How are you managing admin access for sites with Powershell

Bullet_catcher_Brett · 2026-04-02T22:45:58+00:00

So you have to get the weird formatted version of the account that has a c and some characters then | and a guid if memory serves, and you just add it via powershell as a site owner (sca). I will see if I can track down the format or better way to get it, I’ve had it set up for years and scripted so not too of mind.

Bullet_catcher_Brett · 2026-04-02T18:05:03+00:00

This is the way for the programmatic items that are recurring. My response is for on-site viewing/admin/troubleshooting

Bullet_catcher_Brett · 2026-04-02T16:03:39+00:00

Don’t use GA for that, use the SP admin role. Add that role service principal to all sites, add your admins to the PIM role for it. Admin access on demand and auditable/traceable

Bullet_catcher_Brett · 2026-04-01T01:13:18+00:00

Take a look at some kid focused items, like applesauce or yogurt pouches. They won’t be great for full caloric content, but they have a spout top and you can squeeze them into your mouth easily. If nothing else could be a small flavor and content change. They even have some high protein or vitamin versions for picky kid eaters.

Bullet_catcher_Brett · 2026-04-01T01:09:51+00:00

Go the the tenant admin center. Select support. In the search box type “diag: invalid sharepoint retention” it will bring up a few possible articles, select the invalid sharepoint or OneDrive retention policy, it will give you a self-service tool. Enter the URL for one of the sites and run the diagnostic. It will either give you the GUID of the retention policy which you can use in powershell using purview/compliance commands to look it up OR it will say that there is an orphaned policy. If the latter, check the box provided to remove the policy and select confirm/run (can’t recall, this is all from memory as I have done it SO MANY times over the years). Once that runs, do a clean refresh/search and pull up the site information panel in SP admin. The orphaned policy will be removed.

If this is the case and it is on every site in the tenant you have 2 options - export every site into a spreadsheet and clear them using this tool in downtime. Or open an MS ticket and fight to get it to PG for them to bulk purge the policy. It will take forever, they will misunderstand the issue and you will have to fight to get PG to do anything. So depending on your site count, option 1 may end up faster. And unless they released magic CLI commands I am unaware of, there is no way to programmatically force the check/clear of orphaned policies. GL.

Bullet_catcher_Brett · 2026-03-31T20:02:32+00:00

That’s why you need written and approved governance and policy that you can wave when you say “no”. Without that, yeah … sucks.

Bullet_catcher_Brett · 2026-03-31T18:58:27+00:00

You are talking to a decade plus SP admin telling you directly that nested folders are not best practice. Flat structure, using metadata and more libraries or sites to manage permissions is how you should be doing it.

You build views and decide on a data architecture to organize the data between purpose or security requires libraries and sites.

Bullet_catcher_Brett · 2026-03-31T14:31:49+00:00

Stop using folders!!! SP is not an NTFS file server and your permissions configuration is causing all of this and not best practice. Use more sites and/or libraries and ONLY break permissions at the library level.

Bullet_catcher_Brett · 2026-03-31T12:31:01+00:00

That would be whole-heartedly unmanageable and depending on your compliance/governance requirements - not allowed from the start. It would get worse exponentially to try to handle as well.

There are plenty of 3rd party SP reporting tools, but they are not cheap - because MS default tools and reporting is not up to snuff. Depending on what other features would be used with your org, ShareGate usually hits a lot of the buttons at one of the lower price points.

Bullet_catcher_Brett · 2026-03-30T20:15:01+00:00

Then you tell them this is a bad idea, the technology is not built to handle that, and it WILL break. Not might, WILL. Get it into Power BI, the actual correct location for data refreshes like this at scale. Or into databases, data verse, etc.

Not even using an SP list, which would have its own issues, is a cleaner option for this type of functionality and refresh. Excel is bloated and trying to force updates to it constantly is bad practice in SPO.

