I am currently trying to disable a OneDrive for my organisation. It works pretty well for new users, but old ones got access. I worked out one solution - when I take away collection admin rights user cannot use OneDrive anymore.
But I have 1000 users, and I will die changing permissions by hand, therefore is there any script to set all site collection admins to one person?
I mean those settings:
https://i.stack.imgur.com/A63RZ.png
If you want to disable OneDrive and don't want anyone to access it, instead of changing permissions, you can lock all OneDrive sites via PowerShell code:
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
#Parameters
$AdminCenterURL = "https://xxx-admin.sharepoint.com"
Try {
#Connect to SharePoint Online Admin Center
Connect-SPOService -Url $AdminCenterURL -Credential (Get-Credential)
#Get All OneDrive for Business Sites in the Tenant
$OneDriveSites = Get-SPOSite -Limit ALL -includepersonalsite $True -Filter "Url -like '-my.sharepoint.com/personal/'"
#Loop through each OneDrive Site
Foreach($Site in $OneDriveSites)
{
Set-SPOSite -Identity $Site -LockState "NoAccess"
Write-host "Scanning site:"$Site.Url "is locked"-f Yellow
}
}
Catch {
write-host -f Red "Error locking Sites:" $_.Exception.Message
}
Result is:
After that, when users try to access OneDrive, a 403 error will be returned.
About Set-SPOSite
Related
I have created Dynamic Group for assigning License to All Azure AD user automatically using powershell in production Environment.
Here is my script:
`New-AzureADMSGroup -DisplayName "us_demo_group" -Description " your Descriptions-MailEnabled $False -MailNickName "group" -SecurityEnabled $True -GroupTypes "DynamicMembership" -membershipRule "(user.department -contains ""Marketing"")" -membershipRuleProcessingState "On"
Add-AADGroupLicenseAssignment -groupId "a5e95316-1c03-44d7-afac-efd0e788122c" -accountSkuId "your skuid:FLOW_FREE"
`
My script is working fine, but when I tried to create a bulk users using Excel File, Users are not getting License, always showing **No License assignment Found **.
Any help is appreciated.
I tried to reproduce the same in my environment to assign the license to Azure AD user dynamically using power shell
I have created Azure dynamic group using powerShell, name-TestGroup1 with condition.
#Install AzureADLicensing Module
Install-Module -Name AzureADLicensing
#Import AzureADPreview
Import-Module AzureADPreview
#Connect to Azure AD
Connect-AzureAD
New-AzureADMSGroup -DisplayName "TestGroup1" -Description "This group contains information of users from us domain" -MailEnabled $False -MailNickName "group" -SecurityEnabled $True -GroupTypes "DynamicMembership" -membershipRule "(user.department -contains ""Finance"")" -membershipRuleProcessingState "On"
TestGroup1 created once execute the above code.
Assign the license to group, like below
#Get All License with SKUID
Get-AADGroupLicenseAssignment -All
You can fetch the group ID, like below.
#Assign License to Group
Add-AADGroupLicenseAssignment -groupId "GroupIDObject ID" -accountSkuId "Your SKUID"
Create bulk user in Azure Active Directory, like below.
Azure Portal > Default Directory > Users > Bulk Operations > Bulk Create
Make sure mention the department value for moving the users to dynamic group automatically.
Download the excel file and add the value in excel and save, like below.
Once add the value in excel and Upload the excel to Azure, like below.
Successfully created bulk- users with license in Azure AD.
You can view the users in assigned group.
License assigned to group users automatically.
Successfully assigned Azure license to created users.
The call to CSOM RemoveSite throws an exception when trying to remove sitecollections created with modern Team Sites:
"This site belongs to a office365 group. To remove the site you've to remove the group."
SpoOperation removeSiteOperation = tenant.RemoveSite(siteCollectionUrl);
context.Load(tenant);
Is there any way to force the deletion, find the group to delete or use a new api?
We can delete the site collections created with modern team sites, we can use PnP PowerShell below to achieve it.
$credential = Get-Credential
Connect-PnPOnline https://[tenant].sharepoint.com -credential $credential
Remove-PnPTenantSite https://[tenant].sharepoint.com/sites/ModernTeamSite
And deleting the group using the PowerShell below.
$credential = Get-Credential
Connect-PnPOnline https://[tenant].sharepoint.com -credential $credential
Remove-PnPUnifiedGroup -Identity groupID // you can get group Ids from Get-PnPUnifiedGroup
Reference: Completely delete an Office365 site collection classic or modern from recycle bin
And also check the similar thread below.
