When performing eDiscovery searches for OneDrive for Business content within the Compliance & Security center, the account being used to perform the eDiscovery searches must have administrator rights to the OneDrive for Business (My Site) being searched. The article below provides a description of the permissions that are needed to perform eDiscovery searches for ODFB content and a script to add a secondary administrator for all ODFB sites.


There are several ways to accomplish this task. Listed above is a script that Microsoft wrote. The script is a point in time change. Any new OneDrive for Business sites will not have a secondary administrator until the script is executed again.  The easiest way however, is to create an eDiscovery Group, and add the compliance and security officers and your legal team as members of the eDiscovery group.  After adding the members to the eDiscovery group, navigate to the SharePoint Online admin > user profiles > Setup My Sites. Locate the My Site Secondary Admin section and add the eDiscovery group as the secondary admin and enable the My Site secondary admin option.

ODFB Second Admin 01

The eDiscovery group is added as a secondary site administrator to all newly created MySites after the site is created. (user profile > Manage User Profiles)


ODFB Second Admin 02

Why do I need another method

Another way to add a group as a secondary administrator is using PowerShell. There may be times where you want to add an eDiscovery group as a secondary administrator to only selected users. This can be accomplished by calling a CSV file within PowerShell.


Create a CSV file called Users.csv under C:\temp\ODFB

Within the user.csv file list the names of the end-users that will have the eDiscovery group added as a secondary administrator.

ODFB Second Admin 03


Within the script search for domainname, adminaccount, and group name and update the script to reflect your organization configuration.

If you want to remove the permissions after adding them, you can change the IsSiteCollentionAdmin within the Set-SPOUser command from $true to $false:

set-SPOUser -Site $URL -LoginName $LoginName -IsSiteCollectionAdmin $false

Note: The script only works with groups and not users

Here are the results after running the script, the eDiscovery group will be added as administrator to the users within the CSV file.

ODFB Second Admin 04

Note: You need to install the SharePoint module on the computer that you are running the script on link.


Import-Module Microsoft.online.sharepoint.powershell

Connect-SPOService -Url https://domainname-admin.sharepoint.com -credential
  adminaccount # -https://technet.microsoft.com/en-us/library/FP161392.aspx

$URL1 = "https:// domainname-my.sharepoint.com/personal/"

#Import users
$path = "C:\temp\ODFB\Users.csv"
$csv = Import-csv -path $path
$admin  =  "group name"

#URL information for SharePoint online
foreach($Line in $CSV)
  $User = $line.UPN
  $UPN = ($User).Replace("@","_")
  $URL2 = ($UPN).Replace(".","_")
  $URL = "$URL1$URL2"
  $Permissions = "c:0-.f|rolemanager|"
  $LoginName = "$permissions$admin"
  set-SPOUser -Site $URL -LoginName $LoginName -IsSiteCollectionAdmin $true
  Write-Host "This is the site ---- $URL"
  Write-Host "Permissions added to ----- $LoginName"
  #Set-SPOSite -Identity $Url -Owner $UPN