sajithgh avatar image
0 Votes"
sajithgh asked sajithgh edited

One Drive Full Control on all users using an office 365 Service Account

In Office 365, under User Profile - My Site Settings, enabled My Site Secondary Admin account and assigned a service account so that using that account, we can update one drive settings of other users in the company.

Using the service account, we can access the following url. However, not able to get the full control.

Also when we try to access the below URL, it says access denied.

The purpose is to customize one driver permission using the service account for all users in the company. How to achieve this ?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AllenXu-MSFT avatar image
0 Votes"
AllenXu-MSFT answered sajithgh edited

Hi @sajithgh ,

As per my research, the My Site Secondary Admin setting is applicable only for new My Sites. For existing My Sites, as there is no direct user interface to do add site collection administrator to OneDrive for Business sites, here is the PowerShell script you can utilize to add additional administrators in bulk.

 #Set Runtime Parameters
 #Get Credentials to connect to the SharePoint Admin Center
 $Cred = Get-Credential
 #Connect to SharePoint Online Admin Center
 Connect-SPOService -Url $AdminSiteURL –credential $Cred
 #Get all OneDrive for Business Site collections
 $OneDriveSites = Get-SPOSite -Template "SPSPERS" -Limit ALL -IncludePersonalSite $True
 Write-Host -f Yellow "Total Number of OneDrive Sites Found: "$OneDriveSites.count
 #Add Site Collection Admin to each OneDrive
 Foreach($Site in $OneDriveSites)
     Write-Host -f Yellow "Adding Site Collection Admin to: "$Site.URL
     Set-SPOUser -Site $Site.Url -LoginName $SiteCollAdmin -IsSiteCollectionAdmin $True
 Write-Host "Site Collection Admin Added to All OneDrive Sites Successfully!" -f Green    

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 11
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Is there any progress on this thread with my answer? I'm looking forward to your reply.

0 Votes 0 ·


Please feel free to let me know if you still need any help.

0 Votes 0 ·

I have not get the approval yet to run the command, because it will affect all existing users in the tenant. Once i get the approval, I will run the above command.

Also is there any way to hide Sync, Automate,Download buttons in the below One Drive for all users.

0 Votes 0 ·
Show more comments

For a test migration, I need to check for one user only. The above powershell work fine with all users. Please advise.

Also in the client environment, I am getting the below error. The admin account uses OTP for the authentication. if the user enabled Multi-Factor Authentication, use PNP GetWebLoginClientContext. What is the eqivalent in above power shell command ?

PS C:\Windows\system32> #Connect to SharePoint Online Admin Center
PS C:\Windows\system32> Connect-SPOService -Url $AdminSiteURL -credential $CredConnect-SPOService : The partner returned a bad sign-in name or password
error. For more information, see Federation Error-handling Scenarios.
At line:1 char:2
+ Connect-SPOService -Url $AdminSiteURL -credential $Cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], IdcrlExc
+ FullyQualifiedErrorId : Microsoft.SharePoint.Client.IdcrlException,Micro
soft.Online.SharePoint.PowerShell.ConnectSPOServicePS C:\Windows\system32>

0 Votes 0 ·