ChangeBot’s PowerShell Activity – Set an AD Group as Site Collection Administrator

This post is the first in a series where we will look at how to accomplish certain tasks utilizing ChangeBot’s PowerShell Activity (available in ChangeBot Premium Edition).  ChangeBot already offers you 50 (70 if you use our ExCM product) activities to accomplish a plethora of site administration and user change request actions. If something you want to accomplish can’t be done via one of those activities, then the PowerShell activity can come to the rescue. 

With the combination of ChangeBot’s already powerful activities and the ability to run a PowerShell script as an activity – there really isn’t much that you can’t automate, audit, and run through a proper approval process, when utilizing ChangeBot. You might even have existing PowerShell scripts you need to occasionally run. Why not put official procedures around the process and let ChangeBot execute the PowerShell scripts via a user request form.


This first example will cover how to add an AD group as the secondary site collection administrator.  This is something you can’t even do in the manual process of creating site collections via Central Administration.  You can however accomplish this via PowerShell – and thus you can set it as part of your site collection provisioning request profile.

Let’s say you have a team of administrators in an AD group called SCAdmins that belongs to the AWBIKES domain.  The PowerShell script to add that group to a site called extranet.awbikes.com would be:

set-spsite -identity http://extranet.awbikes.com -secondaryowneralias "awbikes\scadmins"

You of course want this to happen during the processing of every new site collection so the url will always be different.  You will utilize the “Set Execution Property” activity to create a variable with the full url of the site so that you can use it in the PowerShell script. (note: this step may vary depending on your specific request profile, this example is utilizing the activities and properties present when using the default Site Collection request profile we ship with ChangeBot).
In the Set Execution Property you simply need to combine the WebApplicationURL and SiteUrl properties to create a new variable we will call FULLUrl.



With this in place you can now create the “Execute PowerShell” activity and place your script in the box utilizing the above created variable.  My example script is:

set-spsite -identity $Properties.FUllURL -secondaryowneralias "awbikes\scadmins"


Now when a new site collection is requested it will automatically assign your AD group properly every time.  That’s the power of ChangeBot.

Note: If you need to install the PowerShell Activities add-on see this page in our product documentation.