To set the Primary and Secondary site collection administrators to an AD group, you need to use PowerShell and you must use the AD group's claims ID, which will be of the form "c:0+.w|SID". For example:
If you want to keep your existing Primary and Secondary site collection administrators, and just want to add an AD group as an additional site collection administrator, just do this:
After you execute this commandlet, if you then go CA > Application Management > Site Collections > Change site collection administrators, it will display but with the message:Set-SPSite "[URL]" -OwnerAlias "c:0+.w|s-1-5-21-1254545518-4216542334-3945668986-3788"
No exact match was found. Click the item(s) that did not resolve for more options.You can ignore this.
If you want to keep your existing Primary and Secondary site collection administrators, and just want to add an AD group as an additional site collection administrator, just do this:
In each case, you must use the claims ID of the AD group.$User = Get-SPUser -Web "[URL]" -Identity "c:0+.w|s-1-5-21-1254545518-4216542334-3945668986-3788" $User.IsSiteAdmin = $true $User.Update()
References
Notes
- To view a list of all site collection administrators that are not the primary or secondary, just do this:
$Web = Get-SPWeb "[URL]" $Web.SiteAdministrators | ft -auto
- If you see an error like this occurring when executing Get-SPUser:
Get-SPUser : You must specify a valid user object or user identity...
it's likely due to the user identity not yet being added to the web application or site. The Get-SPUser commandlet can only get an identity object that already exists within the web application indicated in the -Web parameter of this commandlet. Therefore, to resolve this problem, you first need to add the new user to the web application or site that you want to work with; and you do this using the New-SPUser commandlet. - I have found that setting the primary and secondary site collection administrators usually also adds them to the general site collection administrators group and they will appear when I go to Site Collection Administrators in Settings for the site collection. However, this is not always the case. Sometimes, when I set the primary and secondary via powershell, they do not appear in the general site collection administrators group. Why this is I don't know yet.
No comments:
Post a Comment