When performing eDiscovery searches for OneDrive for Business content within the Compliance & Security center, the account being used to perform the eDiscovery searches must have administrator rights to the OneDrive for Business (My Site) being searched. The article below provides a description of the permissions that are needed to perform eDiscovery searches for ODFB content and a script to add a secondary administrator for all ODFB sites.
There are several ways to accomplish this task. Listed above is a script that Microsoft wrote. The script is a point in time change. Any new OneDrive for Business sites will not have a secondary administrator until the script is executed again. The easiest way however, is to create an eDiscovery Group, and add the compliance and security officers and your legal team as members of the eDiscovery group. After adding the members to the eDiscovery group, navigate to the SharePoint Online admin > user profiles > Setup My Sites. Locate the My Site Secondary Admin section and add the eDiscovery group as the secondary admin and enable the My Site secondary admin option.
The eDiscovery group is added as a secondary site administrator to all newly created MySites after the site is created. (user profile > Manage User Profiles)
Why do I need another method
Another way to add a group as a secondary administrator is using PowerShell. There may be times where you want to add an eDiscovery group as a secondary administrator to only selected users. This can be accomplished by calling a CSV file within PowerShell.
CSV
Create a CSV file called Users.csv under C:\temp\ODFB
Within the user.csv file list the names of the end-users that will have the eDiscovery group added as a secondary administrator.
Results
Within the script search for domainname, adminaccount, and group name and update the script to reflect your organization configuration.
If you want to remove the permissions after adding them, you can change the IsSiteCollentionAdmin within the Set-SPOUser command from $true to $false:
set-SPOUser -Site $URL -LoginName $LoginName -IsSiteCollectionAdmin $falseNote: The script only works with groups and not users
Here are the results after running the script, the eDiscovery group will be added as administrator to the users within the CSV file.
Note: You need to install the SharePoint module on the computer that you are running the script on link.
Script
Import-Module Microsoft.online.sharepoint.powershell
Connect-SPOService -Url https://domainname-admin.sharepoint.com -credential
adminaccount # -https://technet.microsoft.com/en-us/library/FP161392.aspx
#Var
$URL1 = "https:// domainname-my.sharepoint.com/personal/"
#Import users
$path = "C:\temp\ODFB\Users.csv"
$csv = Import-csv -path $path
$admin = "group name"
#URL information for SharePoint online
foreach($Line in $CSV)
{
$User = $line.UPN
$UPN = ($User).Replace("@","_")
$URL2 = ($UPN).Replace(".","_")
$URL = "$URL1$URL2"
$Permissions = "c:0-.f|rolemanager|"
$LoginName = "$permissions$admin"
set-SPOUser -Site $URL -LoginName $LoginName -IsSiteCollectionAdmin $true
Write-Host "This is the site ---- $URL"
Write-Host "Permissions added to ----- $LoginName"
#Set-SPOSite -Identity $Url -Owner $UPN
}