -> Type in a name -> Right-click on ‘Manage Site Collection Owners’ -> Add the ‘AD Admin Group’ 


Now, that is all fine and dandy, but we have thousands of users, so if doing the above thousands of times, does not sound too fun. We also don’t have an intern handy to do this…

Now, the really frustrating part is, that you can not do that easily via PowerShell either!?!

Now the good news is, yes you can do it via PowerShell, the bad news is, to get the needed info, you can not use PowerShell, you have to do some diggin’ to get the SID form the Sharepoint Online GUI:

  1. Navigate to the root of the sharepoint site:
  2. Click on the gear/cog on the top right and click on  ‘Site settings
  3. Under ‘Users and Permissions, click on ‘Site permissions’
  4. In the top ribbon, click on ‘Check Permissions’
  5. Type in the ‘AD ADMIN GROUP’ name and click on ‘Check Now’

On the bottom you’ll see a tiny line coming up, giving you the SID of the group


The final PowerShell command to set the group permission for a single user is like so:

And the following script will iterate through all SPO users and assign the rights

Credit mainly goes to for the iteration part.

I hope for you avid Googler who has to do the same, this will save you some time.



Post Navigation