Table of Contents
PowerShell to the Rescue
A question was asked about how to add an administrator account to every Microsoft 365 Group in an Office 365 tenant to allow the administrator access to the content in all groups.
This is a straightforward operation with PowerShell. This code finds all the groups in a tenant and adds a nominated administrator account to the membership of each group as a member. Change the LinkType value to be “Owner” if you want the administrator to be a group owner. We also update the CustomAttribute14 property with a value that we can use later.
$AdminAccount = "Administrator@office365itpros.com"
Write-Host "Finding Groups..."
$Groups = (Get-Recipient -RecipientTypeDetails GroupMailbox -ResultSize Unlimited | Select DisplayName, Alias)
Write-Host "Processing" $Groups.Count "groups"
ForEach ($G in $Groups) {
Write-Host "Processing" $G.DisplayName
Add-UnifiedGroupLinks -Identity $G.Alias -LinkType Member -Links $AdminAccount
Set-UnifiedGroup -Identity $G.Alias -CustomAttribute14 "Admin"}
The code uses the Get-Recipient cmdlet instead of the Get-UnifiedGroup cmdlet to fetch a list of Microsoft 365 Groups. The reason why is that Get-Recipient is much faster at returning a simple set of group objects than Get-UnifiedGroup is because Exchange Online has less processing to perform. All we need is the group alias and displayname, so there’s no need to incur the overhead of Get-UnifiedGroup.
Handling New Groups
The code above is a one-time operation to process all the existing groups in the tenant. Of course, new groups will be created afterwards, and if we want the admin account to be The reason why we update CustomAttribute14 is to be able to find groups that are already processed because we don’t want to process them again. In fact, it wouldn’t make much difference if we ran the same code time after time because the Add-UnifiedGroupLinks cmdlet will complete and tell you that no settings of the group are changed if you try to add a member who already exists.
Applying a Filter
The code needed to find groups that are not yet processed adds a filter to exclude those where CustomAttribute14 is set to the value:
Get-Recipient -RecipientTypeDetails GroupMailbox -Filter {CustomAttribute14 -ne "Admin"} -ResultSize Unlimited
Replace the line in the original script with the line with the filter and you can find and update new groups.
One Script Does The Job
In fact, you could use the same script with the filter to do the job from the start as the first time it’s run, the filter will find all the groups in the tenant.
$AdminAccount = "Administrator@Office365itpros.com"
Write-Host "Finding Groups..."
$Groups = (Get-Recipient -RecipientTypeDetails GroupMailbox -Filter {CustomAttribute14 -ne "Admin" -ResultSize Unlimited | Select DisplayName, Alias)
Write-Host "Processing" $Groups.Count "groups"
ForEach ($G in $Groups) {
Write-Host "Processing" $G.DisplayName
Add-UnifiedGroupLinks -Identity $G.Alias -LinkType Member -Links $AdminAccount -ErrorAction SilentlyContinue
Set-UnifiedGroup -Identity $G.Alias -CustomAttribute14 "Admin"}
You’d need to set up a schedule to look for and update groups if you really want to make sure that administrators have access to all groups in the tenant, but that’s easily done.
Isn’t PowerShell wonderful?
For more information about using PowerShell to manage Office 365 Groups, read Chapters 13 and 14 of the Office 365 for IT Pros eBook.
2 Replies to “How to Add Admins to Every Microsoft 365 Group”