0

Clone user permissions on SharePoint Online – Office 365

I had a request from one my clients to clone the permissions of one user to another for a SharePoint Online site.

I had created a simple PowerShell script that automates this process. It is a very common scenario when someone leaves the organization and somebody else takes that role or you want a backup for an employee and wants the same permissions to the backup person as well

It’s a simple task and I hope the following script comes in handy for you, Happy Scripting! You can also download the script from SPO_CloneUserPermissions.ps1


<#
.SYNOPSIS
Close user permissions of user to another in SharePoint Online

.AUTHOR
Susheel Dakoju

.DATE
04/21/2017

.DESCRIPTION
1. Fetch all the groups that the user is part of
2. Add ActualUser to the same groups

.Note
- This script requires admin privileges on the machine that is being executed on!
-
#>

#SharePoint online Admin site URL
$SPOAdmiURL = "https://yoursite-admin.sharepoint.com/"
$username = "username@onmicrosoft.com"
$password = "@@@@@@@@"

#Url of the SharePoint Online Site
$SPOSiteURL = 'https://yoursite.sharepoint.com/sites/test'

#User used as reference
$ReferenceUser = 'sdakoju@onmicrosoft.com'
#The actual user that needs to be added to Groups
$ActualUser = 'rkevin@onmicrosoft.com'

#Create a credential object
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $userName, $(convertto-securestring $Password -asplaintext -force)

#Connect to SharePoint Online using the credentials
Connect-SPOService -Url $SPOAdmiURL -Credential $cred

#Get the SharePoint Online Site Object
$site = Get-SPOSite $SPOSiteURL

#Get the user object of the reference user
$user = Get-SPOUser -Site $site -LoginName $ReferenceUser

#Loop through Groups and add the actual user
$user.Groups | Foreach-Object {

#Fetch Group Object that the reference user is part of
$group = Get-SPOSiteGroup -Site $site -Group $_

#Add 'ActualUser' to the same group that the reference user is part of
Add-SPOUser -Site $SPOSiteURL -LoginName $ActualUser -Group $group.LoginName

}

Note:

– It is assumed that you have SharePoint Online module installed on the machine you are running this script. If you do not have, please follow this link to download SharePoint Online Management Shell

– I had the following errors while running the script, I am jotting them here as they may be helpful for you.

Error 1:

  • Identity Client Runtime Library (IDCRL) could not look up the realm information for a federated sign-in. Or
  • The partner returned a bad sign-in name or password error. For more information, see Federation Error-handling Scenarios. Or
  • The ‘username’ argument is invalid. Or
  • The partner returned a bad sign-in name or password error. For more information, see Federation Error-handling Scenarios.

Solution:

  • I was using a wrong username. Please make sure you have right admin username and password for the SharePoint Online site that you are running against.

Error 2:

  • The site https://yoursite.sharepoint.com/sites/test/ is not properly formed

Solution:

  • There is a trailing slash at the end of the URL it should be ‘https://yoursite.sharepoint.com/sites/test’ and NOT ‘https://yoursite.sharepoint.com/sites/test/’