Working with SharePoint Online Users


Topic Last Modified: 2014-06-09

Summary: Use Windows PowerShell to Manage Office 365 using Windows PowerShell cmdlets, scripts, and batch processes.

Windows PowerShell is an extremely useful tool for working with SharePoint Online site users. For one thing, you can use Windows PowerShell and the Get-SPOUser cmdlet to return a list of all the users who have been granted access to a site. That’s easy:

Get-SPOUser -Site ""

All you have to do is call Get-SPOUser followed by the URL of the site you’re interested in.

Or, if you want only the users (and not the groups) that have access to a site you can use this command:

Get-SPOUser -Site "" | Where-Object {$_.IsGroup -eq $False}

That’s also easy: we just ask for the site users where the IsGroup property is set to False. (In Windows PowerShell, you use $True and $False when writing commands rather than plain old True and False.)

It’s just as easy to return only the users who are site administrators; that is, users where the IsSiteAdmin property is True:

Get-SPOUser -Site "" | Where-Object {$_.IsSiteAdmin -eq $True}

But that’s for one site only. The power in Windows PowerShell (so to speak) often comes when you need to work with multiple objects; you know, like multiple sites. For example, it’s nice to have a list of all the users that have access to a given site. But what about the converse: what about a list of all the sites that a single user has access to? Can you do that using Windows PowerShell? Of course you can. Here’s a simple little script (admittedly, simple for those who have some Windows PowerShell experience) that returns the names of all the sites that a particular user (in this example, Ken Myer) has access to:

$x = (Get-SPOSite).Url

foreach ($y in $x)
        $z = $Null
        $z = Get-SpoUser -Site $y | Where-Object {$_.DisplayName -eq "Ken Myer"}
        if ($z -ne $Null) {$y}
How do you use a script in Windows PowerShell? Like this: copy the preceding code, paste it into Notepad (or another text editor), and then save the file using a .ps1 file extension (for example, C:\Scripts\SitesAUserCanAccess.ps1). To run the script, use Windows PowerShell to connect to SharePoint Online, then, at the Windows PowerShell command prompt, simply type the path to the .ps1 file and press ENTER:

Or what about a list of all your sites and the administrators for each of those sites? That information can be returned using a single command:

Get-SPOSite | ForEach-Object {Write-Host $_.Url; Get-SPOUser -Site $_.Url | Where-Object {$_.IsSiteAdmin -eq $True}}

You should get back something similar to this:
MOD Administrator {Communities Members, Comm...}
Sara Davis {Communities Members, Communities...}
MOD Administrator {Excel Services Viewers, Hi...}
MOD Administrator   {Contoso Beta Members, C...}

Granted that’s not the prettiest output in the world, but, needless to say, looks aren’t everything. And, as you gain more experience and get a little more adept with Windows PowerShell, you’ll learn how to customize that output in all sorts of cool ways.

Best of all, Windows PowerShell isn’t just a way to retrieve things: it’s also a way to configure things. You say you have several hundred sites and you need to make Ken Myer an administrator on each one? All you had to do was ask:

Get-SPOSite | ForEach-Object {Set-SPOUser -Site $_.Url -LoginName "" -IsSiteCollectionAdmin $True}

Nice, huh?

Next: Working with SharePoint Online Site Groups