question

Maarten6813 avatar image
0 Votes"
Maarten6813 asked EmilyDu-MSFT commented

[SOLVED] [SPO] remove site admin. if user already been removed

A customer has the follow problem. A employee has left the company and the account is removed. That`s fine no problem. the only problem is the user was a site admin. Now the user is removed and we found out that we cannot remove the user with powershell only by hand and the user was also owner of all Onedrive sites :-( (not good I know, I just fined this out myself)

How can we remove this "unknow" user from existing sites?
$OneDriveSiteURL = "https://SITE-my.sharepoint.com/personal/user_com"
$UserAccount = "unknowuser@domain.com"
$Site = Get-SPOSite $OneDriveSiteURL
Set-SPOUser -Site $Site -LoginName $UserAccount -IsSiteCollectionAdmin $False

error message
Set-SPOUser : The user does not exist or is not unique.
126019-2021-08-24-16-01-37-window.png


office-sharepoint-online
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Maarten6813 avatar image
0 Votes"
Maarten6813 answered EmilyDu-MSFT commented

Hi Emily,

I found the reason why this user had all these permissions. The customer was using the tool ShareGate. There is an rather scary option in ShareGate (IMO) to gain automatically Site Collection admin permissions.
The user did not removed his permission.

I was able to get an license and reproduce this. I removed the user with the same tool. So I would thank you for your help. I will certainly use you part of the PS script if needed.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Maarten6813

Congratulations on solving this issue and thanks for sharing your solution.

Please remember to accept your solution as answer.

It will do great help to those who meet the similar question in this forum.

Thanks again for your contribution.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




0 Votes 0 ·
EmilyDu-MSFT avatar image
0 Votes"
EmilyDu-MSFT answered maarten-6164 commented

@Maarten6813

You could run following PowerShell to remove orphaned OneDrive secondary site collection administrator.

 $SiteURL = "https://SITE-my.sharepoint.com/personal/user_com"    
 $UserID="i:0#.f|membership|unknowuser@domain.com"    
 Connect-PnPOnline -Url $SiteURL -credential (Get-Credential)
 Remove-PnPUser -Identity $UserID -Force 

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your response

This imposes another problem? witch user can do this with enough permissions in Onedrive? Other then the user itself? That's not an option.

The powershell option you provided works. I tested this with one Onedrive (test) user?

0 Votes 0 ·

@Maarten6813

Per my test, the user who is the administrator of OneDrive site collection can run the PowerShell successfully.

As a workaround, you could add a specific user as site collection administrator to all OneDrive site collections through following PowerShell. Then use the specific user to run the PowerShell provided by first answer.

 $AdminSiteURL="https://tenant-admin.sharepoint.com"
 $SiteCollAdmin="user@domain.com"  
 $Cred = Get-Credential   
 Connect-SPOService -Url $AdminSiteURL –credential $Cred 
 $OneDriveSites = Get-SPOSite -Template "SPSPERS" -Limit ALL -IncludePersonalSite $True
 Write-Host -f Yellow "Total Number of OneDrive Sites Found: "$OneDriveSites.count
 Foreach($Site in $OneDriveSites)
 {
     Write-Host -f Yellow "Adding Site Collection Admin to: "$Site.URL
     Set-SPOUser -Site $Site.Url -LoginName $SiteCollAdmin -IsSiteCollectionAdmin $True
 }
 Write-Host "Site Collection Admin Added to All OneDrive Sites Successfully!" -f Green
0 Votes 0 ·

Hi,

Ill going to test this. Ill will get back in a few days. Hopefully this works.


0 Votes 0 ·

@Maarten6813

I’m checking how the things are going on about this issue. Whether the answer helps you?

If there is any problem with this issue, feel free to let me know.

0 Votes 0 ·