Find what users have been assigned as Global Admins in Office 365 via PowerShell

I recently was presented with a question from a customer about why so many of their users received an email from the Microsoft Office 365 Team notifying them of the availability of Visio Pro for Office 365.  I had a hunch it was a bulk email sent to the Global Admins of the tenant but did not want to assume anything until I validated my thoughts.

I first accessed the user list through the Office 365 admin portal and filtered on “Global Admins” only to find that there were more than a page of users represented.  Really?!  That many for such a small subset of people?!  The list of those that received the email notification was the same list of users assigned as global admins in the tenant.  Well, if that is what is needed, who am I to recommend otherwise.

To validate the list shown in the portal of who has been assigned as an Office 365 Global Admin, connect to your Office 365 account via PowerShell from your admin workstation, not an Exchange server.

After connecting to Office 365, run the following two commands to be able to access the proper set of cmdlets that will render the correct information regarding what we are looking for.  The second of these commands will require you to enter your Office 365 credentials.

Import-Module MsOnline
Connect-MsolService

This next command will provide a list of Office 365 tenant roles–groups if you will.

Get-MsolRole

The results of the above command displays the objectID, name and description of each role.  You will notice from the display of roles that “Global Admins” is not present.  However, “Global Admins” is represented by “Company Administrator” via PowerShell.

We will use the ObjectID associated with the “Company Administrator” role to find out what Office 365 users have been assigned as global admins.

NOTE: The ObjectID for “Company Administrator” is unique to every Office 365 tenant.

Enter the following command with your ObjectID to get a list of users assigned as global admins.

Get-MsolRoleMember -RoleObjectId "ObjectID"

The results will provide a comprehensive list of those that have access to make changes to and administer your Office 365 tenant, and this list of users will also receive email notifications from the Microsoft Office 365 Team.  Check often and make modifications or corrections as needed to maintain the security of your tenant.

Additionally, the previous command above can be simplified if you choose not to search based on ObjectID but by role name instead by entering the following two commands to search for global admins in your tenant.

$O365ROLE = Get-MsolRole -RoleName “Company Administrator”

Get-MsolRoleMember -RoleObjectId $O365ROLE.ObjectId

Reference: http://www.dagint.com/2012/01/list-office-365-global-administrators-powershell-commands/

Good luck and have fun!

Advertisements

One thought on “Find what users have been assigned as Global Admins in Office 365 via PowerShell

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s