Powershell script to add a list of users to the site collection administrators group of every site on your SharePoint 2010 farm.

I wanted a way to inject myself as a site collection admin into every site in sharepoint, Note, I’m not talking about the primary/secondary that you can set in Central admin.
I’m talking about that group you can only get to from within each site itself. Or in this case, with the powershell script below…
Note that it takes an array of names – if you have a team of admins or developers that all need access, you can put all their names in the list.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# set site collection owner for all sites...
# 1-2012
Add-PSSnapin Microsoft.SharePoint.PowerShell
 
# $AccountList is an array of Windows Identities in the format of $AccountList = @("DOMAIN\USERID" , "DOMAIN\USERID2")
$AccountList = @("LAB\Jack", "Lab\tom", "Lab\dick", "lab\harry")
 
#this gets an array of objects representing the sites at the IIS level:
$IISSites = Get-SPWebApplication
Foreach($oneIISSite in $IISSites)
{
   #using .Sites, we can get a list of the site collections
   foreach ($SharepointSiteCollection in $oneIISSite.Sites)
   {
      write-host $SharepointSiteCollection.url -ForegroundColor Cyan
      $spweb = Get-SPWeb $SharepointSiteCollection.url
 
      #now we have the website, so lets look at each account in our array
      foreach ($Account in $AccountList)
      {
         #lets see if the user already exists
         Write-host "Looking to see if User " $account " is a member on " $SharepointSiteCollection.url -foregroundcolor Blue
         $user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url -ErrorAction SilentlyContinue #This will throw an error if the user does not exist
         if ($user -eq $null)
         {
            #if the user did NOT exist, then we will add them here.
            $SPWeb.ALLUsers.ADD($Account, "", "", "Added by AdminScript")
            $user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url
            Write-host "Added user $Account to URL $SPWeb.URL" -Foregroundcolor Magenta
         }
         else
         {
            Write-host "user $Account was already in URL " $SPWeb.URL -Foregroundcolor DarkGreen
         }
         if ($user.IsSiteAdmin -ne $true)
         {
            $user.IsSiteAdmin = $true
            $user.Update()
            Write-host "$account has been made an admin on $SPWeb.URL" -Foregroundcolor Magenta
         }
         else
         { 
         Write-host "$account was already an admin on $SPWeb.URL" -Foregroundcolor DarkGreen
         }
     }
     $SharePointSiteCollection.Dispose()
}
}

 

Here’s another version of the script, this one also takes an array of top level URL’s

It’s handy if you have lots of url’s on your site and only want to work with a few of them.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# set site collection owner for all sites...
# 2-2013 Jack
 
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
$logfile = "Powershelloutput.log"
 
# $AccountList is an array of Windows Identities in the format of $AccountList = @("DOMAIN\USERID" , "DOMAIN\USERID2")
$AccountList = @("domain\tom", "domain\dick", "domain\harry")
 
# $iisSiteList is an array of top level IIS site URLs
$iisSiteList = @("http://site1.yoururl.com", "http://anothersite.yoururl.com")
 
# this is from an earlier version of the script
# That scrip looks at all SP sites on the farm, I've left the old code here for reference
# this gets an array of objects representing the sites at the IIS level:
##  $IISSites = Get-SPWebApplication
 
Foreach($oneIISSite in $IISSiteList)
{
  #using .Sites, we can get a list of the site collections
  #so really what were saying is for each SharepointSiteCollection
 
  #this code is altered a bit, since we're using an array of top level site names.
  # we need to use (Get-SPWebApplication $oneIISSite).Sites
  # which is the same as $sitelist = Get-SPWebApplication $oneIISSite
  #                      $sitelist.sites
  foreach ($SharepointSiteCollection in (Get-SPWebApplication $oneIISSite).Sites)
  {
       $msg = $SharepointSiteCollection.url
       write-host  -ForegroundColor Cyan $msg
       Add-Content $logfile $msg
 
       $spweb = Get-SPWeb $SharepointSiteCollection.url
 
       #now we have the website, so lets look at each account in our array
       foreach ($Account in $AccountList)
       {
           #lets see if the user already exists  
           $msg = "Looking to see if User " + $account + " is a member on " + $SharepointSiteCollection.url
           Write-host -foregroundColor Blue $msg
           Add-Content $logfile $msg
 
           $user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url -ErrorAction SilentlyContinue #This will throw an error if the user does not exist
           if ($user -eq $null)
           { #if the user did NOT exist, then we will add them here.
               $SPWeb.ALLUsers.ADD($Account, "", "", "Added by AdminScript")
               $user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url        
               $msg = "Added user $Account to URL $SPWeb.URL"
               Write-host -Foregroundcolor Magenta $msg
               Add-Content $logfile $msg
           }
            else
           {
                $msg = "user $Account was already in URL " + $SPWeb.URL 
                Write-host -ForegroundColor DarkGreen $msg
                Add-Content $logfile $msg
           }
 
           if ($user.IsSiteAdmin -ne $true)
           {
             $user.IsSiteAdmin = $true
             $user.Update()
             $msg = "$account has been made an admin on $SPWeb.URL"
             Write-host  -Foregroundcolor Magenta $msg
             Add-Content $logfile $msg
           }
           else
           {
             $msg = "$account was already an admin on $SPWeb.URL" 
             Write-host -ForegroundColor DarkGreen $msg
             Add-Content $logfile $msg
 
           }
       }      
 
     $SharepointSiteCollection.Dispose()
  }
 } 
$msg = "=============== ALL DONE ================"
Write-host -ForegroundColor DarkGreen $msg
Add-Content $logfile $msg

 

9 thoughts on “Powershell script to add a list of users to the site collection administrators group of every site on your SharePoint 2010 farm.”

  1. This script worked great and was exactly what I was looking for. Thanks so much!
    Thanks again for the great post!

  2. Jack this post is the closest i have come to a script i need to write, and i am having trouble getting the if statement right. Maybe you can help?

    Problem: i need a script to go thru all site collections in a farm and do the folllowing:
    1. Set Primary Owner for site collection administrator
    2. Set Secondary Owner for site collection administrator
    3. Remove all other users from site collection admin group for all site collections.

    My current thought is to do something like this:
    $SC1 = “apsc\sp10admin-d1”
    $SC2 = “apsc\sp10scadmin-d1”
    $Sites = get-spsite -limit all
    foreach ($site in $Sites)
    {
    Set-SPSite -Identity $site -owneralias $SC1 -SecondaryOwnerAlias $sc2
    { $user = get-spuser -limit all
    if (($user.issiteadmin = true) -and ((-ne $SC1) -or (-ne $SC2)))

    {
    $user.IsSiteAdmin = false;
    $user.Update();
    }

    else
    {
    write host “No Users to remove from this site”
    }
    }
    }

    Any help you could provide on what i am doing wrong would be grateful!

  3. That is fantastic! Thanks for this script! Would you know anyway to use this script to go through a farm and check any site collection and where ever a user exists add the same user with the same permissions with a new domain?

    We are migrating domains and I am looking for the best way to do this on probably 1000 Site Collections.

  4. Impressive script. I am trying to modify it where it checks to see if a users exists in a sharepoint group and if it does exist, then skip to the next step which is to continue going through users until it finds one that does not exist. At that point it will add the user.

  5. I ran this script on a new 2013 farm, I can see that the script added the users in the site administrators lists for the sites, but the I get ‘This site has not been shared with you’ If I delete the user and add back via the Web Admin it works, any idea why?

Comments are closed.