What should be the tenant admin url while creating SPO site collections in PnP PowerShell

1
votes

I am using PnP PowerShell commandlets to create Site collection in SPO. I understand that we need to first connect to Tenant admin site before creating site collections as below

$tenantadminUrl = "https://tenantname-admin.sharepoint.com"

Connect-PnPOnline -url $tenantadminUrl -UseWebLogin

New-PnPTenantSite -Owner $item.Owner -TimeZone $item.TimeZone -Title $item.Title -Url $siteUrl -Template $item.Template -Lcid $item.Locale -Wait

for adminUrl, can we also run the above code if the url is "https://tenantname.sharepoint.com" i.e. without "-admin" part in the url?

Sample code of PnP PowerShell in Github uses without "-admin" part in its url(Link: https://github.com/SharePoint/PnP-PowerShell/blob/master/Samples/Provisioning.CreateSitesFromCsv/CreateSites.ps1)

$adminurl1 = "https://tenantname-admin.sharepoint.com"

$adminurl2 = "https://tenantname.sharepoint.com"

which of the above two urls is valid tenantAdmin Url?

Thanks,

2
powershellsharepoint

2 Answers

1
votes

If you want to create site collection from the tenant, as willman's reply, the tenant admin url is "https://tenant-admin.sharepoint.com".

The following PnP PowerShell for your reference.

$tenantUrl="https://tenant-admin.sharepoint.com"
$siteOwner="[email protected]"
$siteTitle="contoso"
$siteUrl="/sites/contososite"
Connect-PnPOnline $tenantUrl -UseWebLogin

Write-Host "Provisioning site collection $siteUrl" -ForegroundColor Yellow
if(Get-PnPTenantSite | where-Object -FilterScript {$_.Url -eq $siteUrl}) 
{
    Write-Host "Site collection $siteUrl exists. Moving to the next one." -ForegroundColor Yellow
}
# Creates new site collection.
New-PnPTenantSite -Title $siteTitle -Url $siteUrl -Owner $siteOwner -TimeZone 4 -Template STS#0 -Lcid 1033
Write-Host "SiteCollection $siteUrl successfully created." -ForegroundColor Green
0
votes

Only the URL with the "-admin" is your tenantAdmin URL. You can connect to any site collection in your tenant to which have permissions using PowerShell (Connect-PnPOnline) and plenty of PowerShell commands that can be executed within those connections. However, there are certain SharePoint Admin level actions which can only be executed when you are connection to your "-admin" site. If you attempt to execute the New-PnPTenantSite command when you are connected to any site other than your "-admin" site, you will get 403 FORBIDDEN response, even if you are logged in as a SharePoint Administrator.

Look at it this way: In your web browser of choice, open your "tenantname-admin.sharepoint.com" site in one tab, then open your non-admin root "tenantname.sharepoint.com" in another tab. Notice how the "tenantname.sharepoint.com" appears as a "normal" SharePoint site collection? It may house your App Catalog and other centralized pieces of data, but it still running on a standard SharePoint site template. But your "tenantname-admin.sharepoint.com" opens the "SharePoint Admin Center", which, while it configures and interacts with your SharePoint sites, is not itself a SharePoint Site collection, but a specialized administrative interface.

While the documentation for PnP-Powershell will 'usually' warn you when you need to be connected to your "-admin" site, you can think of it this way -- if you were going to log in to the site through a browser and perform this action through the UI, would you have to log into your SharePoint Admin Center to do this action, or would you log into a specific SharePoint Site to perform this action. Thus, when you are executing PowerShell commands, the same rules apply.