Unable to remove Office 365 Group Site Collection
I'm trying to link a classic site to a office 365 group in a Azure function. But I'm having problem to connect to Connect-SPOService. Do I use this correct?
$adminUrl = "https://" +$keyResponseAppTenant +"-admin.sharepoint.com"
Connect-SPOService -Url $adminUrl -Credential $cred
Set-SPOSiteOffice365Group -Site $url -DisplayName $title -Alias $title -IsPublic:$false
Error in function:
Then I probably have to add the "module"? Do I take the whole folder from "C:\Program Files\SharePoint Online Management Shell" ?
The answer is to upload "sharepoint online management shell"-files from that folder :D
I had a subsite in a site collection I wanted to transfer to another site collection (both in Sharepoint 2013). I made a site template with content out of it so I can transfer it to another site collection. I uploaded the solution and activated it. I made sure the activated features were completely identical. However, when I create a new subsite and choose to use the uploaded solution, I continue to receive a error message saying it is missing a feature called "MobileExcelWebAccess."
I have no clue where to find that feature. I literally enabled every site feature and site collection feature but I still end up with that error. I've read on other resources that it could be found on Central Admin but I don't have access there.
If I can't enable it in the new site, is there a way to disable it in my old site?
Try running this from a SharePoint 2013 Management Shell: Enable-SPFeature MobileExcelWebAccess -Url http://[replace with your url]
The simple line script from Ola Ekdahl did not work for me, but this did:
Replace the $url with your site collection url
save the script in .ps1 file
Open SharePoint Online Management Shell in Administrator mode and execute the script like .\
A prompt will be poped-up that asks your credential (Administrator) for the site collection
$url = "https://<your site collection url>"
$clientDll = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
$runtimeDll = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
$cred = get-credential
$clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($url)
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($cred.username, $cred.password)
$clientContext.Credentials = $credentials
if (!$clientContext.ServerObjectIsNull.Value)
{
Write-Host "Connected to SharePoint site: '$Url'" -ForegroundColor Green
}
$clientContext.Site.Features.Add('e995e28b-9ba8-4668-9933-cf5c146d7a9f',$true,[Microsoft.SharePoint.Client.FeatureDefinitionScope]::None)
$clientContext.ExecuteQuery()
source: http://mahedevelopment.blogspot.gr/2016/07/sharepoint-online-mobileexcelwebaccess.html
I have a script to list all the users that have accounts on sharepoint. However, not all them are being listed. There are only 5/8 Marks that are listed for example.
I'm using powershell and a query:
"<Query><OrderBy><FieldRef Name='ID' /></OrderBy></Query>"
I don't know why there are not all showing. I can find them under the portal and admin center.
Users are added to the User Information List when they login to the site or granted specific permissions (not through an AD Group).
You can read more on SharePoint.StackExchange.com at How is the user information list populated?
You can write a PowerShell script(named ListWebUserInformationListItems.ps1) as following:
# Run with SharePoint 2010 Management Shell
$webUrl = Read-Host "Enter the web url"
$web = Get-SPWeb $webUrl
$list = $web.Lists["User Information List"]
$query = New-Object Microsoft.SharePoint.SPQuery
$queryCamlString = '<Query><OrderBy><FieldRef Name="Title" Ascending="True" /></OrderBy></Query>'
$query.Query = $queryCamlString
$userInformationListItems = $list.GetItems($query)
foreach($userInformationListItem in $userInformationListItems)
{
echo $userInformationListItem.Title
}
Then execute the script and input the web url when console window display the "Enter the web url" message.
Note: You can use SPQuery the get the User Information List items which are the users in this web application. The users are not all the users in the farm. And if you add a ADGroup to the SharePoint, you will add the only one SharePoint user to user information list(The SharePoint User stand for the ADGroup, the ADUser in the ADGroup will not present to the user information list).
The User Information List item title will display in the console window.
More over:
You can visit the "http://[your web application url]/_catalogs/users/detail.aspx" to view the users who are in the web application.
Hope the answer will help you
I think you might get better of by listing all User Profiles instead. By doing this, you will at least get a list of all users that have been synchronized into SharePoint. Something like:
$site = Get-SPSite "your URL"
$context = Get-SPServiceContext $site
$profileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($context)
$profiles = $profileManager.GetEnumerator()
foreach($profile in $profiles)
{
$displayName = $profile.DisplayName
}