Archive for April, 2013

Updating SharePoint 2010 Site Collection Administrators Group using PowerShell

April 10, 2013 Leave a comment

I recently needed to update all users in the Site Collection Administrators group in my SharePoint 2010 Staging environment from using Claims Authentication to using NTLM.  This is because in our Production environment our authentication model is Kerberos/Claims and in our staging environment we are using NTLM/NTLM.  Every week I do a ‘data refresh’ through automation by copying over our production dbs to staging, however since the authentication model on production is using Claims, I cannot just log into my staging sites with NTLM, this needs to be updated.

Below is the script that adds a SecondaryOwnerAlias (Site Collection Admin) to every Site Collection Site Administrators group, and then removes any Site Collection owner using Claims Based Authentication (i.e user accounts that start with:  c:0+.w|) from the group.

I only update the Site Collection Administrators group because there are only a selected few who actually work in our staging environment, and its usually only Site Collection Admins who need access to the site to do their testing.


$WebApp = Get-SPWebApplication http://portal

foreach ($web in $WebApp | Get-SPSite -Limit All)

write-host $web.Url
Set-SPSite -Identity $web.Url -SecondaryOwnerAlias “DOMAIN\USER”
$siteAdmin = $web.RootWeb.SiteAdministrators
$RemoveSiteAdmin = $siteAdmin | Where {$_.UserLogin -like “*C:0+.w|*”}
$RemoveSiteAdmin.IsSiteAdmin = $false