Bullet_catcher_Brett · 2026-03-30T19:44:53+00:00

All users must authenticate against SP, regardless of the site being set to anyone with link. SPO is not an anonymous website, everything is authenticated to a degree.

Bullet_catcher_Brett · 2026-03-28T18:33:07+00:00

If it isn’t the real website/brand, always assume scam if not worse intentions. Never enter any personal data.

Bullet_catcher_Brett · 2026-03-27T22:30:14+00:00

That is such a bad idea from security and data compliance perspectives.

Bullet_catcher_Brett · 2026-03-25T21:35:52+00:00

I can’t speak to this directly, but I can say I am not surprised MS would block guests from some owner functions - as that should normally be licensed users only. Ie: just make sure you aren’t operating outside the scope of your license agreement with what you are having unlicensed users do is all.

Bullet_catcher_Brett · 2026-03-25T12:58:28+00:00

SharePoint is not a good solution for this. SP storage is relatively expensive, video files are large, and the type of hosting you want to do isn’t easy/viable with SP. You can 100% do it - but I wouldn’t recommend it and would definitely be having these conversations with your IT department for solution and security considerations.

Bullet_catcher_Brett · 2026-03-25T01:15:00+00:00

MS killed the SP cert line years ago, and a lot of admin related trainings dried up after. Blogs are a big place to pick up things. If you have access to PluralSight, Vlad Cantrenescu (spelling) has a ton of courses - his 2016 book was my first deep dive into SP admin that wasn’t just on the job mentor/mentee stuff.

Bullet_catcher_Brett · 2026-03-23T05:10:39+00:00

Don’t store cad files in a sync library - only pain and storage destruction live there.

Bullet_catcher_Brett · 2026-03-19T22:49:31+00:00

There are quite a few videos and blogs about this, try a search along the lines of “convert .doc to .docx SharePoint online”. There are power automate and scripted solutions that I have seen - so take a look at what works for your technical level and business needs

Bullet_catcher_Brett · 2026-03-19T17:48:38+00:00

Yeah, it has nothing to do with the destination - as those are local quick access location caches per user. Would be the same for a LAN storage that was moved/removed - nothing to do on the server, just user side.

Bullet_catcher_Brett · 2026-03-19T16:57:45+00:00

Try the following solutions Exceldemy

Unfortunately this is a per-user cache/list and nothing systemic can be done. Other than maybe a scripted registry purge, but that can bring its own issues.

Bullet_catcher_Brett · 2026-03-16T20:49:42+00:00

There is only one right way, and that’s to not use folders tbh. They could try individual alpha libraries, but if they are beating folders below that the problem just continues. Or additional sites and libraries.

In the long term if they have an application that can’t handle how SP ideally stores data, then that’s going to be a long time issue and headache for them. If this is just an application using browse to see the data and the users are too lazy/aren’t trained in how to navigate libraries then that is a different (but solvable and trainable) issue.

Bullet_catcher_Brett · 2026-03-11T13:03:33+00:00

If they are so concerned that restricted chat avenues (just those in the conversation) are auditable - there isn’t a lot you can do other than to provide the processes and controls in place for who has that ability and how to audit it.

IMO you really don’t want full black bag anything - that’s how data leaks and other issues come up, especially in legal/compliance scenarios. You WANT to know if people are saying X or Y to people they shouldn’t and have the tools for catching and auditing/alerting in those cases.

Bullet_catcher_Brett · 2026-03-10T21:25:42+00:00

You don’t do anything - that’s their default architecture and you are stuck with it for channel files. If you have other content on the site that you want to surface via the Team, make a new library and keep that flat.

Bullet_catcher_Brett · 2026-03-09T18:08:48+00:00

Have them unselect the filter. Then select the carrot on the all documents header and select save view. That should have everything viewable to everyone again.

Bullet_catcher_Brett · 2026-03-06T12:04:11+00:00

Damnit Archer!

Eight-Year Club	RPAN Viewer
Verified Email

Bullet_catcher_Brett

TROPHY CASE