The question recently popped up on the Association of Network Managers in Education forum on how to give Teachers access to certain students Onedrive for business folders, i’ve been meaning to look into this for a while as i have the same requirements.
Update: I have since created a new script which will probe a Microsoft 365 Group, export its members and give a user of your choice admin permissions on their personal Onedrive Sites – Click Here
To begin we first need to export the list of sharepoint URLS (onedrive folders) the following will export the entire tenant.
Run the script in PowerShell with elevated permissions, changing the Output Location to one that suits you, and the Tenant URL to match your tenant. You will be prompted to log in to your Tenant.
Install-Module -Name Microsoft.Online.SharePoint.PowerShell
$Output = "C:\Users\User\Desktop\OneDriveURLS.csv"
Connect-SPOService -Url https://YOUR-TENANT.sharepoint.com
Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like '-my.sharepoint.com/personal/'" | Select -ExpandProperty Url | Out-File $Output -Force
exitNow that you have your list of Onedrive For Business URLS, filter the CSV file to your liking, leaving only the URLS you wish to give access to, you should also add ‘URL’ as the column header. Save your CSV.
The next step is to give the teacher permission on the URLS, to do this you can use the following script
### Copyright Liam Robinson ###
### https://liam-robinson.co.uk ###
Connect-SPOService -Url https://YourTenant-admin.sharepoint.com
Import-Csv C:\Users\user\Desktop\OneDriveURLS.csv |
ForEach-Object {
$URL = $_.url
Set-SPOUser -Site $URL -LoginName Teacher@yourtenant.co.uk -IsSiteCollectionAdmin $true
Write-Host "Applying Permission on: " $URL
}Ensure you change the SPOservice URL to your tenant url, point to your filtered, exported CSV file and the ‘login name’ is the UPN of the teacher you wish to have access to the sharepoint URL’s.
Assign permissions to full groups
The question then came up about wanting to assign teachers access to the personal Onedrive files of each students in their class. I’ve put together a little script that will connect to Exchange Online, export the members of the Group, and give admin rights to the user you specify to everyone in that groups personal Onedrive for business site.
My Powershell knowledge is still very basic and this code can probably be neatened up a little, however its tested and working in Powershell 5.1. Currently you can only specify one group at a time but with a few little tweak you could probably use the ‘ForEach’ loop to repeat for a number of M365 Groups at once.
To run the script simply copy the code below and change the following values to suit your organisation
$Group = The O365 group you wish to export, eg 10m2-Sc or Y10 Maths (depends on how your groups are named)
$Owner = This is the UPN of the account you wish to give admin rights to e.g Teacher@yourschool.co.uk
$SiteUrl = This is the sharepoint admin URL you can get this by going to the M365 Admin Centre and clicking sharepoint admin
You can also pass these values as parameters using the following code
./scriptname.ps1 -Group 10M1-SC -Owner liam@myschool.co.uk -SiteUrl https://myschooladmin-admin.sharepoint.com######################################
##### Copyright Liam Robinson ########
##### https://Liam-Robinson.co.uk ####
######################################
param (
[string]$Group = "10-M-Rg",
[string]$Owner = "teacher@yourschool.co.uk",
[string]$SiteUrl = "https://yourtenant-admin.sharepoint.com"
)
Install-Module ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Write-output "Connecting to Exchange Online, you may need to sign in"
Connect-ExchangeOnline -credential $creds -ShowBanner:$false
## Gets the group specified and exports its members to CSV file ##
Write-output "Getting members of $Group"
Start-Sleep -Seconds 5
Get-UnifiedGroupLinks -Identity $Group -LinkType Members -ResultSize Unlimited | ForEach-Object {
New-Object -TypeName PSObject -Property @{
Member = $_.Alias
}} | Export-CSV ".\GroupMembers.csv" -NoTypeInformation -Encoding UTF8
Write-output "Done.."
Write-output "Connecting to Sharepoint Online, you'll need to sign in again."
Start-Sleep -Seconds 4
## Connects to Sharepoint Online (Will ask for credentials again) ##
Import-Module -Name Microsoft.Online.SharePoint.PowerShell
Connect-SPOService -Url $SiteUrl
Import-Csv .\GroupMembers.csv |
ForEach-Object {
$member = $_.member
$site = Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Owner -like '$member'" | Select -ExpandProperty Url
Set-SPOUser -Site $Site -LoginName $Owner -IsSiteCollectionAdmin $true | Out-Null
Write-Output "Making $Owner an admin on $member's OneDrive Folder"
}
Write-output "Done..Removing temp csv file"
Start-Sleep -Seconds 4
Remove-Item .\GroupMembers.csv
#EdTech Network Manager, experienced in Microsoft 365, Server 2019, Intune, SCCM and anything inbetween.
Hi,
I’ve tried the following script and it doesnt seem to do anything?
Also do you know if theres a way of setting a security group to have admin permissions so i just have to update the security group and the user would get admin access to all the URL listed in the csv?
Connect-SPOService -Url https://YourTenant-admin.sharepoint.com
Import-Csv C:\Users\user\Desktop\OneDriveURLS.csv |
ForEach-Object {
$URL = $_.url
Set-SPOUser -Site $URL -LoginName Teacher@yourtenant.co.uk -IsSiteCollectionAdmin $true
Write-Host “Applying Permission on: ” $URL
Hi Lewis. Have you changed the values of your SP tenant URL and the location of the Import CSV to match your actual values?
Do you get an error message?
Hi,
This isnt working for me any ideas?
Connect-SPOService -Url https://test-admin.sharepoint.com
Import-Csv C:\Test.csv |
ForEach-Object {
$URL = $_.url
Set-SPOUser -Site $URL -LoginName testuser@t**t.co.uk -IsSiteCollectionAdmin $true
Write-Host “Applying Permission on: ” $URL
Can anyone see where I’m going wrong or know of any other way of doing this. I dont want to have to give this person access to each student account because we have alot.
thanks for your help